Re: LVM2 logical volumes on Loop-AES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 15 Aug 2007 20:06:32 +0300
Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> wrote:

> Fog_Watch wrote:
> > I am aiming to boot from logical volumes that are attached to
> > an encrypted /dev/loop which is in turn attached to a /dev/hda.
> > I hope to have all but /boot encrypted, yet retain the flexibility
> > of lvm2. To date I have failed.
> > 
snip
 
> One of the config options in build-initrd.sh is USEROOTSETUP. If you
> set that to USEROOTSETUP=1 , 
Done
> then created initrd will mount BOOTDEV
/dev/hda1
> as /lib, and run /lib/rootsetup program or script instead
> of /lib/losetup program. If /lib/rootsetup is a shell script, then a
> shell (and its libraries) must be manually copied to boot partition.
I am using a script along the lines you suggested.  The shell I chose
was dash (static), which was copied to /boot.
> The script then sets up needed logical volume and calls losetup to do
> the loop setup work. rootsetup program/script needs to able to both
> set up a device and also tear it down (in case mount fails, and mount
> is tried again). rootsetup program/script gets same command line
> parameters as losetup. In following example all command line
> parameters are ignored, with exception of first one that used to
> determine whether the script should set up a loop device or tear it
> down. 
I'm not understanding this bit.  The script (rootsetup) tests for
"-d", but I don't know where this parameter is set.

And, the parameters "-e AES128 -K /lib/rootkey.gpg -G /lib /dev/loop5"
in the following rootsetup are ignored.  I don't know why they are
there.
> Initrd image has only few static device nodes. Additional
> needed device nodes need to be created by the script. 
My encrypted partition is /dev/hda6.  Does that mean that my rootsetup
script should include "mknod /dev/hda6 b 3 6" (wild guess)?  
> Any external
> program that the script uses (and their libraries) you need to
> manually copy to boot partition.
copied in lvm, mknod and dash to /boot.  Apparently no additional
libraries required.
> 
> Something like this: (completely untested!)
> 
> #!/lib/sh
> if [ "$1" != "-d" ] ; then
>     # INSERT LOGICAL VOLUME SETUP HERE
>     /lib/losetup -e AES128 -K /lib/rootkey.gpg
> -G /lib /dev/loop5 /dev/vg/root else
>     /lib/losetup -d /dev/loop5
>     # INSERT LOGICAL VOLUME TEARDOWN HERE
> fi
> 
RB is correct is suggesting that I am aiming for LVM on loop-aes.  So,
the script I have conjured up is as follows:

#!/lib/sh
if [ "$1" != "-d" ] ; then
    /lib/mknod /dev/hda6 b 3 6 #necessary?
    /lib/losetup -e AES128 -K /lib/rootkey.gpg \
           -G /lib /dev/loop5 /dev/hda6 
    # INSERT LOGICAL VOLUME SETUP HERE 
    /lib/lvm vgscan --mknodes 
else
    # INSERT LOGICAL VOLUME TEARDOWN HERE
    /lib/losetup -d /dev/loop5
fi

During boot, the kernel loads and the machine then shuts down with the
following error repeated six times:
	Command "/lib/rootsetup -e AES128 -I 0 -K /lib/rootkey.gpg
	-G /lib /dev/loop5 /dev/hda6" returned error

Hmmmmmm, any clues?

Jari, thanks for the suggestions.

Regards

Fog_Watch.

-- 
Lose wait.  Get Gentoo.

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux