My system is functioning from an encrypted root and I now want to
encrypt the rest of the filesystems; /usr, /usr/local, and /var. System
info as follows:
intel core2duo cpu
Fedora 11
2.6.31-rc5-git5 from kernel.org
loop-AES-3.2g (compiled as module)
aespipe-v2.3e
util-linux-ng-2.15.1
build-initrd.sh configuration:
* USEPIVOT=2
* BOOTDEV=/dev/sda1
* BOOTTYPE=ext3
* CRYPTROOT=/dev/sda2
* ROOTTYPE=ext4
* CIPHERTYPE=AES128
* GPGKEYFILE=rootkey.gpg
* SOURCEROOT=/
* DESTINATIONROOT=/mnt/build
* DESTINATIONPREFIX=boot
* UTF8KEYBMODE=1
* LOADNATIONALKEYB=1
* USEGPGKEY=1
After encrypting /var, the system fails to boot past the point
where /var should be mounted, which is being attempted via the
script /etc/rc5.d/S01losetup.sh (a symbolic link
to /etc/init.d/losetup.sh), containing
#!/bin/sh
echo "<SUPPRESSED>" | losetup -p0 -e aes128 \
-K /etc/keys/varkey.gpg /dev/loop6 /dev/sda6
The /etc/fstab entry for /var is:
/dev/loop6 /var ext4 defaults 0 2
I am instead dropped to a system prompt with / left in ro mode.
Attempting to execute /etc/init.d/losetup.sh manually gives "Error: gpg
file decryption failed". Attempting losetup directly
/root[30]%losetup -e aes128 -K /etc/keys/varkey.gpg /dev/loop6 /dev/sda6
prompts for the passphrase as expected, but entering it yields the same
error that decryption failed. So I tried using gpg directly
/root[35]% gpg --decrypt /etc/keys/varkey.gpg
gpg: cannot open '/dev/tty' no such device or address'
which is perhaps the source of the problem, but /dev/tty is actually
there
/root[36]% mknod /dev/tty c 5 0
mknod: `/dev/tty': File exists
/root[37]% ls -l /dev/tty
crw-rw-rw-. 1 root tty 5, 0 2009-10-08 06:09 /dev/tty
At this point I'm more or less stumped. Suggestions? Any other
information needed that would help with troubleshooting?
Thanks,
FG
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
