Bug#247054: Crypto-root patch updated to initrd-tools 0.1.70
On Mon, Jun 07, 2004 at 09:24:28PM +1000, Herbert Xu wrote:
> I simply do echo 4 > /proc/acpi/sleep.
Wow! That worked!
I just made my swap partition use the same key as my root filesystem.
Then I turned back on the swap support (restored the line I removed).
Then I quit X, ran your command, and told grub 'resume=/dev/mapper/swap'...
... and it worked!
So, swsusp and cryptoroot/cryptoswap is good to go. =)
... users just need to use the same key for root and swap.
On another note, my X never survives the reboot (nvidia), but I suspect that
has nothing to do with the cryptoroot stuff.
Anyways, cool!
I've attached this version of my patch.
I also attached the /script which gets generated on my system.
As always, /dev/muffin is my LVM2 group and /dev/mapper is not. =)
Please note that this makes /keyscripts even more necessary since these
scripts must get run twice -- once for each device (swap+root).
--
Wesley W. Terpstra
--- mkinitrd.orig 2004-06-05 22:54:52.000000000 +0200
+++ mkinitrd.mine 2004-06-07 12:08:25.000000000 +0200
@@ -321,8 +321,90 @@
fi
}
+dmcrypt() {
+ local cipher_mode devname submajor subminor
+
+ if ! command -v cryptsetup > /dev/null 2>&1; then
+ echo Root is on a DM crypt device, but cryptsetup not installed >&2
+ fi
+
+ cipher_mode=$(dmsetup table $dmname | cut -d" " -f4)
+
+ echo dm-crypt
+ echo $cipher_mode | cut -d- -f1
+
+ devname=$(grep -m 1 "^$dmname[[:space:]]" /etc/crypttab | sed 's/^[^[:space:]]*[[:space:]]\([^[:space:]]*\).*/\1/')
+ if [ ! -b ${devname:-/dev/null} ]; then
+ echo \'$dmname\' does not have a valid block device in /etc/crypttab >&2
+ exit 1
+ fi
+
+ eval "$(stat -c 'submajor=$((0x%t)); subminor=$((0x%T))' $(readlink -f "$devname"))"
+
+ if [ $submajor != $(dmsetup deps $dmname | sed 's/^.*(\([0-9]*\), \([0-9]*\))$/\1/') \
+ -o $subminor != $(dmsetup deps $dmname | sed 's/^.*(\([0-9]*\), \([0-9]*\))$/\2/') ]; then
+ echo /etc/crypttab entry for \'$dmname\' does not agree with dmsetup >&2
+ exit 1
+ fi
+
+ getroot $devname
+
+ cat <<EOF >&5
+mount_tmpfs dev2
+
+save_rootdev="\$rootdev"
+save_ROOT="\$ROOT"
+rootdev=$(($submajor*256+$subminor))
+ROOT="$devname"
+get_device
+rootdev="\$save_rootdev"
+ROOT="\$save_ROOT"
+
+export device
+export dmname="$dmname"
+export cipher_mode="$cipher_mode"
+for i in /keyscripts/*; do
+ [ -f "\$i" ] || continue
+ case "\$i" in
+ *.sh)
+ (. \$i)
+ ;;
+ *)
+ \$i
+ ;;
+ esac
+done
+[ -b /dev/mapper/\$dmname ] || \\
+ /sbin/cryptsetup -c \$cipher_mode create \$dmname \$device
+
+umount -n dev2
+EOF
+ {
+ echo /sbin/cryptsetup
+ echo /lib/libdevmapper.so.1.00
+ echo /lib/libpopt.so.0
+ } >&6
+}
+
dm() {
- if command -v lvmiopversion > /dev/null 2>&1; then
+ local dmname
+
+ if ! command -v dmsetup > /dev/null 2>&1; then
+ echo Root is on a DM device, but dmsetup not installed >&2
+ exit 1
+ fi
+
+ dmdev=$(printf "(%d, %d)" $major $minor)
+
+ if ! dmsetup ls | grep -q "$dmdev\$"; then
+ echo Unknown DM device $major:$minor >&2
+ exit 1
+ fi
+
+ dmname=$(dmsetup ls | grep "$dmdev\$" | sed 's/^\([^[:space:]]*\).*$/\1/')
+ if dmsetup table $dmname | grep -q crypt; then
+ dmcrypt
+ elif command -v lvmiopversion > /dev/null 2>&1; then
lvm
elif [ ! -x /etc/mkinitrd/scripts/evms ]; then
echo Unknown DM device $major:$minor >&2
@@ -1078,7 +1160,7 @@
mv script initrd
cd initrd
- mkdir -p dev2 devfs etc mnt proc scripts sys tmp var
+ mkdir -p dev2 devfs etc keyscripts mnt proc scripts sys tmp var
> etc/mtab
unload_unused_ide '' serverworks via82cxxx sis5513 amd74xx cy82c693 ns87415 opti621 pdc202xx_new pdc202xx_old atiixp triflex sc1200 cs5520 cs5530 generic slc90e66 rz1000 piix cmd64x hpt366 hpt34x alim15x3 trm290 aec62xx siimage
mkdir /devfs/muffin
mount_tmpfs /var
if [ -f /etc/lvm/lvm.conf ]; then
cat /etc/lvm/lvm.conf > /var/lvm.conf
fi
mount_tmpfs /etc/lvm
if [ -f /var/lvm.conf ]; then
cat /var/lvm.conf > /etc/lvm/lvm.conf
fi
mount -nt devfs devfs /dev
vgchange -a y
umount /dev
umount -n /var
umount -n /etc/lvm
mount_tmpfs dev2
save_rootdev="$rootdev"
save_ROOT="$ROOT"
rootdev=65024
ROOT="/dev/muffin/swap"
get_device
rootdev="$save_rootdev"
ROOT="$save_ROOT"
export device
export dmname="swap"
export cipher_mode="aes-plain"
for i in /keyscripts/*; do
[ -f "$i" ] || continue
case "$i" in
*.sh)
(. $i)
;;
*)
$i
;;
esac
done
[ -b /dev/mapper/$dmname ] || \
/sbin/cryptsetup -c $cipher_mode create $dmname $device
umount -n dev2
ROOT=/dev/mapper/root
mount_tmpfs dev2
save_rootdev="$rootdev"
save_ROOT="$ROOT"
rootdev=65025
ROOT="/dev/muffin/root"
get_device
rootdev="$save_rootdev"
ROOT="$save_ROOT"
export device
export dmname="root"
export cipher_mode="aes-plain"
for i in /keyscripts/*; do
[ -f "$i" ] || continue
case "$i" in
*.sh)
(. $i)
;;
*)
$i
;;
esac
done
[ -b /dev/mapper/$dmname ] || \
/sbin/cryptsetup -c $cipher_mode create $dmname $device
umount -n dev2
Reply to: