On Thu, Jun 25, 2009 at 8:23 PM, Brian Mearns<bmearns(a)ieee.org> wrote:
On Thu, Jun 25, 2009 at 5:20 PM, davide<lists4davide(a)gmail.com>
wrote:
> Il Thu, 25 Jun 2009 11:28:14 -0400, Brian Mearns ha scritto:
>
>> On Thu, Jun 25, 2009 at 11:03 AM, davide<lists4davide(a)gmail.com> wrote:
>>> Brian Mearns <bmearns <at> ieee.org> writes:
>>>
>>>
>>>> Thanks for the response, Davide. /boot is a seperate, non-LVM
>>>> partition with its own ext3 fs. I know F11 has options for encrypting
>>>> during setup, but I've already got it set up, and would now like to
go
>>>> back and switch over to an excrypted root filesystem without having to
>>>> reinstall. I think your suggestion of using a Live CD implies that I
>>>> would reinstall Fedora, which I don't want to do.
>>>
>>> have you all the needed modules compiled into the kernel or into the
>>> initrd? otherwise I would give a look at /etc/crypttab and /etc/fstab
>>>
>>>
>>>
>>>> Also, it's not grub asking for the root, I'm referring to the
"root"
>>>> parameter for the kernel.
>>>
>>> Yes, I think you mean the root parameter into the grub config, it is a
>>> parameter for the kernel. I would suppose is used by the kernel to find
>>> out where are modules and filesystem.
>> [clipped]
>>
>> Thanks, again, Davide.
>>
>> crypttab and fstab should be fine, as init is able to mount the device
>> correctly. I'm not sure if I have all the correct modules: I ran
>> mkinitrd with "--with=aes --with=sha256" and tried to boot using the
>> generated initrd.img, but perhaps there are additional modules I need?
>>
>> Thanks,
>
> thanks to Robert, I opened the init, I copy here the relevant part.
> tell me if it helps, or I can try to investigate more deeply.
>
>
> echo Creating block device nodes.
> mkblkdevs
> echo Creating character device nodes.
> mkchardevs
> echo "Loading dm-crypt module"
> modprobe -q dm-crypt
> echo "Loading aes module"
> modprobe -q aes
> echo "Loading cbc module"
> modprobe -q cbc
> echo "Loading sha256 module"
> modprobe -q sha256
> echo "Loading pata_acpi module"
> modprobe -q pata_acpi
> echo "Loading ata_generic module"
> modprobe -q ata_generic
> echo Making device-mapper control node
> mkdmnod
> modprobe scsi_wait_scan
> rmmod scsi_wait_scan
> mkblkdevs
[clipped]
I'm back home and can get some additional information about this.
Attempting to boot using the "crypto-initrd.img", which I generated
with "mkinitrd --with=aes --with=sha256" and specifying the
LUKS/cryptsetup encrypted drive for the kernel's "root" parameter, the
boot process gets to the point of asking me for a password, then
mentions a few things about an EXT4-fs (not sure which one, but no
error's reported here), then gives the following messages before
hanging:
SELinux: policydb magic number 0xffffe4f0 does not match expected
magic number 0xf97cff8c
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
request_module: runaway loop modprobe binfmt-ffff
I am able to restart the system uneventfully at this point by pressing
ctrl-alt-del.
Attempting to boot with the same initrd img, but specifying an
unecrypted partition for the kernel's "root" parameter, it all comes
up fine, but does still ask me for a password during boot.
I'm going to attempt to debug my initrd img, as suggested, but I'm not
sure how well I'll be able to understand the script. So if anyone has
any additional advice, I'd really appreciate it.
Thanks, again.
-Brian
[clipped]
Well, I opened my initrd init-script, but very little of it means
anything to me. Davide indicated a certain section in his script as
relevant, so I've included that section of mine. It's a bit different,
but I'm not sure if that's relevant:
###############################################
echo Creating block device nodes.
mkblkdevs
echo Creating character device nodes.
mkchardevs
echo "Loading aes module"
modprobe -q aes
echo "Loading cbc module"
modprobe -q cbc
echo "Loading sha256 module"
modprobe -q sha256
echo "Loading sata_nv module"
modprobe -q sata_nv
echo "Loading pata_acpi module"
modprobe -q pata_acpi
echo "Loading ata_generic module"
modprobe -q ata_generic
echo "Loading dm-crypt module"
modprobe -q dm-crypt
echo Making device-mapper control node
mkdmnod
modprobe scsi_wait_scan
rmmod scsi_wait_scan
mkblkdevs
echo Scanning logical volumes
###############################################
So if this means anything to anybody and they can give me any help on
how to proceed, I'd super appreciate it.
Thanks,
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from:
http://keys.gnupg.net