[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Loop-aes problem or bug

To: David <shadoweyez@xxxxxxxxx>
Subject: Re: Loop-aes problem or bug
From: Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 05 Sep 2005 16:27:26 +0300
Cc: linux-crypto@xxxxxxxxxxxx
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <431BBABC.8040506@gmail.com>
Sender: linux-crypto-bounce@xxxxxxxxxxxx

David wrote:
> loop-aes 3.0d with gentoo 2.6.12.5, (read the loop-aes readme, followed
> all directions) and used knoppix to do the actual encrypting commands.

On what root directory did you run the build-initrd.sh script?
Your about-to-be-encrypted-root or knoppix?

Last few lines of build-initrd.sh script is supposed to make sure that a
/initrd directory exists on your about-to-be-encrypted-root directory. If
you ran the script on knoppix, then that directory may be missing.

> When I enter the correct password I get the following message:
> 
> pivot_root() to new root failed.  Older kernels don't have pivot_root().

That error message can be caused by missing pivot_root() system call in
kernel or because your encrypted root does not have a /initrd directory.

When pivot_root() system call is run, it atomically moves old existing
ram-disk based root directory to some other directory and moves newly set up
encrypted directory to root directory. Old root directory can't just vanish
because a program (linuxrc) is running from it.

In your case, it appears that the directory where old ram-disk based root
directory is supposed to be "parked" is missing. Fix is to create that
missing directory.

> Please help

1)  Boot knoppix 3.9 or later. Knoppix 3.9 seems to have full support for
    mounting loop-AES-v3 encrypted file systems. You don't need any GUI for
    this, so run knoppix run level 2 will do.

        boot: knoppix 2

2)  Mount device where your rootkey.gpg file is.

        mkdir /mnt1
        mount -r -t ext2 /dev/hda1 /mnt1

3)  Mount your encrypted root.

        mkdir /mnt2
        mount -t ext2 /dev/hda2 /mnt2 -o loop=/dev/loop0,encryption=AES256,gpgkey=/mnt1/rootkey.gpg

4)  Create missing directory.

        umask 077
        mkdir /mnt2/initrd

5)  Clean up and reboot.

        umount /mnt2
        umount /mnt1
        shutdown -r now

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Loop-aes problem or bug
  - From: David

Prev by Date: links exchange
Next by Date: www.asilkan.org
Previous by thread: Loop-aes problem or bug
Next by thread: Re: Loop-aes problem or bug
Index(es):
- Date
- Thread