I'm running an encrypted root Kubuntu system. Yesterday I upgraded to
Kubuntu 9.04 thus moving from a 2.6.27 to a 2.6.28 kernel. I understand
the problem with the new kernel, and have download a proper kernel from
<http://ubuntu.cern.ch>, so this is not my problem. I am running loop-aes
version 3.2f-1cern1+2.6.28-14.47.
I have added an losetup command in a custom
/etc/initramfs-tools/scripts/local-top/loop_aes file. After doing some
sanity checking the last line in my file is:
/sbin/losetup -v -T -e AES256 -G / -K /keyfile.gpg -s [CENSORED] /dev/loop0 /dev/sda
Please note that I have successfully been using this setup for around 2
years before now. (Techinically I added the `-v' and `-T' flags today.
The `-v' didn't seem to add any information).
After the update, when I get to this point in the boot sequence, the
command no longer prompts for a Password. Instead it now immediately
fails with a gpg decryption failed error, the same error you get if you
don't answer the password correctly.
After this failure I drop down into busybox (because it times out wating
for the /dev/loop0 device which is the root device). The strange bit is
that in busybox I can type in that exact losetup command and it works
properly. It prompts for my password, and creates the loop device
properly. I can exit busybox and then booting continues normally.
I also tried adding the flag `-p0' to the losetup command. This also
works. Of course, there is no prompt, and the password appears in plain
text on the console. Obviously that isn't an acceptable solution.
I added the `cat' command before the losetup call to test the console. It
works as expected.
I guess that there is something strange going on between how losetup calls
gnupg and how gnupg gets and manipluates the console to prompt for and get
the password (without echoing to the console), but I really don't know how
to proceed to debugging this. Maybe someone more familiar with losetup
and the linux boot process may have some idea what may have changed in
this Kubuntu upgrade that would cause the problem I described.
Thanks for any help. I'd love to get loop-aes working nicely for me
again.
--
Russell O'Connor <http://r6.ca/>
``All talk about `theft,''' the general counsel of the American Graphophone
Company wrote, ``is the merest claptrap, for there exists no property in
ideas musical, literary or artistic, except as defined by statute.''
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
