On Thu, Jun 25, 2009 at 8:23 PM, Brian Mearns<bmearns@xxxxxxxx> wrote: > On Thu, Jun 25, 2009 at 5:20 PM, davide<lists4davide@xxxxxxxxx> wrote: >> Il Thu, 25 Jun 2009 11:28:14 -0400, Brian Mearns ha scritto: >> >>> On Thu, Jun 25, 2009 at 11:03 AM, davide<lists4davide@xxxxxxxxx> wrote: >>>> Brian Mearns <bmearns <at> ieee.org> writes: >>>> >>>> >>>>> Thanks for the response, Davide. /boot is a seperate, non-LVM >>>>> partition with its own ext3 fs. I know F11 has options for encrypting >>>>> during setup, but I've already got it set up, and would now like to go >>>>> back and switch over to an excrypted root filesystem without having to >>>>> reinstall. I think your suggestion of using a Live CD implies that I >>>>> would reinstall Fedora, which I don't want to do. >>>> >>>> have you all the needed modules compiled into the kernel or into the >>>> initrd? otherwise I would give a look at /etc/crypttab and /etc/fstab >>>> >>>> >>>> >>>>> Also, it's not grub asking for the root, I'm referring to the "root" >>>>> parameter for the kernel. >>>> >>>> Yes, I think you mean the root parameter into the grub config, it is a >>>> parameter for the kernel. I would suppose is used by the kernel to find >>>> out where are modules and filesystem. >>> [clipped] >>> >>> Thanks, again, Davide. >>> >>> crypttab and fstab should be fine, as init is able to mount the device >>> correctly. I'm not sure if I have all the correct modules: I ran >>> mkinitrd with "--with=aes --with=sha256" and tried to boot using the >>> generated initrd.img, but perhaps there are additional modules I need? >>> >>> Thanks, >> >> thanks to Robert, I opened the init, I copy here the relevant part. >> tell me if it helps, or I can try to investigate more deeply. >> >> >> echo Creating block device nodes. >> mkblkdevs >> echo Creating character device nodes. >> mkchardevs >> echo "Loading dm-crypt module" >> modprobe -q dm-crypt >> echo "Loading aes module" >> modprobe -q aes >> echo "Loading cbc module" >> modprobe -q cbc >> echo "Loading sha256 module" >> modprobe -q sha256 >> echo "Loading pata_acpi module" >> modprobe -q pata_acpi >> echo "Loading ata_generic module" >> modprobe -q ata_generic >> echo Making device-mapper control node >> mkdmnod >> modprobe scsi_wait_scan >> rmmod scsi_wait_scan >> mkblkdevs > [clipped] > > I'm back home and can get some additional information about this. > Attempting to boot using the "crypto-initrd.img", which I generated > with "mkinitrd --with=aes --with=sha256" and specifying the > LUKS/cryptsetup encrypted drive for the kernel's "root" parameter, the > boot process gets to the point of asking me for a password, then > mentions a few things about an EXT4-fs (not sure which one, but no > error's reported here), then gives the following messages before > hanging: > > SELinux: policydb magic number 0xffffe4f0 does not match expected > magic number 0xf97cff8c > request_module: runaway loop modprobe binfmt-ffff > request_module: runaway loop modprobe binfmt-ffff > request_module: runaway loop modprobe binfmt-ffff > request_module: runaway loop modprobe binfmt-ffff > request_module: runaway loop modprobe binfmt-ffff > > I am able to restart the system uneventfully at this point by pressing > ctrl-alt-del. > > Attempting to boot with the same initrd img, but specifying an > unecrypted partition for the kernel's "root" parameter, it all comes > up fine, but does still ask me for a password during boot. > > I'm going to attempt to debug my initrd img, as suggested, but I'm not > sure how well I'll be able to understand the script. So if anyone has > any additional advice, I'd really appreciate it. > > Thanks, again. > -Brian [clipped] Well, I opened my initrd init-script, but very little of it means anything to me. Davide indicated a certain section in his script as relevant, so I've included that section of mine. It's a bit different, but I'm not sure if that's relevant: ############################################### echo Creating block device nodes. mkblkdevs echo Creating character device nodes. mkchardevs echo "Loading aes module" modprobe -q aes echo "Loading cbc module" modprobe -q cbc echo "Loading sha256 module" modprobe -q sha256 echo "Loading sata_nv module" modprobe -q sata_nv echo "Loading pata_acpi module" modprobe -q pata_acpi echo "Loading ata_generic module" modprobe -q ata_generic echo "Loading dm-crypt module" modprobe -q dm-crypt echo Making device-mapper control node mkdmnod modprobe scsi_wait_scan rmmod scsi_wait_scan mkblkdevs echo Scanning logical volumes ############################################### So if this means anything to anybody and they can give me any help on how to proceed, I'd super appreciate it. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
