Re: Kubuntu 7.10 64bit

[Peter_22@xxxxxx]

Rudolf Deilmann <rudolf.deilmann@xxxxxxxxx> wrote:
> What error message exactly do you get?

Building the initial ramdisk with /etc/initramfs-tools/scripts/local-top/loopcrypt comprising:
[...]
PLAIN=$(cat "/upscript.gpg" | gpg --decrypt --no-tty --quiet \
--passphrase-fd 8 8<<<"$PASS")
[...]
the following message appears when booting:
"loopcrypt line 34 syntax error: redirection unexpected". Line 34 referred to this 8<<<"$PASS" allocation. In my oppinion this construction was somehow awkward and should not be used.

> the syntax is right: '<<<'.
> It only works with the bash (#/bin/bash), not with dash (#/bin/sh
> under Ubuntu) (you need bash in any case because of 'read -s')

Yes, I looked up for what the "-s" stands. My working version of loopcrypt starts with "#!/bin/bash" and uses your second suggestion:
[...]
PLAIN=$(echo "${PASS}" | gpg --no-tty --passphrase-fd 0 --quiet \
--decrypt /upscript.gpg)
[...]
This throws no error messages. Unfortunately early messages like "echo "Waiting for crypted root device..." " get overlapped with kernel messages from usb devices. So removing usb-related modules from the initial ramdisk is a plus here.

Just for the records, the following works:
Using Kubuntu 7.10 Gutsy Gibbon in its 64-bit version loop-aes:
- encrypts entire /root partition
- encrypts device-backed swap
- starts the machine from removable usb storage device
- does all above with/without partition tables erased

A word on "update-initramfs -v -c -k <KERNEL_VERSION>". The size of the initial ramdisk can be trimmed down from 8 to 4.5 MB by simply changing /etc/initramfs-tools/initramfs.conf from "MODULES=most" to "MODULES=list" and then adding only those modules in /etc/initramfs-tools/modules that are really needed. "lsmod" gives a good hint. Important are modules for mainboard chipset, ide/sata drives but not usb, sound, network or processor related modules.
Cutting away modules enables to start faster and see less kernelmessages.

For the stats:
generic ramdisk: 7.6 MB
ramdisk with loop+initscripts: 8.0 MB
optimized ramdisk: 4.5 MB
minimal ramdisk: 4.0 MB <- fails due to lack of modules for disk access!

Compared to the kernel re-compile approach it is less work to alter 3 scripts and get a ramdisk with working support for utf8 characters in passphrases. It should be taken into account that the larger ramdisk includes all libraries, keymaps and binaries allready. At a minimum, 8 MB of storage are required. USB 2.0 devices and fast flash memory are preferable for the larger ramdisk!

Kind regards,
Peter
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/