Umm, you know the /boot partition has to be ext3? Grub cannot handle an
ext4 /boot. I know this has not a thing to do with encryption, but I
thought I'd ask just to be sure.
Bob
On 06/25/2009 08:23 PM, Brian Mearns wrote:
On Thu, Jun 25, 2009 at 5:20 PM, davide<lists4davide@xxxxxxxxx> wrote:
Il Thu, 25 Jun 2009 11:28:14 -0400, Brian Mearns ha scritto:
On Thu, Jun 25, 2009 at 11:03 AM, davide<lists4davide@xxxxxxxxx> wrote:
Brian Mearns<bmearns<at> ieee.org> writes:
Thanks for the response, Davide. /boot is a seperate, non-LVM
partition with its own ext3 fs. I know F11 has options for encrypting
during setup, but I've already got it set up, and would now like to go
back and switch over to an excrypted root filesystem without having to
reinstall. I think your suggestion of using a Live CD implies that I
would reinstall Fedora, which I don't want to do.
have you all the needed modules compiled into the kernel or into the
initrd? otherwise I would give a look at /etc/crypttab and /etc/fstab
Also, it's not grub asking for the root, I'm referring to the "root"
parameter for the kernel.
Yes, I think you mean the root parameter into the grub config, it is a
parameter for the kernel. I would suppose is used by the kernel to find
out where are modules and filesystem.
[clipped]
Thanks, again, Davide.
crypttab and fstab should be fine, as init is able to mount the device
correctly. I'm not sure if I have all the correct modules: I ran
mkinitrd with "--with=aes --with=sha256" and tried to boot using the
generated initrd.img, but perhaps there are additional modules I need?
Thanks,
thanks to Robert, I opened the init, I copy here the relevant part.
tell me if it helps, or I can try to investigate more deeply.
echo Creating block device nodes.
mkblkdevs
echo Creating character device nodes.
mkchardevs
echo "Loading dm-crypt module"
modprobe -q dm-crypt
echo "Loading aes module"
modprobe -q aes
echo "Loading cbc module"
modprobe -q cbc
echo "Loading sha256 module"
modprobe -q sha256
echo "Loading pata_acpi module"
modprobe -q pata_acpi
echo "Loading ata_generic module"
modprobe -q ata_generic
echo Making device-mapper control node
mkdmnod
modprobe scsi_wait_scan
rmmod scsi_wait_scan
mkblkdevs
[clipped]
I'm back home and can get some additional information about this.
Attempting to boot using the "crypto-initrd.img", which I generated
with "mkinitrd --with=aes --with=sha256" and specifying the
LUKS/cryptsetup encrypted drive for the kernel's "root" parameter, the
boot process gets to the point of asking me for a password, then
mentions a few things about an EXT4-fs (not sure which one, but no
error's reported here), then gives the following messages before
hanging:
SELinux: policydb magic number 0xffffe4f0 does not match expected
magic number 0xf97cff8c
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
I am able to restart the system uneventfully at this point by pressing
ctrl-alt-del.
Attempting to boot with the same initrd img, but specifying an
unecrypted partition for the kernel's "root" parameter, it all comes
up fine, but does still ask me for a password during boot.
I'm going to attempt to debug my initrd img, as suggested, but I'm not
sure how well I'll be able to understand the script. So if anyone has
any additional advice, I'd really appreciate it.
Thanks, again.
-Brian
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
