Google
  Web www.spinics.net

Re: Kubuntu 7.10 64bit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Rudolf Deilmann <rudolf.deilmann@xxxxxxxxx> worte:
> Without error messages, it's difficult to guess...
> perhaps, you simply forgot to make the scripts executable (chmod
> u+x ...) ? I forgot to mention it explicitly.

You´r right. How silly of me! I wondered if these "scripts" have to be executable, made one of them executable, but not all 3 of them :-(
Well ok, the initrd is finally 8 mb in size and boots ok up to the point where root should be accessed.

*Very impressive*
My test pass phrase was:
13äµ WÖ%!€_#:@nT§=L?" and your scripts made it at first try!!!!

> You can test the startup script without root-encryption. It's easier
> this way. Leave the root partition unencrytped/decrypt it, and also
> leave your fstab and syslinux.cfg-file like in the unencrypted case.
> But, remove the 'quiet' option from syslinux.cfg to see all
> (error-)messages during startup.

Of course, I always make some dry-runs before I encrypt root partition.
I would like to know if and how these initramfs scripts can be optimized. There should be a prompt asking for the pass phrase.
Then I would like to ask if it is a good idea to run "lsmod" on a fresh installation. This shows all loaded modules. When these are listed in /etc/initramfs-tools/modules wouldn´t that result in a smaller initrd with little effort?
Some choices of .built-initrd.sh are missing. What about setting up loop-devices instead of partitions? The script can use a loop device with offset and size limit so that the partition table can be abandoned.
(PSEED=-o -s)
Apart from that one might wish to have more than 8 loops in some cases.
(LOOPMODPARAMS="max_loop=16 lo_prealloc=125,5,200)
Where could these points be accounted for?
Since loop-aes builds other cipher modules as well I´d be interested in setting up root encryption with 2 layers. One time aes and a second on top of the first with twofish or such. Would be nice to see the script for that and make a test.

> However, add the the scripts to /etc/initramfs-tools/* nevertheless.
> Change just some lines to avoid endless loops and get all the
> (error-)messages:
> 
> instead of:
> --
> 
> TEST=1
> while [ 0 != $TEST ] ; do
>    losetup -e AES256 -K /root.gpg -G / /dev/loop6 "$HD" 
>    # or losetup -e  SERPENT128 -K /root.gpg -G / /dev/loop0 "$HD"
>    # or whatever 
>   TEST=$?
> done
> 
> --
> 
> write something like:
> --
> 
> I=0
> echo "input"
> read TEST # press RETURN first
> for I in 1 2 3 4; do
>    losetup -e AES256 -K /root.gpg -G / /dev/loop6 "$HD" 
>    if [ 0 = $? ]; then
>      echo "ok!"
>      read TEST
>      exit
>    fi
> done
> echo "end"
> read TEST  # press RETURN again

Seems you are quite proficient on these shell scripts. Would you
mind sending some more of this? I run a second drive for testing
at present. It´s not that ugly if it fails. I´m looking for an
alternative to SuSE 10.3 and right now Kubuntu 7.10 64-bit is on
top of the list.

Kind regards,
Peter
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Add to Google