Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Reiser4 encrypted root via device mapper successful
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
chadders
Tux's lil' helper
Tux's lil' helper


Joined: 21 Jan 2003
Posts: 113

PostPosted: Mon Oct 18, 2004 6:05 pm    Post subject: Reiser4 encrypted root via device mapper successful Reply with quote

Information for Reiser4 and encrypted root people:

Reiser4 encrypted root (and swap and everything else except /boot) via device-mapper looks solid. I have been running awhile with no problems. Performance for normal desktop stuff is about the same as unencrypted (as usual because of buffering). I/O heavy stuff (like cpio'ing an entire partition) is slower but not bad.

This was implemented by building an unencrypted system using mm-sources kernel 2.6.8.1-mm4 with reiser4 file systems for all except /boot, then building up a /boot partition that was able to run init=/bin/bash and the utilities and libraries needed to run cryptsetup, mount, and pivot_root. Once the encrypted reiser4 root was mounted somplace I pivot_root'd and exec'd the normal /sbin/init so that Gentoo initialization could continue. After I got all of the command line commands figured out I put them all in an /sbin/init script on /boot. It works great. (I haven't tried yet to make Grub work with a Reiser4 /boot filesystem).

There are some other posts in the Gentoo forums and other places that show how to build a /boot/sbin/init script that does a pivot_root so I don't think another howto is needed.

Adding other utilities and libraries (like cp, cat, df, chmod, dd, ls, mkdir, mknod, MAKEDEV, vi, fdisk, rm, ext2 and reiser4 utils, etc) to /boot is a good idea to help recover from stupid human breakages that always happens to me. Knoppix and the Gentoo LiveCD don't support Reiser4 yet so a recovery system in /boot or a reiser4 capable liveCD is needed.

The device-mapper method to encrypt whole filesystems (in my opinion) is lots better than using loop device based stuff (like loop-AES, cryptoloop, etc), because it does not corrupt journaled file systems that write out of sequence blocks like reiserfs, reiser4, XFS, JFS, etc.

I hope that Gentoo kernel people will merge reiser4 into the dev-kernel sources and build a reiser4 capable LiveCD soon. I think it's ready.

Chadders :D
Back to top
View user's profile Send private message
GenKreton
l33t
l33t


Joined: 20 Sep 2003
Posts: 828
Location: Cambridge, MA

PostPosted: Tue Oct 19, 2004 3:34 am    Post subject: Reply with quote

Is there a tut for device mapper somewhere for someone who has never encrypted their fs before? I certainly do not feel confident to use reiser4 yet either so something general would be cool.

I was looking to encrypt everything on my laptop and use my usb dongle to boot it since my bios supports that. Haven't had the gonads nor a comprehensive guide to do it yet; then again I also haven't researched to too much.
Back to top
View user's profile Send private message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2118
Location: Kentucky

PostPosted: Thu Oct 21, 2004 10:01 pm    Post subject: Sounds similar to what I want to do Reply with quote

I too am looking to boot from usb so that my entire /dev/hda drive can run thru cryptoloop. The idea is to use the usb flash stick as a "key" to boot the box, and then remove it after the box is up.

My problem right now is how to make a usb flash stick drive that I can boot from. Yes, my bios supports booting from usb, and by doing:
Code:
dd if=/dev/hda of=/dev/sda1 bs=1024 count=100000
I have been able to boot from the usb stick -- at least far enough to get the magic word "GRUB" on the screen, but then it dies. I cannot use grub itself to write the bootblock to the usb stick because it goes thru scsi emulation and shows up as /dev/sda1 when linux is booted, and inside grub I have to refer to it a "root (hd4,0)". I can then only do "setup (hd4,0)", and not "setup (hd4)". Also, if I do "mkfs.ext2 /dev/sda1" and tar my /boot partition over the the usb stick, then grub does not recognize the partition type -- obviously, since there is no partition.

So how does one create a bootable USB stick in the first place?

I also did a
Code:
dd if=/dev/fd0 of=/dev/sda1
to put an image of a dr.dos floppy on the stick, and it booted from the stick to read the boot sector, but then trried to read the floppy after that.

Anybody gotten a usb stick to boot anything yet?
Back to top
View user's profile Send private message
genstef
Retired Dev
Retired Dev


Joined: 13 Jun 2004
Posts: 668
Location: M/Bay/Germany

PostPosted: Fri Oct 22, 2004 1:06 pm    Post subject: Reply with quote

If you need a reiser4 capable livecd: kanotix.com
Back to top
View user's profile Send private message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2118
Location: Kentucky

PostPosted: Fri Oct 22, 2004 7:22 pm    Post subject: got it to boot last night Reply with quote

I was able to create a usb flash drive memory stick that booted last night. The problem seems to be that when I had tried before, I had already accessed my cd/dvd drive, which also uses scsi emulation. The problem is that both drives, being different physical devices, show up as partitions of the same psuedo-scsi drive. That is why I could not access /dev/sda do run fdisk to put a partition table on the usb stick.

When I rebooted and accessed /dev/sda before ever accessing the cd/dvd drive, then /dev/sda showed up as the raw device of the usb stick, and I was able to partition it and run grub on it to make it bootable.

Something probably should be done to the device mapper's scsi emulation so that it can distinguish seperate physical devices and map them to /dev/sda, /dev/sdb, etc., and not put them all so that they look like partitions of /dev/sda.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum