Re: loop-aes: problem after repartitioning disk

Juergen Lemke <lemke_juergen@xxxxxxxx> · Wed, 24 Sep 2008 19:17:05 +0000 (GMT)

Hi Markus,

Thank you for your help.

> > $ sudo ./build-initrd.sh /boot/initrd.conf [this
> copied a bunch of
> > files and only generated warnings about not being able
> to preserve
> > permissions on two files]
> 
> which ones?

Here is what I get once I run build-initrd.sh (after having edited build-initrd.sh to point DESTINATIONPREFIX to the mount point of my usb key rather than /boot):

 knoppix@Knoppix:/ramdisk/home/knoppix/loop-AES-v3.2c$ sudo ./build-initrd.sh ../ek/initrd.conf
Loading config from '../ek/initrd.conf'
16+0 records in
16+0 records out
16384 bytes (16 kB) copied, 6.8158e-05 seconds, 240 MB/s
32 inodes
16 blocks
Firstdatazone=5 (5)
Zonesize=1024
Maxsize=268966912

Filesystem           1K-blocks      Used Available Use% Mounted on
/ramdisk/home/knoppix/loop-AES-v3.2c/tmp-i-900
                            11        10         1  91% /ramdisk/home/knoppix/loop-AES-v3.2c/tmp-d-900
-rw------- 1 root root 2440 Sep 24 14:59 /ramdisk/home/knoppix/ek/initrd.gz
Copying /sbin/losetup to /ramdisk/home/knoppix/ek
Copying /lib/tls/libc.so.6 to /ramdisk/home/knoppix/ek
Copying /lib/ld-linux.so.2 to /ramdisk/home/knoppix/ek
Copying /sbin/insmod to /ramdisk/home/knoppix/ek
Copying /lib/tls/libc.so.6 to /ramdisk/home/knoppix/ek
Copying /lib/ld-linux.so.2 to /ramdisk/home/knoppix/ek
Copying /sbin/insmod.modutils to /ramdisk/home/knoppix/ek
Copying /lib/tls/libc.so.6 to /ramdisk/home/knoppix/ek
Copying /lib/ld-linux.so.2 to /ramdisk/home/knoppix/ek
Copying /bin/loadkeys to /ramdisk/home/knoppix/ek
Copying /lib/libcfont.so.0 to /ramdisk/home/knoppix/ek
Copying /lib/libctutils.so.0 to /ramdisk/home/knoppix/ek
Copying /lib/libconsole.so.0 to /ramdisk/home/knoppix/ek
Copying /lib/tls/libc.so.6 to /ramdisk/home/knoppix/ek
Copying /lib/ld-linux.so.2 to /ramdisk/home/knoppix/ek
Copying /usr/bin/gpg to /ramdisk/home/knoppix/ek
cp: setting permissions for `/ramdisk/home/knoppix/ek/gpg': Operation not permitted
cp: preserving ACL for `/ramdisk/home/knoppix/ek/gpg': Operation not permitted
knoppix@Knoppix:/ramdisk/home/knoppix$ 

knoppix@Knoppix:/ramdisk/home/knoppix$ ls -l ek/gpg
-rwxr-xr-x 1 root root 837272 Dec  6  2006 ek/gpg

My usb key was mounted at /ramdisk/home/knoppix/ek when I ran build-initrd.sh.

> Are all the necessary device nodes present in your initrd
> image?
> namely /dev/hdaX and /dev/sdaX

This is what I got:

knoppix@Knoppix:/ramdisk/home/knoppix$ sudo mount /dev/sdd ek
knoppix@Knoppix:/ramdisk/home/knoppix$ cp ek/initrd.gz .
knoppix@Knoppix:/ramdisk/home/knoppix$ gzip -d initrd.gz
knoppix@Knoppix:/ramdisk/home/knoppix$ sudo mount -o loop initrd tmp2
knoppix@Knoppix:/ramdisk/home/knoppix$ sudo ls -l tmp2/dev/
total 0
crw------- 1 root root 5, 1 Sep 24 11:28 console
brw------- 1 root root 3, 4 Sep 24 11:28 hda4
brw------- 1 root root 7, 5 Sep 24 11:28 loop5
crw------- 1 root root 1, 3 Sep 24 11:28 null
brw------- 1 root root 1, 0 Sep 24 11:28 ram0
brw------- 1 root root 1, 1 Sep 24 11:28 ram1
brw------- 1 root root 8, 0 Sep 24 11:28 sda
crw------- 1 root root 5, 0 Sep 24 11:28 tty
crw------- 1 root root 4, 1 Sep 24 11:28 tty1
crw------- 1 root root 1, 5 Sep 24 11:28 zero

I can see hda4 and sda in there. Does this otherwise look ok?

> please post your initrd.conf, if all fails I can clone an
> initrd for  you with it.

Here it is:

BOOTDEV=/dev/sda            # partitionless USB-stick device
BOOTTYPE=vfat
CRYPTROOT=/dev/hda4
ROOTTYPE=ext3
CIPHERTYPE=AES256
LOADNATIONALKEYB=1
INITIALDELAY=6

The only change between this and the earlier version was replacing "hda3" with "hda4".

I have noticed two things when I try to boot from the key. 

First, once I enter the passphrase and hit enter, there isn't that usual delay which occurs when I mistype the passphrase: instead, I get the 

Command "/lib/losetup -e AESS256   -I 0 -K /lib/rootkey.gpg -G /lib /dev/loop5 /dev/hda4" returned error

message instantaneously; as soonas I press 'enter'. It is not usually like that when I mistype the passphrase.

Second, the *first* time that I enter the passphrase after booting, before the "Command /lib/losetup [...]" message one can read "Error: gpg key file decryption failed". However, in the attempts that follow only "Command /lib/losetup [...]" shows up. (I don't know if this is important, I just noticed it.)

Again thanks for any hint on what I am doing wrong.

~J

__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. 
http://mail.yahoo.com 

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/