Re: whole disk encryption -- not prompting for passphrase
Hatta wrote:
> I appreciate all the pointers I've been given. I've looked pretty
> carefully
> at my initramfs, and I've mostly been able to fix it. I still have a few
> questions though.
>
> I did have to create an /etc/crypttab before updating the initramfs. I'm
> not quite sure how to recreate the configuration the debian installer
> did. The debian installer created a physical partition hda1 for /boot.
> It also created hda2, which would be encrypted. On hda2, it created a
> volume group 'debian' and 3 logical volumes, 'home', 'root', and 'swap_1'.
>
> So at this point, what should my crypttab look like? Since hda2 is the
> only encrypted partition, it should be the only line in /etc/crypttab
> right? I set
> up crypttab as follows:
>
> # <target name> <source device> <key file> <options>
> hda2_crypt /dev/hda2 none luks
>
>
> So I update my initramfs. To check I extracted the image to /tmp and
> inspected conf/conf.d/cryptroot. It looked like this:
>
> target=hda2_crypt,source=/dev/hda2,key=none,lvm=debian-root
>
> Does this look right? How did it know about the lvm volume debian-root?
> Is the target name important, other than being the name of the device
> created
> in /dev/mapper? Specifically, is it important that it is the same as it
> was when
> the debian installer set up the devices?
>
> Anyway, I reboot, and the messages look like this:
>
> Begin: Mounting root file system... ...
> Begin: Running /scripts/local-top ...
> device-mapper: uevent: version 1.0.3
> device-mapper: ioctl: 4.13.0-ioctl (2007-10-02) initialised:
> dm-devel@redhat.com
> Volume group "debian" not found
> Volume group "debian" not found
> Setting up cryptographic volume hda2_crypt (based on /dev/hda2)
> Enter LUKS passphrase:
>
> This is good, at least it's prompting me for a passphrase. I enter my
> passphrase, and
> it appears to work, but not quite perfectly. After I enter my
> passphrase it boots but
> I get this on the console:
>
> Starting early crypto disks...done.
> Setting up LVM Volume Groups Reading all physical volumes. This
> may take a while...
> Found volume group "debian" using metadata type lvm2
> Device '/dev/dm-0' has been left open.
> Device '/dev/dm-0' has been left open.
> 3 logical volumes in volume group "debian" now active
> .
> Starting remaining crypto disks...done.
>
> When I shutdown I get this:
>
> Unmounting local filesystems...done.
> Stopping remaining crypto disks...done.
> Shutting down LVM Volume Groups Can't deactivate volume group
> "debian" with 2 open logical volume(s)
> failed!
> Stopping early crypto disks...done.
>
> So my question is, why aren't those volumes correctly deactivated on
> shutdown? How does /dev/dm-0
> figure into this when I'm mounting /dev/mapper/debian-root as /? Can I
> safely ignore this message, or
> is closing these devices important? When I try to mount /dev/dm-0 it
> tells me "mount: unknown filesystem
> type 'lvm2pv'". /dev/dm-1, 2, and 3 are debian-root debian-swap_1 and
> debian-home respectively.
>
> Any hints, tips, suggestions on FMs to R are appreciated. I learned a
> lot already in this process. My
> next challenge is to resize my swap to match all the RAM I have now so I
> can s2disk safely.
I'm pretty sure that the crypt thing is not compatible with lvm. may be this
is the problem. I'm not 100% sure though. The problem could be related to
previous formatting and using lvm, or some cached information somewhere.
what does sudo fdisk -l /dev/hda looks like. how are your partitions marked
there (the Id field)
parted should help you resize I guess.
regards
Reply to: