nash initrd for root encryption with gpg -> cannot open /dev/tty no such file or address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello all,

i am trying to encrypt my root file system using a gpg encrypted key
stored on a usb flash.
i incorporated my additional need into the standard initrd, including
the keyrings.
it works fine up to the point where gpg is started, it complains about
being unable to open /dev/tty.

exactly: cannot open /dev/tty no such file or address.

my gpg line is mainly a "gpg -o /tmp/k --decrypt /mnt/key.gpg"

for clarification: i have several usb-flash with a key, encrypted with
gpg --encrypt for different users
my initrd holds the keyring, users should enter their respective
passphrase to boot the maschine.
the key gets decrypted and written to a file on a tmpfs. then it is read
by cryptsetup as passphrase for disk encryption.

my goal is to be able to have several flash devices capable to decrypt
the rootfs if the appropriate passphrase is known.
on the other hand i dont want my users to be able to decrypt the key
from their flash, even if they know the passphrase.
and i want to be able to invalidate a flash, which i can to by deleteing
the secret key from the initrd keyring.
so it is necessary to have 3 things: flash device, passphrase and
hands-on server access.

i am not yet sure if i am doing everything right, so any advice is very
appreciated. i am quite sure everything will work as soon as the tty
problem is solved. i plan to release a patch to the mkinitrd script to
automate the process.

i googled for the tty problem and seemingly several people had it, but
there was no solution, just workarounds.
i checked the obvious thing, like having no /dev/tty entry (AFAIK
initrd uses udev anyway?) , tried different mknod like
mknod /dev/tty c 5 0, mknod /dev/tty c 4 0 ,mknod /dev/tty c 4 1,
created /dev/tty1/2/3 ... even tried using bash instead nash.

so i am out of options for now, and it is already 5:30 in the morning ;-)

ANY advice is greatly appreciated,

thanks for reading,

SeBB


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux