On Sun, Jul 21, 2013 at 3:47 AM, Milan Broz <gmazyland@xxxxxxxxx> wrote: > On 21.7.2013 7:40, Bryan Kadzban wrote: >> >> Milan Broz wrote: >>> >>> On 07/20/2013 09:36 PM, ebelcrom ebelcrom wrote: >>> >>>> I played around with dm-crypt without using initramfs for >>>> en-/decryption of my root file system. The rootfs is encrypted >>>> plain with cryptsetup and the key is stored at the disk containing >>>> the rootfs between MBR and the partition. The kernel parameter >>>> given to it from the bootloader is configured as it should be >>>> (cryptdevice, cryptkey, root mapper). The disk driver (loaded >>>> before) is built-in as well as dm-crypt (loaded after). The message >>>> I got at boot time is this (cr_rootfs is the encrypted rootfs): >>>> >>>> VFS: Cannot open root device "mapper/cr_rootfs" or >>>> unknown-block(0,0) >>>> >>>> According to some hints in the web there is no need to have an >>>> initramfs. Is that true? If yes what are the steps to get there and >>>> what should I keep into account? >>> >>> >>> I think the only possibility is to use GRUB2 which should understand >>> LUKS directly and boot from it. (Not sure about plain dmcrypt >>> device). >> >> >> So I've never tried it myself (I'm using a pretty simple initramfs I >> wrote in shell for my luks-rootfs setup), but I'm not sure how this can >> work. >> >> Because no bootloader mounts the rootfs. They only find the kernel code >> (and, if configured, the initramfs image), load it (or them) into >> memory, and jump to the kernel's init code, transferring control of the >> machine to the kernel. (There's a protocol to tell the kernel about the >> initramfs if one is present.) >> >> The kernel either runs the initramfs's /init program, or mounts the >> rootfs itself and runs /sbin/init. (Or whatever you set init= to on the >> kernel command line.) >> >> (Plus there's the fact that the kernel can't automount luks.) > > > Yes, GRUB2 solve just initial kernel boot load, you cannot map any > device-mapper > device (that's include crypt but also LVM etc) without userspace tools... > > Seems I anwered different question, sorry :) > > Anyway, there were tries to add kernel boot parameters for DM > e.g. http://article.gmane.org/gmane.linux.kernel/988034 FWIW, I'll try to add these again soon and see how it goes! They weren't outright rejected :) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
