Am Sat, 19 Jan 2008 20:09:11 +0100
schrieb Peter_22@xxxxxx:
> *Update*
>
> Fine, I did as you said. I re-installed Kubuntu 7.10 64bit, installed
> loop-aes-utils, created your 3 scripts and built a new initrd. After
> copying the files on stick I rebooted but no pass phrase was asked.
What happened instead?
Without error messages, it's difficult to guess...
perhaps, you simply forgot to make the scripts executable (chmod
u+x ...) ? I forgot to mention it explicitly.
You can test the startup script without root-encryption. It's easier
this way. Leave the root partition unencrytped/decrypt it, and also
leave your fstab and syslinux.cfg-file like in the unencrypted case.
But, remove the 'quiet' option from syslinux.cfg to see all
(error-)messages during startup.
However, add the the scripts to /etc/initramfs-tools/* nevertheless.
Change just some lines to avoid endless loops and get all the
(error-)messages:
instead of:
--
TEST=1
while [ 0 != $TEST ] ; do
losetup -e AES256 -K /root.gpg -G / /dev/loop6 "$HD"
# or losetup -e SERPENT128 -K /root.gpg -G / /dev/loop0 "$HD"
# or whatever
TEST=$?
done
--
write something like:
--
I=0
echo "input"
read TEST # press RETURN first
for I in 1 2 3 4; do
losetup -e AES256 -K /root.gpg -G / /dev/loop6 "$HD"
if [ 0 = $? ]; then
echo "ok!"
read TEST
exit
fi
done
echo "end"
read TEST # press RETURN again
--
Now, you should see at least some error messages.
After booting, you can ensure, that your "encrypted" root device has
been setup in the correct way with 'losetup -a'. Of course, you still
use the unencrypted device (be careful, you can corrupt your
file-ssystem by writing something to /dev/loop6 )
If the password prompt works fine and your root partition is mapped
to /dev/loopX correctly, you can change fstab and syslinux.cfg and
encrypt your root-partition...
rudi
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
