Fog_Watch wrote:
> > rootsetup program/script gets same command line
> > parameters as losetup. In following example all command line
> > parameters are ignored, with exception of first one that used to
> > determine whether the script should set up a loop device or tear it
> > down.
> I'm not understanding this bit. The script (rootsetup) tests for
> "-d", but I don't know where this parameter is set.
When config says USEROOTSETUP=1, the name of the losetup program is changed
to rootsetup. So, instead of running
/lib/losetup -e AES128 -I 0 -K /lib/rootkey.gpg -G /lib /dev/loop5 /dev/hda6
/lib/losetup -d /dev/loop5
initrd code runs
/lib/rootsetup -e AES128 -I 0 -K /lib/rootkey.gpg -G /lib /dev/loop5 /dev/hda6
/lib/rootsetup -d /dev/loop5
using exact same command line parameters. It is up to the rootsetup script
to do something useful with them. The first command line parameter will be
either -e or -d depending whether initrd is trying to set up or tear down
the device.
> My encrypted partition is /dev/hda6. Does that mean that my rootsetup
> script should include "mknod /dev/hda6 b 3 6" (wild guess)?
No.
You have CRYPTROOT=/dev/hda6 in your config. build-initrd.sh script creates
that device node for you.
> RB is correct is suggesting that I am aiming for LVM on loop-aes. So,
> the script I have conjured up is as follows:
>
> #!/lib/sh
> if [ "$1" != "-d" ] ; then
> /lib/mknod /dev/hda6 b 3 6 #necessary?
> /lib/losetup -e AES128 -K /lib/rootkey.gpg \
> -G /lib /dev/loop5 /dev/hda6
> # INSERT LOGICAL VOLUME SETUP HERE
> /lib/lvm vgscan --mknodes
> else
> # INSERT LOGICAL VOLUME TEARDOWN HERE
> /lib/losetup -d /dev/loop5
> fi
First parameter $1 is either "-e" or "-d", so that "if [ -e .... ]" line
didn't work because shell interpreted that as "true if file exists".
My fault, sorry. But I did say that it was completely untested.
#!/lib/sh
if [ "x$1" != "x-d" ] ; then
/lib/losetup -e AES128 -K /lib/rootkey.gpg -G /lib /dev/loop5 /dev/hda6
if [ $? = 0 ] ; then
/lib/lvm vgscan --mknodes
# initrd will attempt to mount /dev/loop5, so create fake entry here
/lib/rm /dev/loop5
/lib/mknod -m 600 /dev/loop5 b ????? ?????
fi
else
# losetup needs loop5 as real loop device node, so create the old one again
/lib/rm /dev/loop5
/lib/mknod -m 600 /dev/loop5 b 7 5
/lib/losetup -d /dev/loop5
fi
After successfull setup, initrd code will attempt to mount a device called
/dev/loop5 so above script uses /lib/rm to remove /dev/loop5 device node and
then creates new node using same /dev/loop5 name, but different major+minor.
Replace those ????? in above script with major+minor of the device you want
to be mounted as root. If the "detach loop" branch of the script is called,
it will have to create the original device /dev/loop5 again, using major=7
minor=5.
I'm not sure if that --mknodes option for lvm vgscan is needed at all. You
can also try without it. The problem is that if it creates many device
nodes, the tiny initrd may run out of space.
> During boot, the kernel loads and the machine then shuts down with the
> following error repeated six times:
> Command "/lib/rootsetup -e AES128 -I 0 -K /lib/rootkey.gpg
> -G /lib /dev/loop5 /dev/hda6" returned error
rootsetup script's "if [ -e .... ]" was wrong.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
