Several times I have set up virtual machines to test the cryptsetup
software. I can create and remove the encrypted volumes just fine and
mount them, however whenever I am finished setting up my system and
reboot, my kernel panics, ends, then says that it cannot mount root fs
on unknown block (hd0,0). I am sure that it is not a misconfiguration
with the kernel, as I have built kernels for unencrypted systems and
they have booted fine. Some information:
The encrypted volumes are created with:
cryptsetup -y -v -c serpent-xts-plain -s 512 -h sha512 create dmname
device
Previous partition layouts was like such:
/dev/sda1 +b Linux 100M (/boot) (not encrypted)
/dev/sda2 Linux Swap / Solaris 2G (swap)
/dev/sda3 Linux 10G (root)
/dev/sda4 Extended
/dev/sda5 Linux 2G (/var)
/dev/sda6 Linux 6G (/home)
This last time the layout was like such:
/dev/sda1 +b Linux 100M (/boot) (not encrypted)
/dev/sda2 Linux LVM 2G (swap)
/dev/sda3 Linux LVM 10G (root)
/dev/sda4 Extended
/dev/sda5 Linux LVM 2G (/var)
/dev/sda6 Linux LVM 6G (/home)
The distribution I am using is Gentoo with a custom (to test at one
time) and modified i386_defconfig (every other time) kernel patched with
GRSecurity.
This last time installing cryptsetup I made sure to install packages in
a specific order, like installing cryptsetup before grub legacy and
still got the same error. I had set root (hd0,0) in grub command line
and setup (hd0) on the command line. At one time I had tested setup on
(hd0,0), still the same error. When issuing grub-install /dev/sda in
bash, it will say that df cannot read filesystems and that it cannot
read a device map file, so I had to install grub in grub command shell.
I install cryptsetup from portage with USE="-thin" emerge -avtq
cryptsetup. -thin does not install thin provisioning tools and the boost
sys utils which I assume are very big because they take very long to
install.
After installing cryptsetup, I configure /etc/crypttab (which does not
exist) as follows:
swap /dev/mapper/swap /dev/urandom
swap,cipher=serpent-xts-plain,size=512,hash=sha512
root /dev/mapper/swap none
root,cipher=serpent-xts-plain,size=512,hash=sha512
var /dev/mapper/swap none
var,cipher=serpent-xts-plain,size=512,hash=sha512
home /dev/mapper/swap none
home,cipher=serpent-xts-plain,size=512,hash=sha512
/etc/fstab looks like:
/dev/sda1 /boot ext2 noauto,noatime 0 2
/dev/mapper/swap none swap sw 0 0
/dev/mapper/root / ext4 defaults,relatime 0 1
/dev/mapper/var /var ext4 defaults,relatime 0 1
/dev/mapper/home /home ext4 defaults,relatime 0 0
/dev/cdrom /mnt/cdrom auto noauto,user 0 0
I append the output of dmsetup tables to /etc/dmtab as the file says to
do, and then configure /etc/conf.d/dmcrypt to the following lines:
target=swap
source='/dev/sda2'
key='/dev/urandom'
options='-c serpent-xts-plain -s 512 -h sha512'
target=root
source='/dev/sda3'
options='-c serpent-xts-plain -s 512 -h sha512'
target=var
source='/dev/sda5'
options='-c serpent-xts-plain -s 512 -h sha512'
target=home
source='/dev/sda6'
options='-c serpent-xts-plain -s 512 -h sha512'
I also add lvm and dmcrypt to the boot runlevel. Kernel parameters are
set as follows:
kernel /boot/kernel cryptdevice=/dev/sda3:root
crypto=sha512:serpent-xts-plain:512:0 root=/dev/mapper/root quiet
I have shifted and removed parts of these options in various ways
possibly 15 or more different ways and nothing has worked.
After all of this none of it works. I reboot and get a kernel panic, and
then it says: VFS: root fs cannot be mounted on unknown block (hd0,0).
And yes I have set LVM and DM_CRYPT options etc in the kernel.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
