Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Encrypted Root File System, Swap, etc...
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 6, 7, 8 ... 11, 12, 13  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
echto
Tux's lil' helper
Tux's lil' helper


Joined: 30 Jun 2002
Posts: 107

PostPosted: Sat Jun 21, 2003 3:50 pm    Post subject: Re: it just hangs Reply with quote

bryon wrote:
I dont know what I am doing wrong but once i get to the

Code:

patch -p1 <../util-linux-2.11y.diff

It just sits there and does nothing


What version of util-linux-2.11 are you using?
Back to top
View user's profile Send private message
bryon
Apprentice
Apprentice


Joined: 14 Feb 2003
Posts: 163

PostPosted: Sat Jun 21, 2003 4:10 pm    Post subject: versions Reply with quote

The versions of the programs are as follows
util-linux-2.11z.tar.gz
loop-AES-v1.7c.tar.gz
Back to top
View user's profile Send private message
echto
Tux's lil' helper
Tux's lil' helper


Joined: 30 Jun 2002
Posts: 107

PostPosted: Sun Jun 22, 2003 12:31 am    Post subject: Reply with quote

That is odd. Have you tried

emerge unmerge patch

and

emerge patch

yet?
Back to top
View user's profile Send private message
bryon
Apprentice
Apprentice


Joined: 14 Feb 2003
Posts: 163

PostPosted: Mon Jun 23, 2003 12:12 am    Post subject: missine CONFIG_BLK_DEV_RAM_SIZE=4096 Reply with quote

i cant seam to find "CONFIG_BLK_DEV_RAM_SIZE=4096" in the kernel .confign will that make a big diffrence?
I have looked through 2.4.19 and 2.4.21 < vanilla
Back to top
View user's profile Send private message
bryon
Apprentice
Apprentice


Joined: 14 Feb 2003
Posts: 163

PostPosted: Mon Jun 23, 2003 1:29 am    Post subject: hangs Reply with quote

I have all the other kernel options set properly other then the one that does not seam to be there(see above). But it still just sit at the same spot.

Code:

./util-linux-2.11z/getopt/getopt-test.tcsh
./util-linux-2.11z/getopt/getopt-parse.bash
./util-linux-2.11z/getopt/getopt-parse.tcsh
root@lappy loop-AES-v1.7c # patch -p1 util-linux-2.11z.diff



Please help i relly want to be able to encript the file system.
Back to top
View user's profile Send private message
esapersona
n00b
n00b


Joined: 17 May 2003
Posts: 16
Location: Perth, Western Australia

PostPosted: Mon Jun 23, 2003 8:39 am    Post subject: Re: hangs Reply with quote

bryon wrote:

root@lappy loop-AES-v1.7c # patch -p1 util-linux-2.11z.diff


You need to type
Code:
patch -p1 < util-linux-2.11z.diff


You're piping the patch into the patch program...So could even do this:
Code:
cat util-linux-2.11z.diff | patch -p1


Also, that config thing that you can't find is under 'Block Devices' and becomes available when you select <*> RAM disk support
Back to top
View user's profile Send private message
bryon
Apprentice
Apprentice


Joined: 14 Feb 2003
Posts: 163

PostPosted: Tue Jun 24, 2003 5:05 am    Post subject: my bad Reply with quote

Thanks for the help with the kernel config that will help out a lot. But the patch command was a stupid error on my part.
Back to top
View user's profile Send private message
bryon
Apprentice
Apprentice


Joined: 14 Feb 2003
Posts: 163

PostPosted: Tue Jun 24, 2003 5:05 pm    Post subject: missing? Reply with quote

I am sorry to bother everyone again but I got stuck again. For some reason it seams liek I am missing some files.

Code:

lappy mount # ls
loumount.c  loumount.c.rej  rmd160.c  rmd160.h  sha512.c  sha512.h
lappy mount # pwd
/usr/src/loop-AES-v1.7c/mount
lappy mount # install -m 4755 -o root mount umount /bin
install: cannot stat `mount': No such file or directory
install: cannot stat `umount': No such file or directory
lappy mount # install -m 755 losetup swapon /sbin
install: cannot stat `losetup': No such file or directory
install: cannot stat `swapon': No such file or directory
lappy mount #


I have the utll linux insted the loop-AES like I am supos to.
Back to top
View user's profile Send private message
esapersona
n00b
n00b


Joined: 17 May 2003
Posts: 16
Location: Perth, Western Australia

PostPosted: Wed Jun 25, 2003 3:03 am    Post subject: Re: missing? Reply with quote

bryon wrote:

lappy mount # pwd
/usr/src/loop-AES-v1.7c/mount
[/code]


That's strange....I don't have a mount directory in my loop-AES-v1.7c directory...

The directory that you do all the install stuff from is /usr/src/loop-AES-v1.7c/util-linux-2.11z/mount.

You need to untar the loop-AES-v1.7c.tar.bz2 file in the /usr/src directory and then untar the util-linux-2.11z.tar.bz2 file in the /usr/src/loop-AES-v1.7c/ directory...
G'luck :)
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Wed Jun 25, 2003 10:31 pm    Post subject: Reply with quote

Hi has anyone succeded in getting Non-root partitions automatically lo-setuped ,including echoing password to losetup before the checkfs routine.

It won't run before checkfs for some reason even though my script has the 'before checkfs' clause added. I tried lot's of other depend() setups but it just won't setup the loop devices at the point i'd want it to.

Ow well i'll keep trying.

Also is it possible to encrypt your root partition so that it will get fsck'ed at startup??? The last thing i want to know before commencing with root encryption.
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Thu Jun 26, 2003 11:06 am    Post subject: Reply with quote

HOWTO:

Description: Auto setup loop-devices previous to the checking of filesystems so your encrypted partition can get checked.

explanation:

/sbin/rc has a secret built in runlevel doing critical services. Since loop-AES needs to be run previous to checkfs we would think including the following would solve our problem. Or similar dependencies.

Code:

depend() {
    before checkfs
}


This is not the case. check out this /sbin/rc snippet

Code:

        # We do not want to break compadibility, so we do not fully integrate
        # these into /sbin/rc, but rather start them by hand ...
        for x in checkroot hostname modules loop-AES checkfs localmount
        do
                if ! start_critical_service "${x}"
                then
                        echo
                        eerror "One of more critical startup scripts failed to
                        eerror "Please correct this, and reboot ..."
                        echo; echo
                        /sbin/sulogin ${CONSOLE}
                        einfo "Unmounting filesystems"
                        /bin/mount -a -o remount,ro & >/dev/null
                        einfo "Rebooting"
                        /sbin/reboot -f
                fi
        done


you can see i added loop-AES in here before the checkfs. This allows me to execute the following script at startup before the fsck'ing and fstab gets mounted.

Code:

                                                                                 
depend() {
        # this function is useless due to /sbin/rc
        need checkroot modules
        before localmount
        after checkroot
}
                                                                               
start() {
                                                                                                                                                             
                ebegin "Setting up encryped loop devices"
                                                                               
                echo blahhhhhhh | losetup -p 0 -e AES256 /dev/loop4 /dev/hdb1 -C -S lalalallalala
                echo blahhhhh | losetup -p 0 -e AES256 /dev/loop5 /dev/hdb2 -C 100 -S lalalalalal
                                                                               
                eend $? "Failed to start encrypted loop devices!"

}
                                                                                 
# vim:ts=4


NOTE: fstab looks like this (see the 1's at the end of the loop devices this is so they get checked.

Code:

# /etc/fstab: static file system information.
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/fstab,v 1.10 2002/11/18 19:39:22 azarah Exp $
#
# noatime turns of atimes for increased performance (atimes normally aren't
# needed; notail increases performance of ReiserFS (at the expense of storage
# efficiency).  It's safe to drop the noatime options if you want and to
# switch between notail and tail freely.
                                                                                                                                       
# <fs>                  <mountpoint>    <type>          <opts>                  <dump/pass>
                                                                                                                                       
# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.
/dev/hda1               /boot           ext3            noauto,noatime          1 2
/dev/hda3               /               reiserfs        noatime                 0 1
                                                                                                                                       
# Encrypted swap
/dev/hda2               none            swap            sw,loop=/dev/loop6,encryption=AES256                    0 0
                                                                                                                                       
# Encrypted drives
/dev/loop4              /home           reiserfs        defaults,noatime        0 1
/dev/loop5              /home/common    reiserfs        defaults,noatime        0 1
                                                                                                                                       
/dev/cdroms/cdrom0      /mnt/cdrom      iso9660         noauto,ro               0 0
/dev/fd0                /mnt/floppy     minix           noauto                  0 0
proc                    /proc           proc            defaults                0 0
                                                                                                                                       
# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
# POSIX shared memory (shm_open, shm_unlink). Adding the following
# line to /etc/fstab should take care of this:
# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will use almost no
#  memory if not populated with files)
                                                                                                                                       
tmpfs                   /dev/shm        tmpfs           defaults                0 0
                                                                                                                                       



Modifications in short

* edit /sbin/rc and add loop-AES previous to any checkfs statement
* create your loop-AES script in /etc/init.d
* rc-update add loop-AES boot

voila!!!
Back to top
View user's profile Send private message
togge
n00b
n00b


Joined: 17 Mar 2003
Posts: 14

PostPosted: Mon Jun 30, 2003 6:44 am    Post subject: Reply with quote

I ran into some trubbles trying to compile the loop.o driver for 2.5.73-mm2

# make
cd /usr/src/linux && make SUBDIRS=/usr/src/loop-AES-v1.7d modules Q='@cd /usr/src/loop-AES-v1.7d && if [ "$@" = "/usr/src/loop-AES-v1.7d" ]; then make modules; fi && true '
make[1]: Entering directory `/usr/src/linux-2.5.73-mm2'
*** Warning: Overriding SUBDIRS on the command line can cause
*** inconsistencies
rm -f *.o *.orig *.rej *.mod.c patched-loop.[ch] test-file[1234]
rm -f patched-loop.[ch]
cp loop.c-2.5.patched patched-loop.c
cd /usr/src/linux-2.5.73-mm2 && gcc -D__KERNEL__ -Iinclude -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -pipe -mpreferred-stack-boundary=2 -march=pentium3 -Iinclude/asm-i386/mach-default -DMODULE -nostdinc -iwithprefix include -DKBUILD_BASENAME=patched_loop -DKBUILD_MODNAME=loop -DEXPORT_SYMTAB -c /usr/src/loop-AES-v1.7d/patched-loop.c -o /usr/src/loop-AES-v1.7d/patched-loop.o
/usr/src/loop-AES-v1.7d/patched-loop.c: In function `do_bio_filebacked':
/usr/src/loop-AES-v1.7d/patched-loop.c:602: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_make_request_real':
/usr/src/loop-AES-v1.7d/patched-loop.c:669: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_set_fd':
/usr/src/loop-AES-v1.7d/patched-loop.c:942: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_release_xfer':
/usr/src/loop-AES-v1.7d/patched-loop.c:1073: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c:1074: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c:1082: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_init_xfer':
/usr/src/loop-AES-v1.7d/patched-loop.c:1109: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_clr_fd':
/usr/src/loop-AES-v1.7d/patched-loop.c:1136: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_get_status':
/usr/src/loop-AES-v1.7d/patched-loop.c:1224: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_unregister_transfer':
/usr/src/loop-AES-v1.7d/patched-loop.c:1430: structure has no member named `lo_encrypt_type'
/usr/src/loop-AES-v1.7d/patched-loop.c:1434: structure has no member named `lo_encrypt_type'
make[2]: *** [patched-loop.o] Error 1
make[1]: *** [/usr/src/loop-AES-v1.7d] Error 2
make[1]: Leaving directory `/usr/src/linux-2.5.73-mm2'
make: *** [all] Error 2

Any idea why this happens ?
Maybe the kernel issnt supported ?

:cry:
Back to top
View user's profile Send private message
watersb
Apprentice
Apprentice


Joined: 04 Sep 2002
Posts: 297
Location: where the hell is Tesuque, New Mexico?

PostPosted: Tue Jul 01, 2003 9:32 am    Post subject: Reply with quote

togge wrote:
I ran into some trubbles trying to compile the loop.o driver for 2.5.73-mm2

[snip...errors...]

Any idea why this happens ?
Maybe the kernel issnt supported ?

:cry:


I have been working with the kerneli cryptoloop patches with 2.5.73, and they work fine. I thought that loop-AES also works, but I have not tested this so I don' t know what might be going wrong.

edit:
I am using loop-AES-v1.7d and patched util-linux HERE ==> patches to util-linux-2.11.z
/edit

These patches to util-linux work with BOTH loop-AES AND cryptoAPI -- I have tested with the CryptoAPI (kerneli) kernel patches... on 2.5.73 and it WORKS. I will try to put together an ebuild for this patched util-linux.

A patch HOWTO for the development-sources and mm-sources kernels may be desirable, but apparently, the cryptoapi (kerneli) patch will be incorporated into 2.5/2.6! -- which means that no other patch will be required! :D
Back to top
View user's profile Send private message
Q
Tux's lil' helper
Tux's lil' helper


Joined: 17 Apr 2002
Posts: 149
Location: Oxford, UK

PostPosted: Thu Jul 03, 2003 8:57 am    Post subject: Reply with quote

I have a 120 Gb root partition on a new disk. Everything seems to be fine. The dd command has been going for about 11 hours. I can see the disk access fine. It doesn't seem to have locked up but how long should the dd command take?
Back to top
View user's profile Send private message
chadders
Tux's lil' helper
Tux's lil' helper


Joined: 21 Jan 2003
Posts: 113

PostPosted: Thu Jul 03, 2003 5:45 pm    Post subject: Reply with quote

[quote="watersb"]
togge wrote:

I have been working with the kerneli cryptoloop patches with 2.5.73, and they work fine. I thought that loop-AES also works, but I have not tested this so I don' t know what might be going wrong.


I'm getting ready to reinstall everything. Watersb, do you like the kerneli cryptoloop patches better than loop-AES now? I don't want to rebuild again for awhile and I will try the 2.5 kernels and kerneli cryptoloop if everything works good for you.

Chad :D
Back to top
View user's profile Send private message
Q
Tux's lil' helper
Tux's lil' helper


Joined: 17 Apr 2002
Posts: 149
Location: Oxford, UK

PostPosted: Fri Jul 04, 2003 4:29 pm    Post subject: Reply with quote

Just a note on my experience with the original instructions in the thread.

The dd command took about 20hrs on a new 120Gb partition with P4 2.4 machine with plenty ram.

After the dd command the partition was not recognised as reiserfs (or anything else for that matter) so it could not be mounted.

While reading the loop-AES readme it mentioned that the disk cache should be off (anyone have experience of this?) which I didn't do prior to the dd and I guess its one contender for the reason that the partition seemed corrupted.

Well blatted the partition and reinstalled with out encryption. I would love to give this another go if anyone can point me in the right direction.

I want to know if disk cache needs to be off?
Was it corruption?
What could have caused to corruption?
Back to top
View user's profile Send private message
chadders
Tux's lil' helper
Tux's lil' helper


Joined: 21 Jan 2003
Posts: 113

PostPosted: Sat Jul 05, 2003 2:00 am    Post subject: Reply with quote

I had that problem before with AESPIPE. I dunno what I do wrong with AESPIPE but it never works for me. So when I encrypt my partition I boot from Knoppix CD, losetup the loop device for the type of encryption I want, then dd if=/dev/hdaN of=/dev/loop0 bs=64k conv=notrunc . That seems to work good for me always.

Oh, make sure that you DO NOT HAVE THE PARTION MOUNTED when you do the dd because if you do have it mounted then the unmount will write plain text meta data and your partition is wiped out. I found that out the hard way!

I never had to turn off disk caching.

Chad :D
Back to top
View user's profile Send private message
scrllock
Tux's lil' helper
Tux's lil' helper


Joined: 14 Oct 2002
Posts: 102

PostPosted: Sat Jul 05, 2003 8:11 am    Post subject: Reply with quote

just a note.. you might want to edit your original post to change conv=notrun to conv=notrunc... minor detail.

Many thanks to chadders and all of you who posted your experiences.. It probably wasn't the best idea to undertake setting this up at 5 in the morning after 2 days of no sleep... but that's when the dd finished... :lol:

edit: I'm finally booting off of my main system now again.. it's great.
Back to top
View user's profile Send private message
viperlin
Veteran
Veteran


Joined: 15 Apr 2003
Posts: 1317
Location: UK

PostPosted: Tue Jul 08, 2003 10:41 pm    Post subject: Reply with quote

after completing this first time i decided to do it on my main system.|
well when booting after with everything set up fine as far as i can see i get this at boot:

Code:

VFS: Mounted root (minix filesystem) readonly
mounted devfs on /dev
Freeing unused kernel memory: 144k freed
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
Command "/lib/insmod -o loop /lib/loop-2.4.20.o " returned error
flushing ide devices: hda hdb hdc hdd
System Halted.


/lib/insmod does NOT exist
/lib/loop-2.4.20.o does not exist
(i tryed symlinks but that didn't change a thing.)

any ideas, i'm stumped at where to begin.
Back to top
View user's profile Send private message
chadders
Tux's lil' helper
Tux's lil' helper


Joined: 21 Jan 2003
Posts: 113

PostPosted: Wed Jul 09, 2003 2:21 am    Post subject: Reply with quote

Did you have your /boot partition mounted when you ran the build-initrd.sh?

Chad :D
Back to top
View user's profile Send private message
viperlin
Veteran
Veteran


Joined: 15 Apr 2003
Posts: 1317
Location: UK

PostPosted: Wed Jul 09, 2003 2:40 am    Post subject: Reply with quote

yes
Back to top
View user's profile Send private message
viperlin
Veteran
Veteran


Joined: 15 Apr 2003
Posts: 1317
Location: UK

PostPosted: Wed Jul 09, 2003 1:31 pm    Post subject: Reply with quote

any other ideas coz i can't even boot to find out what the error is.
i'm pretty sure that it shouldn't be looking in /lib for them, insmod is in /sbin and the newly created loop.o is in /lib/modules/2.4.20/block/
and also both in /boot because of the build-initrd.sh script.

to double check i ran it i've mounted my root and boot partitions in the right place (/mnt/gentoo /mnt/gentoo/boot) and chrooted into it and re-ran build-initrd.sh.
still does the same error.
Back to top
View user's profile Send private message
krazo
Tux's lil' helper
Tux's lil' helper


Joined: 19 Oct 2002
Posts: 90

PostPosted: Wed Jul 09, 2003 2:12 pm    Post subject: Swsusp and encryption Reply with quote

Has anyone tried software suspend or even suspend to ram with encryption? How well does it work?
_________________
Hey--hey how are ya?
Back to top
View user's profile Send private message
lghman
Guru
Guru


Joined: 29 Nov 2002
Posts: 548
Location: Florida

PostPosted: Fri Jul 11, 2003 2:41 pm    Post subject: Reply with quote

This is the second time I have tried this and I keep getting the same response , this is right after the dd part:
Code:
root@tty1[/]# mount /dev/hda3 /mnt/gentoo -t xfs
XFS: bad magic number
XFS: SB validate failed
mount: wrong fs type, bad option, bad superblock on /dev/hda3
            or too many mounted file systems

I tried this before a few days ago using REISERFS and figured that it was just that. Guess not? I can get around this error by mounting /dev/loop0, but it still dosent work at boot time.
--sonik
_________________
"What a distressing contrast there is between the radiant intelligence of a child and the feeble mentality of the average adult" --Freud
Back to top
View user's profile Send private message
Wilhelm
Tux's lil' helper
Tux's lil' helper


Joined: 27 May 2003
Posts: 149

PostPosted: Sun Jul 13, 2003 10:41 pm    Post subject: Reply with quote

viperlin wrote:
after completing this first time i decided to do it on my main system.|
well when booting after with everything set up fine as far as i can see i get this at boot:

Code:

VFS: Mounted root (minix filesystem) readonly
mounted devfs on /dev
Freeing unused kernel memory: 144k freed
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
Command "/lib/insmod -o loop /lib/loop-2.4.20.o " returned error
flushing ide devices: hda hdb hdc hdd
System Halted.


/lib/insmod does NOT exist
/lib/loop-2.4.20.o does not exist
(i tryed symlinks but that didn't change a thing.)

any ideas, i'm stumped at where to begin.


I'm having a similar problem with my encrypted root partition.

It doesn't ask for my password nor does it load loop-{bla}.o
It can't find /lib
It halts (or panics if i disable /build_{blah}.sh DEVPIVOT and DEVFS)

I'm sure that all files needed are on the /boot partition.


Do i need to run grub or something because in most documents they tell you to run lilo?


Help!!


Last edited by Wilhelm on Sun Jul 13, 2003 11:18 pm; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 6, 7, 8 ... 11, 12, 13  Next
Page 7 of 13

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum