Google
  Web www.spinics.net

loop-AES on a root RAID1 device; it only sort of works

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


/dev/md1 (RAID1) is composed of /dev/hda2 and /dev/hdd1, and
/dev/md2 (RAID1) is composed of /dev/hda6 and /dev/hdd2.  /dev/md1 is an
unencrypted ext2 boot device.  /dev/md2 is overlain with loop-AES and
is mounted as root.  The initrd ram-disk for encrypting root is created
with the usual ./build-initrd.sh build-initrd.conf.

In build-initrd.conf, BOOTDEV equals /dev/hda2.  I don't set it
to /dev/md1 as md1 hasn't been assembled yet. When rootsetup assembles
the RAID devices, /dev/hda2 is already under use and so is not
included in /dev/md1.  /dev/hda2 ends up missing from /dev/md1:
# cat /proc/mdstat 
Personalities : [raid1] 
md2 : active raid1 hda6[0] hdd2[1]
      3076352 blocks [2/2] [UU]
md1 : active raid1 hdd1[1]
      48128 blocks [2/1] [_U]

(I think this is the correct question)  How do I create a ram-disk in
which there is an assembled /dev/md1 from which to boot?

Thanks again

Fog_Watch.



# cat /boot/rootsetup
#!/lib/sh
if [ "x$1" != "x-d" ] ; then
    /lib/mkdir -p /proc /dev/mapper
    /lib/mount -n -t proc proc /proc
    /lib/mknod /dev/hdd1 b 22 65 
    /lib/mknod /dev/hda6 b 3 6 
    /lib/mknod /dev/hdd2 b 22 66 
    /lib/mdadm -A -s -c /lib/mdadm.conf
    /lib/umount -n /proc
    /lib/losetup -e AES128 -K /lib/gpg.key -G /lib /dev/loop5 /dev/md2
    x=$?
    exit ${x}   # exit with return status of losetup
else
    /lib/losetup -d /dev/loop5
    x=$?
    exit ${x}   # exit with return status of losetup
fi

-- 
Lose wait.  Get Gentoo.

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Add to Google