encrypted fs, ensure pw correct to continue boot?

To: debian-user@lists.debian.org
Subject: encrypted fs, ensure pw correct to continue boot?
From: "Douglas A. Tutty" <dtutty@vianet.ca>
Date: Thu, 27 Nov 2008 00:25:02 -0500
Message-id: <[🔎] 20081127052502.GA12171@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org

Hello all,

I have encrypted partitions on my new box (/home, swap, (tmp on tmpfs),
/var/local, /var/tmp).  The cryptsetup initscripts prompt for the
passphrase during boot.  If you type the wrong passphrase, it says that
it didn't work but the boot continues anyway.  

I'd like the boot to stop (perhaps doing an immediate reboot) rather
than continuing.  The cryptdisks set up happens at
/etc/rcS.d/S26cryptdisks-early and S28cryptdisks, inbetween
S25libdevmapper1.02 and S30checkfs.sh.

Would it make sense to insert an initscript at say S29 that verifies
somehow that the passwords were correct and forces a reboot if not?  I'd
have to single step (from init=/bin/sh) through these and check what
happens in /dev at each point to see exactly what to test.

What is prompting this is that during testing, I had done a shutdown -rF
now, and mis-typed the passphrase on boot-up.  It seemed like e2fsck
went ahead and tried to "fix" the undecrypted partition and hosed it.  I
don't want to try to repeat this to make sure that this is what
happened, so this is an unsubstantiated suspicion only.

In any event, I'd rather have the machine reboot than boot with a
missing partition (e.g. everything but /var/tmp or /home).

Doug.

Reply to:

Prev by Date: Re: udev causing data loss?
Next by Date: Re: Dhcp problem...what is the msitake?
Previous by thread: Re: x11vnc java error
Next by thread: Re: testing email from Damon Chesser, debian-user list
Index(es):
- Date
- Thread