Rudolf Deilmann <rudolf.deilmann@xxxxxxxxx> worte: > Without error messages, it's difficult to guess... > perhaps, you simply forgot to make the scripts executable (chmod > u+x ...) ? I forgot to mention it explicitly. You´r right. How silly of me! I wondered if these "scripts" have to be executable, made one of them executable, but not all 3 of them :-( Well ok, the initrd is finally 8 mb in size and boots ok up to the point where root should be accessed. *Very impressive* My test pass phrase was: 13äµ WÖ%!€_#:@nT§=L?" and your scripts made it at first try!!!! > You can test the startup script without root-encryption. It's easier > this way. Leave the root partition unencrytped/decrypt it, and also > leave your fstab and syslinux.cfg-file like in the unencrypted case. > But, remove the 'quiet' option from syslinux.cfg to see all > (error-)messages during startup. Of course, I always make some dry-runs before I encrypt root partition. I would like to know if and how these initramfs scripts can be optimized. There should be a prompt asking for the pass phrase. Then I would like to ask if it is a good idea to run "lsmod" on a fresh installation. This shows all loaded modules. When these are listed in /etc/initramfs-tools/modules wouldn´t that result in a smaller initrd with little effort? Some choices of .built-initrd.sh are missing. What about setting up loop-devices instead of partitions? The script can use a loop device with offset and size limit so that the partition table can be abandoned. (PSEED=-o -s) Apart from that one might wish to have more than 8 loops in some cases. (LOOPMODPARAMS="max_loop=16 lo_prealloc=125,5,200) Where could these points be accounted for? Since loop-aes builds other cipher modules as well I´d be interested in setting up root encryption with 2 layers. One time aes and a second on top of the first with twofish or such. Would be nice to see the script for that and make a test. > However, add the the scripts to /etc/initramfs-tools/* nevertheless. > Change just some lines to avoid endless loops and get all the > (error-)messages: > > instead of: > -- > > TEST=1 > while [ 0 != $TEST ] ; do > losetup -e AES256 -K /root.gpg -G / /dev/loop6 "$HD" > # or losetup -e SERPENT128 -K /root.gpg -G / /dev/loop0 "$HD" > # or whatever > TEST=$? > done > > -- > > write something like: > -- > > I=0 > echo "input" > read TEST # press RETURN first > for I in 1 2 3 4; do > losetup -e AES256 -K /root.gpg -G / /dev/loop6 "$HD" > if [ 0 = $? ]; then > echo "ok!" > read TEST > exit > fi > done > echo "end" > read TEST # press RETURN again Seems you are quite proficient on these shell scripts. Would you mind sending some more of this? I run a second drive for testing at present. It´s not that ugly if it fails. I´m looking for an alternative to SuSE 10.3 and right now Kubuntu 7.10 64-bit is on top of the list. Kind regards, Peter -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
