> May I suggest the you try configuring, compiling, and installing a kernel
> few times in normal unencrypted root setup first. And I mean setups where
> those kernels boot without any initrd help. Many distros use kernel
> configurations that use initrds filled with drivers for about all supported
> hardware. Most of the work is figuring out what drivers your hardware needs
> and disabling all the other drivers. Once you have such "optimized" working
> kernel configuration, you can use that kernel configuration as starting
> point for other kernel compiles.
I compiled > 100 the last 8 years and they worked ( 5 years SuSE, than debian).
Anyway in fact I never interested in initrd-background but I will in some
future; now it is time to get things done .... after month.
I trained myself in compiling 2.6xxxx-crypto-kernels and saw the dangers.
Any newcomer should burn in, that the only initial-ramdisk for one or 100
kernels is the small INITRD.GZ, made with the script and in /boot !
> Again, this looks like misconfigured bootloader. It loads wrong initrd.
> Another possibility is that you booted wrong kernel.
When installing whatever-kernel.deb, update-grub is initiated and is
flattening every crypto-related word, but still looking nice to the crypto-novice....
When I just thought of what algo, I felt aespipe only to supply aes, so it would
be extra dangerous to use twofish etc. in case of emergency...............
I am looking for a place to put my experiences to make it easier for others.
Thanks for your time & patience, so far
Reverend
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
