initrd, nash and encrypted hda
fedora-list
fedora-list at thebc.ch
Mon Oct 18 15:45:10 UTC 2004
hello group
i am trying to encrypt my hard disk with fc3 test3, device-mapper and dm-crypt. i found out that this task is much more difficult than i toughed... so if i may ask some questions?
1.) whats the difference between
kernel /vmlinuz-2.6.8-1.541 rw root=LABEL=/
and
kernel /vmlinuz-2.6.8-1.541 rw root=/dev/ram0
in grub.conf. What is this LABEL-thing for? Where is defined /=>hda3?
2.) nash isn't capable to read userinput. what's the right solution to get around that?
3.) why is bash started from nash not able to read userinput as well?
it produces "read: read error: 0: Bad file descriptor"
4.) if i replace nash completely with bash i've got trouble with the "kernel"-line in grub.conf (the root=/dev/ram0) and the device_mapper. even if i say:
echo $pass | /bin/cryptsetup create rootfs /dev/hda3
/bin/mount -r -n -t ext3 /dev/mapper/rootfs /mnt
in the init, hda2 gets mapped to root somhow?!
5.) what is the "mkrootdev /dev/root" in init for? from where it gets the information of the rootfs-location?
Uhhh, any help on this topic really appreciated. Maybe someone knows a tutorial on this topic (with kernel 2.6 and dm-crypt)?
Thanks you very much
bernd
System Setup:
-------------
Ramdisk:
.
|-- bin
| |-- bash
| |-- cryptsetup
| |-- hotplug -> /sbin/nash
| |-- insmod
| |-- modprobe -> /sbin/nash
| |-- nash
| |-- udev
| `-- udevstart -> udev
|-- dev
| |-- console
| |-- null
| |-- ram
| |-- systty
| |-- tty1
| |-- tty2
| |-- tty3
| `-- tty4
|-- etc
| `-- udev
| `-- udev.conf
|-- init
|-- lib
| |-- BusLogic.ko
| |-- aes-i586.ko
| |-- dm-crypt.ko
| |-- dm-mod.ko
| |-- ext3.ko
| |-- jbd.ko
| |-- ld-linux.so.2
| |-- libc.so.6
| |-- libdevmapper.so.1.00
| |-- libdl.so.2
| |-- libtermcap.so.2
| |-- scsi_mod.ko
| `-- sd_mod.ko
|-- loopfs
|-- mount-crypt.sh
|-- proc
|-- sbin -> bin
|-- sys
`-- sysroot
--- begin init -------------------------------------------------------
#!/bin/nash
mount -t proc /proc /proc
setquiet
echo Mounted /proc filesystem
echo Mounting sysfs
mount -t sysfs none /sys
echo Creating /dev
mount -o mode=0755 -t tmpfs none /dev
mknod /dev/console c 5 1
mknod /dev/null c 1 3
mknod /dev/zero c 1 5
mkdir /dev/pts
mkdir /dev/shm
echo Starting udev
/sbin/udevstart
echo -n "/sbin/hotplug" > /proc/sys/kernel/hotplug
echo "Loading scsi_mod.ko module"
insmod /lib/scsi_mod.ko
echo "Loading sd_mod.ko module"
insmod /lib/sd_mod.ko
echo "Loading BusLogic.ko module"
insmod /lib/BusLogic.ko
echo "Loading jbd.ko module"
insmod /lib/jbd.ko
echo "Loading ext3.ko module"
insmod /lib/ext3.ko
echo "Loading aes-i586.ko module"
insmod /lib/aes-i586.ko
echo "Loading dm-mod.ko module"
insmod /lib/dm-mod.ko
echo "Loading dm-crypt.ko module"
insmod /lib/dm-crypt.ko
echo Creating root device
mkrootdev /dev/root
umount /sys
echo Mounting root filesystem
/mount-crypt.sh
mount -t tmpfs --bind /dev /sysroot/dev
echo Switching to new root
switchroot /sysroot
umount /initrd/dev
--- end init ---------------------------------------------------------
--- begin mount-crypt.sh ---------------------------------------------
#!/bin/bash
pass1="sux"
count="0"
while [ "$pass1" != "$pass2" ]
do
if [ "$count" = "3" ] ; then
echo "System halted!"
exit 0
fi
if [ "$count" != "0" ] ; then
echo "Passwords don't match!"
fi
echo -n "Password for mounting root fs: "
read -s pass1
echo
echo -n "Repeat: "
read -s pass2
echo
count=$(( $count + 1 ))
done
echo "Ok! mounting root file system"
pass=$pass2
echo $pass | /bin/cryptsetup create rootfs /dev/root
/bin/mount -r -n -t ext3 /dev/mapper/rootfs /sysroot
--- end mount-crypt.sh -----------------------------------------------
More information about the fedora-list
mailing list