Re: yaird, kernel 2.6.17 and dm-crypted disks

To: debian-laptop@lists.debian.org
Subject: Re: yaird, kernel 2.6.17 and dm-crypted disks
From: Dave Patterson <sdpatt2@gmail.com>
Date: Thu, 13 Jul 2006 13:55:49 +0700
Message-id: <[🔎] 20060713065549.GA12109@davescrunch>
Mail-followup-to: debian-laptop@lists.debian.org
In-reply-to: <[🔎] 200607130012.36543.ml@mixi.cz>
References: <[🔎] 200607121456.55475.ml@mixi.cz> <[🔎] 20060712143248.GA16362@creature.apm.etc.tu-bs.de> <[🔎] 200607130012.36543.ml@mixi.cz>

* Miroslav Maiksnar <ml@mixi.cz> [2006-07-13 00:12:36 +0200]:

 
> Problems with /etc/crypttab are:
> 1) I'm not using it at all, because it is located on encrypted partition and 
> at the moment, when it become accessible is everything already set up.
> 2) when I setup information in crypttab according to my needs, i got message 
> "yaird error: encrypted device 'root' has keyfile specified 
> in /etc/crypttab:6. This is not supported. (fatal)". And after some RTFM I 
> found "If the source of the passphrase is something other than the console, 
> abort. There are too many variables to support this reliably."

Correct.  YAIRD doesn't want to mess up your system.  This is a feature,
not a bug.

Consider this: If your system will boot from USB (sometimes that's a hidden
option - access your BIOS with a USB stick inserted to find out), why not put
the contents of /boot on the stick and do install grub to the MBR of the
stick?

The configuration change could be accomplished via the chroot jail as
earlier mentioned.  Your /etc/fstab on the final system would look
something like this:

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc           		/proc   proc   		defaults        0       0
/dev/mapper/vgdc-lvroot /       ext3    	defaults,errors=remount-ro
0       1
/dev/mapper/vgdc-lvusr	/usr	reiserfs	defaults	0	2
/dev/mapper/vgdc-lvvar	/var	reiserfs	defaults	0	2
/dev/mapper/vgdc-lvhome	/home	reiserfs	defaults	0	2
/dev/mapper/vgdc-lvtmp	/tmp	ext3		defaults	0	2
/dev/mapper/swap	none	swap		sw		0	0
# /dev/sda1	/boot		ext2		defaults	0	2

/etc/crypttab like this:

# <target name>	<source device>		<key file>	<options>
davescrunch /dev/hda5 none cipher=blahblahblah
swap /dev/hda2 /etc/keys/swapkey cipher=blahblahblah

The stick normally is not mounted at boot, only when you want to do a
kernel change by uncommenting the /dev/sda1 line and doing:

# mount /dev/sda1

the key is removed from the usbplug when the passphrase is asked for (this
indicates the kernel and ramdisk are loaded anyway).  Pull the key, type
passphrase, machine boots all crypted devices unlocked.  The entire system
is encrypted.

Been using this with yaird for quite some time now...

-- 
Cheers,

  Dave

Reply to:

References:
- yaird, kernel 2.6.17 and dm-crypted disks
  - From: Miroslav Maiksnar <ml@mixi.cz>
- Re: yaird, kernel 2.6.17 and dm-crypted disks
  - From: Michael Olbrich <michael.olbrich@gmx.net>
- Re: yaird, kernel 2.6.17 and dm-crypted disks
  - From: Miroslav Maiksnar <ml@mixi.cz>

Prev by Date: Re: yaird, kernel 2.6.17 and dm-crypted disks
Next by Date: Re: yaird, kernel 2.6.17 and dm-crypted disks
Previous by thread: Re: yaird, kernel 2.6.17 and dm-crypted disks
Next by thread: Re: yaird, kernel 2.6.17 and dm-crypted disks
Index(es):
- Date
- Thread