Re: GnuPG-key,loopAES encrypted root partition

[Jari Ruusu <jari.ruusu@pp.inet.fi>]

Robert Stark wrote:
> I read this list a few month and i had never problems with CryptoAPI or
> loopAES, but since two weeks I have one. I've installed loopAES
> successfully on Slackware8.0 with a 2.4.18 kernel. All setup's listed in
> loopAES README work fine. Only example5 don't work really for me.
> 
> If I boot an unencrypted partition, I can mount the other encrypted
> paritions with my userkey,GnuPG key. But when I encrypt also the root
> partition with the key's and try to restart then it don't work.
> 
> I get an error message after typing my passphrase of my GnuPG-key
> "unable to allocate memory". With an encrypted root partition only secured
> with a passphrase and some salt it work's great.

Short answer: Don't use GnuPG-key to encrypt root partition.

Long answer: When using GnuPG-key to losetup or mount a partition, losetup
and mount programs rely on presense of gpg program binary, /etc/passwd and
$HOME/.gnupg/* files. These will not be present in the super-small
/boot/initrd.gz created by running build-initrd.sh shell script. The "unable
to allocate memory" message is a result of losetup not being able to read
user's home directory from /etc/passwd using "getpwuid(getuid())".

GnuPG-key mount is intended to be used in multiuser mode only with all above
mentioned files present. I will update loop-AES' README and man pages to say
that.

Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/