Talk:SECURITY Encrypting Root Filesystem with DM-Crypt with LUKS

From Gentoo Linux Wiki

Jump to: navigation, search

I just rewrote the Automatic Mounting of Encrypted User Directories" section because

  • pam_mount (0.13.0) supports luks
  • I think the script provided here before would leave the luks partition open/unencrypted after the user logged out

Till 14:40, 5 April 2006 (GMT)

[edit] Merging guides

Hi, I see that your guide and mine have the same goal, what do you think if we merge them and work together ?
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS
Reikinio 20:45, 11 May 2006 (UTC)

I wrote a similar guide for home directories: HOWTO_Encrypt_Your_Home_Directory_Using_LUKS_and_pam_mount

Also, the pam_mount part is not complete AFAIK (see my guide) Mes 11:27, 26 May 2007 (UTC)

[edit] Initramfs

I've got an addition to this page that tells how to do it with initramfs. I've seen Reikinio's page on System encryption. It's clearly more comprehensive, but it's also more complex and I prefer a simple "one-trick pony" approach. I'll probably post it in a couple of days unless someone feels there's a strong reason not to. - Jon

[edit] Busybox and Initramfs troubles

I found that the devmap_mknod.sh script did not work for me with the busybox tools. The problem turned out to be that the output from the sed scripts is not assigned to the variables MAJOR and MINOR. So I did some testing and chrooted into my initramfs directory and tried the sed commands from the command line. The plain sed commands do give the right answers parsing the /proc/device file. However, putting the command between left quotes ` or using the $(...) construct does not give any output. Also assigning that to a variable and printing the variable yields nothing. I don't know what is going on here. My solution for now is to use the shell and other commands from the initrd image. So I only use busybox for the switch_root commands as pivot_root does not work in an initramfs. This works around my problem. Still, I wonder why the busybox tools do not want to assign the output to the variables. Anyone with a solution? - Luud

Confirmed, something with sed is strange there. There was a bug in Busybox<=1.8.2/<=1.9, see: http://busybox.net/bugs/view.php?id=2024
But, as an experienced Bashcoder I came up with a temporary fix (as the fix is not in portage yet): ;)
MAJOR=`awk '/misc$/ {print $1}' /proc/devices`
MINOR=`awk '/'"$DM_NAME"'$/ {print $1}' /proc/misc`
Now it works for me (busybox 1.8.2)! :)
-Craig-

Retrieved from "http://www.gentoo-wiki.com/Talk:SECURITY_Encrypting_Root_Filesystem_with_DM-Crypt_with_LUKS"
Personal tools