Re: whole disk encryption -- not prompting for passphrase

To: debian-user@lists.debian.org
Subject: Re: whole disk encryption -- not prompting for passphrase
From: Emanoil Kotsev <deloptes@yahoo.com>
Date: Sat, 25 Oct 2008 22:43:23 +0200
Message-id: <[🔎] ge00db$ppa$1@ger.gmane.org>
Reply-to: deloptes@yahoo.com
References: <[🔎] 48FBC2DD.9080806@fastmail.fm> <[🔎] gdhg0h$aap$1@ger.gmane.org> <[🔎] 48FD1088.4060201@fastmail.fm> <[🔎] 200810222120.54373.reidac@bellatlantic.net>

Andrew Reid wrote:

> On Monday 20 October 2008 19:13, Hatta wrote:
>> Yes, I have run 'update-initramfs -v -u -k 2.6.24-1-686'
>>
>> This had no effect.

Did you do it after you have booted from the encrypted system or not. I
suppose you did not get the dm_crypto module into the image. This is
because as far as I know initramfs reads the modules loaded at the moment,
but not quite sure though.

>>
>> I cannot find any documentation as to how the system is supposed to find
>> and
>> unencrypt encrypted drives.  When in the boot process is the system
>> supposed to load these drives?  What commands does it use?  In what files
>> do those commands
>> reside?  Where is the documentation for this stuff?  All I can find are
>> HOWTOs,
>> which contain absolutely no theory, and so are absolutely useless for
>> troubleshooting.

This is the cryptosetup luksXXXX have a look at this project and you'll find
info about what's going on, which files etc etc.

The howtos are not for theory but for practical purpose - to get the job
done!

>>
>> Can *anybody* help me with this?
> 
>   I'm not sure how helpful this will be, but you can investigate from
> within busybox, within limits, of course -- the "mount" command is
> available, and you can step through the various start-up scripts in
> the initramfs.  Try booting with "break=mount" as a kernel argument,
> and see how things look from inside -- this will dump you into
> busybox just before the root fs gets mounted.  The kernel command
> line is in /proc/cmdline, so you can see if the bootloader maybe
> made hamburger out of your parameters.
> 
>   Failing that, you can unpack the initramfs (it's a cpio archive)
> onto a convenient system and step through the boot process manually --
> almost everything in there is a shell script, and I think they start with
> /sbin/init, or something equally obvious.

It is /init (from the initramfs point of view)

> 
>   The initramfs's search strategy has got to be in there, and I bet
> it's not complicated.  I recently untangled some net-booting issues
> this way.
> 
> -- A.

For me the update-initram process worked on debian (lenny) but not on
kubuntu (hardy). I didn't have time to investigate. It also is not working
with the second encrypted partition on boot time, it prompts when going
trough rcS

I do 

cd /tmp && mkdir test && cd test
zcat /boot/initrd.img-XXXXX | cpio -H newc -i

edit what I have to edit i.e.
-----------
maybe_break mount
log_begin_msg "Mounting root file system"
. /scripts/${BOOT}
parse_numeric ${ROOT}
maybe_break mountroot
mountroot
cryptsetup luksOpen /dev/sda7 data &&\
mount -t ext3 /dev/mapper/data /root/data
log_end_msg
-----------

and pack again

find . ! -name *~ | cpio -H newc --create | gzip -9 > /boot/initrd.img-XXXXX

regards

Reply to:

References:
- whole disk encryption -- not prompting for passphrase
  - From: Hatta <hatta00@fastmail.fm>
- Re: whole disk encryption -- not prompting for passphrase
  - From: Emanoil Kotsev <deloptes@yahoo.com>
- Re: whole disk encryption -- not prompting for passphrase
  - From: Hatta <hatta00@fastmail.fm>
- Re: whole disk encryption -- not prompting for passphrase
  - From: Andrew Reid <reidac@bellatlantic.net>

Prev by Date: Re: mail and web start in offline mode
Next by Date: Re: Changes to vim, how to undo
Previous by thread: Re: whole disk encryption -- not prompting for passphrase
Next by thread: [OT] Learning MIPS ISA using GCC and Debian
Index(es):
- Date
- Thread