Hello all, i am trying to encrypt my root file system using a gpg encrypted key stored on a usb flash. i incorporated my additional need into the standard initrd, including the keyrings. it works fine up to the point where gpg is started, it complains about being unable to open /dev/tty. exactly: cannot open /dev/tty no such file or address. my gpg line is mainly a "gpg -o /tmp/k --decrypt /mnt/key.gpg" for clarification: i have several usb-flash with a key, encrypted with gpg --encrypt for different users my initrd holds the keyring, users should enter their respective passphrase to boot the maschine. the key gets decrypted and written to a file on a tmpfs. then it is read by cryptsetup as passphrase for disk encryption. my goal is to be able to have several flash devices capable to decrypt the rootfs if the appropriate passphrase is known. on the other hand i dont want my users to be able to decrypt the key from their flash, even if they know the passphrase. and i want to be able to invalidate a flash, which i can to by deleteing the secret key from the initrd keyring. so it is necessary to have 3 things: flash device, passphrase and hands-on server access. i am not yet sure if i am doing everything right, so any advice is very appreciated. i am quite sure everything will work as soon as the tty problem is solved. i plan to release a patch to the mkinitrd script to automate the process. i googled for the tty problem and seemingly several people had it, but there was no solution, just workarounds. i checked the obvious thing, like having no /dev/tty entry (AFAIK initrd uses udev anyway?) , tried different mknod like mknod /dev/tty c 5 0, mknod /dev/tty c 4 0 ,mknod /dev/tty c 4 1, created /dev/tty1/2/3 ... even tried using bash instead nash. so i am out of options for now, and it is already 5:30 in the morning ;-) ANY advice is greatly appreciated, thanks for reading, SeBB
