Prev: du showing more disk usage than df
Next: Ubuntu 10.4 network setup
From: michael redman on 29 Apr 2010 14:03
is there a way to do this?

all the system encryption howtos i found leave /boot on the hard
drive.

if there is a way to do this, does it complicate the situation if the
root device is unknown at the time we burn the readonly boot media?
for example, i have an external usb hard drive that appears as /dev/
sda when attached to a system that uses an ide internal drive (which
shows up as /dev/hda) but appears as /dev/sdb when attached to a
system that uses a sata internal drive (which takes /dev/sda for
itself).

i tried making a grub cd with a full /boot directory, but that did not
work. grub booted fine and loaded the kernel and initrd but the
kernel would not boot. either i did not know how to pass the kernel
the right boot parameters, or something else was wrong.

thanks in advance,
michael
From: Tauno Voipio on 29 Apr 2010 16:00
On 29.4.10 9:03 , michael redman wrote:
> is there a way to do this?
>
> all the system encryption howtos i found leave /boot on the hard
> drive.
>
> if there is a way to do this, does it complicate the situation if the
> root device is unknown at the time we burn the readonly boot media?
> for example, i have an external usb hard drive that appears as /dev/
> sda when attached to a system that uses an ide internal drive (which
> shows up as /dev/hda) but appears as /dev/sdb when attached to a
> system that uses a sata internal drive (which takes /dev/sda for
> itself).
>
> i tried making a grub cd with a full /boot directory, but that did not
> work. grub booted fine and loaded the kernel and initrd but the
> kernel would not boot. either i did not know how to pass the kernel
> the right boot parameters, or something else was wrong.
>
> thanks in advance,
> michael

What happens when the kernel does not boot?
Does the kernel report anything on the console?

My guess is that the kernel starts on initrd, but the initrd setup
does not know how to pivot to the correct root.

--

Tauno Voipio
tauno voipio (at) iki fi

From: michael redman on 29 Apr 2010 19:03
> My guess is that the kernel starts on initrd, but the initrd setup
> does not know how to pivot to the correct root.

i think you are correct. i am using an intrd, and i notice that the
boot cd keeps "remembering" and looking for the partition on the
system where i made it. is there a way to configure an initrd to use
a partition specified at boot time?

i did some googling on configuring an initrd but did not find a
solution, although i admit i don't understand initrd's and the linux
boot process very well.

here is what i type/get booting my cd. here /dev/hda1 is a plain
unencrypted root partition of a straightforward debian installation.
i tried that way as a simplification after encrypted root did not
work.

(boot the cd and type "c" at the grub menu for the prompt)

grub> kernel /boot/vmlinuz-2.6.26-2-686 root=/dev/hda1 ro quiet
[Linux-bzImage, setup=0x3000, size=0x16ccf0]

grub> initrd /boot/initrd.img-2.6.26-2-686
[Linux-initrd @ 0x1f7ef000, 0x70095f bytes]

grub> boot

Decompressing Linux... Parsing ELF... done
Booting the kernel.
Loading, please wait...
Volume group "deskpro" not found
Enter passphrase to unlock the disk /dev/hda2 (hda2_crypt):


and that is where i am stuck.
From: michael redman on 30 Apr 2010 13:39
thanks for your help guys. while discussing this i did more googling
and learned a lot more about what the initrd file really is, etc.
this is becoming an ordinary comprehensible problem. de-mystified. i
may not have time to try this today but here is my next plan of
attack:

1. unzip an initrd file that already has the lvm2 and crypt stuff i
need, for example the one on the boot cd i made before.

2. kludge the init script to prompt stdin for lvm and crypto devices
to open and the name of the root device.

3. zip the filesystem back up into a new intrd file.

4. burn a cd like before with the new initrd in place of the old one.


cheers!
From: michael redman on 3 May 2010 18:06
SOLVED

YAY!!!!!!!!!!


there was nothing wrong with my first cd, i just didn't understand the
kernel options and the cd's behavior well enough.

the cd would boot a plain unencrypted system just fine if you make
enough errors at the cryptsetup password prompt to make the init
script finally give up.

it also boots encrypted roots just fine now that i got the syntax for
the kernel's "cryptopts" option. at the grub prompt i think i typed
something like "kernel /boot/vmlinuz-2.6.26-2-686 root=/dev/mapper/
sda2crypt cryptopts=target=sda2crypt,source=/dev/sda2,key=none ro
quiet"

poking through the contents of the initramfs helped me figure all this
out. i still have not figured out what to do about the possibility of
the device name for the root partition in /etc/fstab not matching the
one the kernel uses, but i have also not run into that problem yet
either.


so here's all ya gotta do (on debian anyway):

- do a clean install on a machine with a CD burner. make sure you
have cryptsetup, lvm2, whatever else you might need

- make a new directory and copy /boot into it.

- follow the rest of the instructions for making a bootable GRUB cd,
here: http://www.gnu.org/software/grub/manual/html_node/Making-a-GRUB-bootable-CD-ROM.html
 | 
Pages: 1
Prev: du showing more disk usage than df
Next: Ubuntu 10.4 network setup