David wrote:
> loop-aes 3.0d with gentoo 2.6.12.5, (read the loop-aes readme, followed
> all directions) and used knoppix to do the actual encrypting commands.
On what root directory did you run the build-initrd.sh script?
Your about-to-be-encrypted-root or knoppix?
Last few lines of build-initrd.sh script is supposed to make sure that a
/initrd directory exists on your about-to-be-encrypted-root directory. If
you ran the script on knoppix, then that directory may be missing.
> When I enter the correct password I get the following message:
>
> pivot_root() to new root failed. Older kernels don't have pivot_root().
That error message can be caused by missing pivot_root() system call in
kernel or because your encrypted root does not have a /initrd directory.
When pivot_root() system call is run, it atomically moves old existing
ram-disk based root directory to some other directory and moves newly set up
encrypted directory to root directory. Old root directory can't just vanish
because a program (linuxrc) is running from it.
In your case, it appears that the directory where old ram-disk based root
directory is supposed to be "parked" is missing. Fix is to create that
missing directory.
> Please help
1) Boot knoppix 3.9 or later. Knoppix 3.9 seems to have full support for
mounting loop-AES-v3 encrypted file systems. You don't need any GUI for
this, so run knoppix run level 2 will do.
boot: knoppix 2
2) Mount device where your rootkey.gpg file is.
mkdir /mnt1
mount -r -t ext2 /dev/hda1 /mnt1
3) Mount your encrypted root.
mkdir /mnt2
mount -t ext2 /dev/hda2 /mnt2 -o loop=/dev/loop0,encryption=AES256,gpgkey=/mnt1/rootkey.gpg
4) Create missing directory.
umask 077
mkdir /mnt2/initrd
5) Clean up and reboot.
umount /mnt2
umount /mnt1
shutdown -r now
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
