Re: whole disk encryption -- not prompting for passphrase
Andrew Reid wrote:
> On Monday 20 October 2008 19:13, Hatta wrote:
>> Yes, I have run 'update-initramfs -v -u -k 2.6.24-1-686'
>>
>> This had no effect.
Did you do it after you have booted from the encrypted system or not. I
suppose you did not get the dm_crypto module into the image. This is
because as far as I know initramfs reads the modules loaded at the moment,
but not quite sure though.
>>
>> I cannot find any documentation as to how the system is supposed to find
>> and
>> unencrypt encrypted drives. When in the boot process is the system
>> supposed to load these drives? What commands does it use? In what files
>> do those commands
>> reside? Where is the documentation for this stuff? All I can find are
>> HOWTOs,
>> which contain absolutely no theory, and so are absolutely useless for
>> troubleshooting.
This is the cryptosetup luksXXXX have a look at this project and you'll find
info about what's going on, which files etc etc.
The howtos are not for theory but for practical purpose - to get the job
done!
>>
>> Can *anybody* help me with this?
>
> I'm not sure how helpful this will be, but you can investigate from
> within busybox, within limits, of course -- the "mount" command is
> available, and you can step through the various start-up scripts in
> the initramfs. Try booting with "break=mount" as a kernel argument,
> and see how things look from inside -- this will dump you into
> busybox just before the root fs gets mounted. The kernel command
> line is in /proc/cmdline, so you can see if the bootloader maybe
> made hamburger out of your parameters.
>
> Failing that, you can unpack the initramfs (it's a cpio archive)
> onto a convenient system and step through the boot process manually --
> almost everything in there is a shell script, and I think they start with
> /sbin/init, or something equally obvious.
It is /init (from the initramfs point of view)
>
> The initramfs's search strategy has got to be in there, and I bet
> it's not complicated. I recently untangled some net-booting issues
> this way.
>
> -- A.
For me the update-initram process worked on debian (lenny) but not on
kubuntu (hardy). I didn't have time to investigate. It also is not working
with the second encrypted partition on boot time, it prompts when going
trough rcS
I do
cd /tmp && mkdir test && cd test
zcat /boot/initrd.img-XXXXX | cpio -H newc -i
edit what I have to edit i.e.
-----------
maybe_break mount
log_begin_msg "Mounting root file system"
. /scripts/${BOOT}
parse_numeric ${ROOT}
maybe_break mountroot
mountroot
cryptsetup luksOpen /dev/sda7 data &&\
mount -t ext3 /dev/mapper/data /root/data
log_end_msg
-----------
and pack again
find . ! -name *~ | cpio -H newc --create | gzip -9 > /boot/initrd.img-XXXXX
regards
Reply to: