Hi all!
A while ago I reported problems with openSuSE 10.2 (32-bit) in connection with german keymap for loop-aes. The solution is easy but not very satisfying.
Knoppix is the answer. After booting from Knoppix 5.01 Live DVD dumpkeys >default.kmap creates a usable keymap with all needed characters, including µ, the euro sign € or ü,ä,² and the like. The gpg rootkey is created in Knoppix, too. These two files are then used in the /boot folder for loop-aes. Starting encrypted root from MicroSD Card via USB works!
Below follows a list of necessary changes for the SuSE 10.2 standard kernel configuration (AMD 64-bit).
Needed changes for Linux Kernel v2.6.18.2 Configuration (SuSE 10.2 64-bit):
CONFIG_BLK_DEV_LOOP=n
CONFIG_BLK_DEV_RAM_SIZE=4096
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y
CONFIG_BLK_DEV_VIA82CXXX=y for VIA Chipset
CONFIG_SCSI=y
CONFIG_BLK_DEV_SD=y
CONFIG_ATA=y
CONFIG_SATA_AHCI=y
CONFIG_SATA_VIA=y root drive is S-ATA
CONFIG_PATA_VIA=y
CONFIG_USB=y
CONFIG_USB_EHCI_HCD=y
CONFIG_USB_UHCI_HCD=y
CONFIG_USB_STORAGE=y
CONFIG_EXT3_FS=y
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
CONFIG_FAT_DEFAULT_CODEPAGE=850
CONFIG_FAT_DEFAULT_IOCHARSET=iso8859-15
CONFIG_NLS_CODEPAGE_850=y
CONFIG_NLS_ISO8859_15=y
If you cannot find a loop device after the standard SuSE installation, install "devs-10.2-19.x86_64.rpm" package to get /dev/loop{0-15}.
Those SuSE-guys are real jerks! They mess up with every release.
A minor issue derives from the fact that booting from USB equipment requires "usbcore" to be a part of the kernel. This results in anoying warnings like this:
blue:~ # modprobe at76-usb
WARNING: Error inserting usbcore (/lib/modules/2.6.18.2-34-default/kernel/drivers/usb/core/usbcore.ko): Invalid module format
Up to now I´m unsure how to get rid of this. It likely derives from an unresolved module dependency. "depmod -a" didn´t fix it either.
I´d be glad if something of this might help other users of the crippled SuSE distros.
Kind regards,
Peter
-------- Original-Nachricht --------
Datum: Thu, 01 Feb 2007 13:30:45 +0100
Von: Peter_22@xxxxxx
An: Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>
CC: linux-crypto@xxxxxxxxxxxx
Betreff: Re: SuSE 10.2 and LOADNATIONALKEYB=1
> Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> wrote:
> > Do you mean unable to knoppix mount loop-AES encrypted partitions using
> > key
> > file created under openSuSE?
> Yes, exactly. The problem occurs when passphrase contains special
> characters.
>
> > Boot CD-ROM mounts normally? Right?
> Using a boot CD-ROM works with no problems if the us-keymap is used. Chars
> like y, z should be left out. Special characters may not be found or
> assigned to a different key.
>
> > All parties involved, openSuSE X/console, knoppix, and key map in /boot
> > partition or boot-to-encrypted-root CD-ROM, must agree on how passphrase
> > characters are encoded. Otherwise it is not going to work.
> Yes, I understand this and because of that I asked again. I fear the CDs
> prepared under openSuSE 10.2 will no longer be decryptable with
> other/upcoming versions of Linux distros. Such a disaster happend to me some years ago
> when PGPdisk changed something in its keymapping. Fortunately, the next
> version, 6 months later, solved the issue.
>
> > What happens if you apply included build-initrd.sh patch, set
> > UTF8KEYBMODE=1
> > in config, and create new boot CD using that new build-initrd.sh script?
>
> I didn´t know this patch and will try it. I´m glad you answered to my
> questions at all. In case you know further measures please let me know.
>
> > I see exactly same dumpkeys output from both X and console, even though
> > console keyboard seems to be in ASCII mode and X keyboard in scancode
> > mode.
>
> Ok, I just thought it might be a good idea to post the dumped keymaps. I
> scrolled through these files but it didn´t reveal a conclusion to my mind.
> So you would say both X-window/console keymaps are equal?
> I´m going to report what UTF8KEYBMODE=1 does to the build-initrd.sh. With
> your guidance I´ll certainly find a solution.
>
> Kind regards,
> Peter
> --
> "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
> Jetzt GMX TopMail testen:
> http://www.gmx.net/de/go/topmail?ac=OM.GX.GX003K11713T4783a
>
> -
> Linux-crypto: cryptography in and on the Linux system
> Archive: http://mail.nl.linux.org/linux-crypto/
--
"Feel free" - 5 GB Mailbox, 50 FreeSMS/Monat ...
Jetzt GMX ProMail testen: www.gmx.net/de/go/mailfooter/promail-out
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
