Re: Encrypted Root with F11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 25, 2009 at 5:20 PM, davide<lists4davide@xxxxxxxxx> wrote:
> Il Thu, 25 Jun 2009 11:28:14 -0400, Brian Mearns ha scritto:
>
>> On Thu, Jun 25, 2009 at 11:03 AM, davide<lists4davide@xxxxxxxxx> wrote:
>>> Brian Mearns <bmearns <at> ieee.org> writes:
>>>
>>>
>>>> Thanks for the response, Davide. /boot is a seperate, non-LVM
>>>> partition with its own ext3 fs. I know F11 has options for encrypting
>>>> during setup, but I've already got it set up, and would now like to go
>>>> back and switch over to an excrypted root filesystem without having to
>>>> reinstall. I think your suggestion of using a Live CD implies that I
>>>> would reinstall Fedora, which I don't want to do.
>>>
>>> have you all the needed modules compiled into the kernel or into the
>>> initrd? otherwise I would give a look at /etc/crypttab and /etc/fstab
>>>
>>>
>>>
>>>> Also, it's not grub asking for the root, I'm referring to the "root"
>>>> parameter for the kernel.
>>>
>>> Yes, I think you mean the root parameter into the grub config, it is a
>>> parameter for the kernel. I would suppose is used by the kernel to find
>>> out where are modules and filesystem.
>> [clipped]
>>
>> Thanks, again, Davide.
>>
>> crypttab and fstab should be fine, as init is able to mount the device
>> correctly. I'm not sure if I have all the correct modules: I ran
>> mkinitrd with "--with=aes --with=sha256" and tried to boot using the
>> generated initrd.img, but perhaps there are additional modules I need?
>>
>> Thanks,
>
> thanks to Robert, I opened the init, I copy here the relevant part.
> tell me if it helps, or I can try to investigate more deeply.
>
>
> echo Creating block device nodes.
> mkblkdevs
> echo Creating character device nodes.
> mkchardevs
> echo "Loading dm-crypt module"
> modprobe -q dm-crypt
> echo "Loading aes module"
> modprobe -q aes
> echo "Loading cbc module"
> modprobe -q cbc
> echo "Loading sha256 module"
> modprobe -q sha256
> echo "Loading pata_acpi module"
> modprobe -q pata_acpi
> echo "Loading ata_generic module"
> modprobe -q ata_generic
> echo Making device-mapper control node
> mkdmnod
> modprobe scsi_wait_scan
> rmmod scsi_wait_scan
> mkblkdevs
[clipped]

I'm back home and can get some additional information about this.
Attempting to boot using the "crypto-initrd.img", which I generated
with "mkinitrd --with=aes --with=sha256" and specifying the
LUKS/cryptsetup encrypted drive for the kernel's "root" parameter, the
boot process gets to the point of asking me for a password, then
mentions a few things about an EXT4-fs (not sure which one, but no
error's reported here), then gives the following messages before
hanging:

SELinux:  policydb magic number 0xffffe4f0 does not match expected
magic number 0xf97cff8c
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff

I am able to restart the system uneventfully at this point by pressing
ctrl-alt-del.

Attempting to boot with the same initrd img, but specifying an
unecrypted partition for the kernel's "root" parameter, it all comes
up fine, but does still ask me for a password during boot.

I'm going to attempt to debug my initrd img, as suggested, but I'm not
sure how well I'll be able to understand the script. So if anyone has
any additional advice, I'd really appreciate it.

Thanks, again.
-Brian


-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux