From linux-crypto-bounce@nl.linux.org Sat Aug 04 10:23:58 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IHEvP-0007CZ-E3; Sat, 04 Aug 2007 10:23:51 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 04 Aug 2007 10:23:11 +0200 (CEST) Received: from kuber.nabble.com ([216.139.236.158]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IHEuV-0007BV-BC for linux-crypto@nl.linux.org; Sat, 04 Aug 2007 10:22:55 +0200 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1IHEuP-0003Jo-6G for linux-crypto@nl.linux.org; Sat, 04 Aug 2007 01:22:49 -0700 Message-ID: <11990880.post@talk.nabble.com> Date: Sat, 4 Aug 2007 01:22:49 -0700 (PDT) From: Beverly To: linux-crypto@nl.linux.org Subject: PAIN FREE MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_23818_12600931.1186215769130" X-Nabble-From: bjcody@webtv.net Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bjcody@webtv.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto ------=_Part_23818_12600931.1186215769130 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit http://tinyurl.com/9s5hu http://tinyurl.com/9s5hu Pain Free Video I got my life back -- View this message in context: http://www.nabble.com/PAIN-FREE-tf4214774.html#a11990880 Sent from the Linux Crypto mailing list archive at Nabble.com. ------=_Part_23818_12600931.1186215769130 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit http://tinyurl.com/9s5huPain Free Video I got my life back
View this message in context: PAIN FREE
Sent from the Linux Crypto mailing list archive at Nabble.com.
------=_Part_23818_12600931.1186215769130-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Aug 04 16:13:49 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IHKO0-0005Ql-32; Sat, 04 Aug 2007 16:13:44 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 04 Aug 2007 16:13:17 +0200 (CEST) Received: from web2405.mail.tnz.yahoo.co.jp ([203.216.226.121]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1IHKNF-0005LA-RC for linux-crypto@nl.linux.org; Sat, 04 Aug 2007 16:12:58 +0200 Received: (qmail 14324 invoked by uid 60001); 4 Aug 2007 14:05:01 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=yj20050223; d=yahoo.co.jp; h=Message-ID:Received:X-RocketDSI:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=C20Nte1CY7SvIS0T+Zz7MvCWn/MgKKhTqimRcMnV1Pq+DFNFVgNwBb/MPsfu/b//U//uOCVHK4PjDkvuwbM64aaezquB/UKb5TZjdZRYw/woMYsfJQzzh1tIEHYYK9mX ; Message-ID: <20070804140501.14322.qmail@web2405.mail.tnz.yahoo.co.jp> Received: from [196.201.89.108] by web2405.mail.tnz.yahoo.co.jp via HTTP; Sat, 04 Aug 2007 23:05:01 JST X-RocketDSI: i=203.216.226.121;s=w Date: Sat, 4 Aug 2007 23:05:01 +0900 (JST) From: From Engineer Ibrahim Wahala Reply-To: ibrci@yahoo.fr Subject: Fund transfer, To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-441207073-1186236301=:13392" Received-SPF: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,HTML_50_60, HTML_MESSAGE autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bm12820032003@yahoo.co.jp Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --0-441207073-1186236301=:13392 Content-Type: text/plain; charset=iso-2022-jp 新しいメールアドレスをお知らせします新しいメールアドレス: bm12820032003@yahoo.co.jp Fund transfer, This is Engineer Ibrahim Wahala from Ivory Coast and I need your assistance in the immediate transfer of USD $ 2.2 Million Dollars. I want you to reply with your direct phone number for talks or Call me on +225 0630 7426. I am waiting for your reply. - From Engineer Ibrahim Wahala --0-441207073-1186236301=:13392 Content-Type: text/html; charset=iso-2022-jp
新しいメールアドレスをお知らせします
新しいメールアドレス: bm12820032003@yahoo.co.jp

Fund transfer,


This is Engineer Ibrahim Wahala from Ivory Coast and I need your assistance

in the immediate transfer of USD $ 2.2 Million Dollars. I want you to reply

with your direct phone number for talks or Call me on +225 0630 7426. I am

waiting for your reply.

- From Engineer Ibrahim Wahala
--0-441207073-1186236301=:13392-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Aug 05 22:38:52 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IHms9-0005QK-Hv; Sun, 05 Aug 2007 22:38:45 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 05 Aug 2007 22:38:03 +0200 (CEST) Received: from mu-out-0910.google.com ([209.85.134.190]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IHmrI-0005Po-Qw for linux-crypto@nl.linux.org; Sun, 05 Aug 2007 22:37:52 +0200 Received: by mu-out-0910.google.com with SMTP id i10so1825373mue for ; Sun, 05 Aug 2007 13:37:49 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=JnBw5jhbLzrqIhkjq493ej+MgBKh9mWjAjrzBuK0aGHy1fdD5+qVaxv86Dk442eQYwvjbj+X0tgGDFxIpqK4+4WK/6Yj92rf58t95BdM33XBNrmqorcf470t/rTbLZGPn16meAYhWBjcPPDcSzQQ0EFJNjPPGFl/6CXGZ9uDUMI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=FSrx2dl4IgvUNVSov8uMAnD6cOP4Sgaotol6PzRzVQYwpVDSMZkXE9h5mxRbK4PWHV9zbYUT3rIZ9UUJgK+Cfp/kWkt4iUno3ZgjxZf/3/jpIYdDpdhA9gTxb48GPiozYTso37L5UkdS0bU04UCApfxyCRUZN6CHaGpsDc8oVFk= Received: by 10.78.146.11 with SMTP id t11mr1295538hud.1186346269390; Sun, 05 Aug 2007 13:37:49 -0700 (PDT) Received: by 10.78.192.4 with HTTP; Sun, 5 Aug 2007 13:37:49 -0700 (PDT) Message-ID: Date: Sun, 5 Aug 2007 23:37:49 +0300 From: "Jan Klod" To: linux-crypto@nl.linux.org Subject: initramfs and loop-aes MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_114820_20234803.1186346269368" Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: janklodvan@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto ------=_Part_114820_20234803.1186346269368 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hallo, I have a question about loop-aes readme by Jari: is it assumed there that no initramfs is used when booting kernel (before loop-aes setup, that use initrd.gz)? If so, how to deal with those initramfs images necessary to boot? As I can't make it work, I am reading about how to create initramfs to modprobe loop and losetup root file system... (How about losetup and mount run time dependencies?) I would advise to all those who try this to work with two equal partitions or two hard drives, because it's possible that root encryption fails and then if one has only created backup of some information not OS, he might become really upset! Jan ------=_Part_114820_20234803.1186346269368 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hallo,

I have a question about loop-aes readme by Jari: is it assumed there that no initramfs is used when booting kernel (before loop-aes setup, that use initrd.gz)?
If so, how to deal with those initramfs images necessary to boot?
As I can't make it work, I am reading about how to create initramfs to modprobe loop and losetup root file system... (How about losetup and mount run time dependencies?)

I would advise to all those who try this to work with two equal partitions or two hard drives, because it's possible that root encryption fails and then if one has only created backup of some information not OS, he might become really upset!

Jan
------=_Part_114820_20234803.1186346269368-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Aug 05 23:03:53 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IHnGR-0006g2-DT; Sun, 05 Aug 2007 23:03:51 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 05 Aug 2007 23:03:37 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1IHnG1-0006bQ-Vu for linux-crypto@nl.linux.org; Sun, 05 Aug 2007 23:03:26 +0200 Received: (qmail 18861 invoked by uid 0); 5 Aug 2007 21:01:35 -0000 Received: from 84.175.4.102 by www071.gmx.net with HTTP; Sun, 05 Aug 2007 23:01:35 +0200 (CEST) Cc: linux-crypto@nl.linux.org Content-Type: text/plain; charset="us-ascii" Date: Sun, 05 Aug 2007 23:01:35 +0200 From: Peter_22@gmx.de In-Reply-To: Message-ID: <20070805210135.145930@gmx.net> MIME-Version: 1.0 References: Subject: Re: initramfs and loop-aes To: "Jan Klod" X-Authenticated: #5663700 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 X-Provags-ID: V01U2FsdGVkX19nlCI9milnoHFsLnQ2eiTnWf4igM+gV4Txr7W9nK jdh1nfAoVBpHpW9i7IIIXkGaBryC0GNFQSfQ== Content-Transfer-Encoding: 7bit X-GMX-UID: yV7eCzpYbHIhQKZTbzQ0OX4iJihyapDD Received-SPF: X-Spam-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto "Jan Klod" wrote: > I have a question about loop-aes readme by Jari: is it assumed there that > no > initramfs is used when booting kernel (before loop-aes setup, that use > initrd.gz)? Root encryption requires a kernel which can boot the system *without* an initial ramdisk. This means you have to assure support for things like ext2/3, IDE or SATA and such is built into the kernel. Most linux distros ship with kernels failing to meet this requirement so you will therefore have to recompile them from source. To see if a kernel is suitable simply omit the initial ramdisk in your bootloader configuration. > If so, how to deal with those initramfs images necessary to boot? Common linux distros like SuSE, Ubuntu... create an initial ramdisk as part of their installation routine. This has to be done since the same kernel image is used for a wider variety of computers. For root encryption you have to assure that every single of theses drivers gets built into your kernel because this initial ramdisk will not be at hand any longer! > As I can't make it work, I am reading about how to create initramfs to > modprobe loop and losetup root file system... (How about losetup and mount > run time dependencies?) Loop-aes comes with a script called built-initrd.sh which takes care of everything concerning your new initial ramdisk. Configure the script in an editor properly, run it, an you will receive a working initial ramdisk just for your system. In case you change partitions or drives you will have to adapt & re-run this script. In case you have more questions just ask. You are free to provide configuration files giving others the opportunity to take a closer look at your discomforts. Kind regards, Peter -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Aug 06 13:04:09 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1II0NV-0006ps-Rk; Mon, 06 Aug 2007 13:04:01 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 06 Aug 2007 13:03:24 +0200 (CEST) Received: from ug-out-1314.google.com ([66.249.92.172]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1II0Mb-0006oB-U0 for linux-crypto@nl.linux.org; Mon, 06 Aug 2007 13:03:05 +0200 Received: by ug-out-1314.google.com with SMTP id u40so643341ugc for ; Mon, 06 Aug 2007 04:03:03 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=pRFT9bUyJlZ7kfRRL4UQW2bj7UMCa2WVdgePMIrqFecihhgxz+ICFTlGCzCpKMbl1ezJT8/J9iQifbX/2ffVtJ2C6UyvXtAz54Yr4E/jmSCycgVv3O4uTONwbsLE1ws/+NiAuFNRepZJoh5enxdtFs19GGKs52KOYi5S7Uy47FE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=nkz7hsacPWxG/pmKHXvPoi3lGfKHnex52ahYoaNfZ90Z4+DJqsNUJMgumZqG+qvNTfkilPwyzdGtp6jL0F1Zmm57+v+xGGxr+xpBqXYZsgI+sCwzIMCJQgdwdlrwQD9wIfykc/brLWcxa2I3QqYgZlcyBFeSSQDQYgPH9XfN3Cg= Received: by 10.78.138.14 with SMTP id l14mr1425579hud.1186398182983; Mon, 06 Aug 2007 04:03:02 -0700 (PDT) Received: by 10.78.192.4 with HTTP; Mon, 6 Aug 2007 04:03:02 -0700 (PDT) Message-ID: Date: Mon, 6 Aug 2007 14:03:02 +0300 From: "Jan Klod" To: linux-crypto@nl.linux.org Subject: Re: initramfs and loop-aes In-Reply-To: <20070805210135.145930@gmx.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_121157_15334682.1186398182907" References: <20070805210135.145930@gmx.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: janklodvan@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto ------=_Part_121157_15334682.1186398182907 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline >To see if a kernel is suitable simply omit the initial ramdisk in your bootloader configuration. Thank you, this helped! I just had to change my grub.conf like this: title=test root (hd0,4) kernel /boot/kernel- genkernel-x86-2.6.20-suspend2-r6 root=/dev/sda5 #root=/dev/ram0 init=/linuxrc ramdisk=4096 real_root=/dev/sda5 resume2=swap:/dev/sda6 doscsi #initrd /boot/initramfs-genkernel-x86-2.6.20-suspend2-r6 It seams strange that root encryption failed anyway. I used my own way to finish encrypted root setup: 1. when booted from livecd, I copied all my genoo filesystem (ext3) to another partition on same disk, to convert to reiserfs and test if that works - it worked O.K. 2. booted my ext3 system and changed all necessary things for root encryption in reiserfs partition. (I changed DESTINATIONROOT=/mnt/sda5 in build-initrd.sh) 3. created bootable USB. 4. set up encrypted partiton in my second hard drive and copied files from prepared reiserfs partition on first hdd. (I could do this, using dd command even faster than copying separate files, but that came across my mind later) Could this make any problem? I'm happy that I can boot my kernel without initramfs now, but, as I am planning to use hibernation, I would like to know if I can avoid initramfs then (for example following Alon Bar-Lev's how-to)? PS: it took me almost one month to build correctly configured kernel!! There are really many possible options and I had to read a lot especially because I didn't knew much about kernel and hardware... Also, I didn't wanted to include anything unnecessary in my kernel. ------=_Part_121157_15334682.1186398182907 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline >To see if a kernel is suitable simply omit the initial ramdisk in your bootloader configuration.
Thank you, this helped! I just had to change my grub.conf like this:

title=test
root (hd0,4)
kernel /boot/kernel- genkernel-x86-2.6.20-suspend2
-r6 root=/dev/sda5
#root=/dev/ram0 init=/linuxrc ramdisk=4096 real_root=/dev/sda5 resume2=swap:/dev/sda6 doscsi
#initrd /boot/initramfs-genkernel-x86-2.6.20-suspend2-r6

It seams strange that root encryption failed anyway.
I used my own way to finish encrypted root setup:

    1.  when booted from livecd, I copied all my genoo filesystem (ext3) to another partition on same disk, to convert to reiserfs and test if that works - it worked O.K.
    2.  booted my ext3 system and changed all necessary things for root encryption in reiserfs partition. (I changed DESTINATIONROOT=/mnt/sda5 in build-initrd.sh)
    3.  created bootable USB.
    4.  set up encrypted partiton in my second hard drive and copied files from prepared reiserfs partition on first hdd. (I could do this, using dd command even faster than copying separate files, but that came across my mind later)

Could this make any problem?

I'm happy that I can boot my kernel without initramfs now, but, as I am planning to use hibernation, I would like to know if I can avoid initramfs then (for example following Alon Bar-Lev's how-to)?

PS: it took me almost one month to build correctly configured kernel!! There are really many possible options and I had to read a lot especially because I didn't knew much about kernel and hardware... Also, I didn't wanted to include anything unnecessary in my kernel.
------=_Part_121157_15334682.1186398182907-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Aug 06 21:33:05 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1II8Jx-0008H7-NW; Mon, 06 Aug 2007 21:32:53 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 06 Aug 2007 21:32:22 +0200 (CEST) Received: from ug-out-1314.google.com ([66.249.92.168]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1II8Ib-0008FX-KK for linux-crypto@nl.linux.org; Mon, 06 Aug 2007 21:31:29 +0200 Received: by ug-out-1314.google.com with SMTP id u40so720807ugc for ; Mon, 06 Aug 2007 12:31:29 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Y9yFukGdllW0SHHF92tWjcYfRqeuzVusyJGOJa17ATcWiy7ZPhoyKDcgkf/W97LKoQfK3K7azlcffQNl5qF3e/dJM5zkxz2etQTqlODmlcA3uTUz4eq59TiEwVDtluh1cr2As9Pa7ZmZUgqWQJtQrue29g/znyPDAZgJneIKhy4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=quL6i+ZdR+veXy/P2u2nbLtRqclOzsmAt5p+B3hJgTjXEw3hVdJxI3qFLGU/9EV1dGcpzVRVAB06x6SL9xUM+HtMy5mTcZZYFkaUeMcN/PXOLSNcwZnsIs1Tu/+kYvVZzcqr5b6oCZ8MGXm+6EzYKizWvPCGPNSIidcIXWXQjlM= Received: by 10.78.153.17 with SMTP id a17mr1528314hue.1186428276005; Mon, 06 Aug 2007 12:24:36 -0700 (PDT) Received: by 10.78.192.4 with HTTP; Mon, 6 Aug 2007 12:24:35 -0700 (PDT) Message-ID: Date: Mon, 6 Aug 2007 22:24:35 +0300 From: "Jan Klod" To: linux-crypto@nl.linux.org Subject: Re: initramfs and loop-aes In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_127925_7734952.1186428275952" References: <20070805210135.145930@gmx.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: janklodvan@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto ------=_Part_127925_7734952.1186428275952 Content-Type: multipart/alternative; boundary="----=_Part_127926_11473483.1186428275952" ------=_Part_127926_11473483.1186428275952 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline After repeating loop-aes setup I'm sure, that it should work, but it doesn't. I'll give you all configurations: I'm using gentoo with suspend2-sources kernel v. 2.6.20, compiled loop-AES v3.2a, dietlibc 0.30, util-linux 2.12r. When booting from USB flashdrive, kernel boots ok until this: RAMDISK: Compressed image found at block 0 Replacing swsusp. No storage allocator is currently active. Rechecking weather we can use one. Compression Driver: Argh! Nothing follows me in the pipeline! Compressor didn't initialise okay. Suspend2: Initialise modules failed! VFS: Mounted root (minix filesystem) readonly. Mounting /dev/sdc as /lib failed md: stopping all md devices. . . System halted. . . (follow some suspend2 related messages) Note that equal output comes if there is no encrypted root (I switch my sata drives sata1,sata2 <-> sda, sdb). No password is asked. --configurations-- syslinux.cfg: default linux timeout 0 prompt 0 label linux kernel vmlinuz append initrd=initrd.gz root=100 init=/linuxrc rootfstype=minix build-initrd.sh : USEDEVFS=0 USEPIVOT=1 BOOTDEV=/dev/sdc BOOTTYPE=vfat CRYPTROOT=/dev/sda1 ROOTTYPE=reiserfs CIPHERTYPE=AES128 LOINIT="-I 0" USEGPGKEY=1 GPGKEYFILE=keyfile EXTERNALGPGFILES=0 EXTERNALGPGDEV=/dev/fd0 EXTERNALGPGTYPE=ext2 USEMODULE=1 INITRDONLY=0 SOURCEROOT= DESTINATIONROOT= DESTINATIONPREFIX=/boot INITRDGZNAME=initrd.gz ROOTLOOPINDEX=5 TEMPLOOPINDEX=7 LOOPMODPARAMS="" UTF8KEYBMODE=0 LOADNATIONALKEYB=0 INITIALDELAY=0 MOUNTDELAY=0 TOOLSPROMPT=0 USEROOTSETUP=0 USEDIETLIBC=1 initrd.conf: BOOTDEV=/dev/sdc # partitionless USB-stick device BOOTTYPE=vfat CRYPTROOT=/dev/sda1 ROOTTYPE=reiserfs CIPHERTYPE=AES128 LOADNATIONALKEYB=0 INITIALDELAY=0 /etc/fstab: /dev/sda2 none swap sw,loop=/dev/loop6, encryption=AES128 0 0 /dev/loop5 / reiserfs defaults 0 1 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0 USB flashdisk directory: modules-2.6.20-suspend2-r6 ---> loop.ko aespipe gpg initrd.conf initrd.gz insmod ld-linux.so.2 ldlinux.sys libc.so.6 libz.so.1 keyfile losetup syslinux.cfg System.map-2.6.20-suspend2-r6 vmlinuz kernel configuration is in attachment. I would really appreciate some help! ------=_Part_127926_11473483.1186428275952 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline After repeating loop-aes setup I'm sure, that it should work, but it doesn't. I'll give you all configurations:

I'm using gentoo with suspend2-sources kernel v. 2.6.20, compiled loop-AES v3.2a, dietlibc 0.30, util-linux 2.12r.
When booting from USB flashdrive, kernel boots ok until this:

RAMDISK: Compressed image found at block 0
Replacing swsusp.
No storage allocator is currently active. Rechecking weather we can use one.
Compression Driver: Argh! Nothing follows me in the pipeline!
Compressor didn't initialise okay.
Suspend2: Initialise modules failed!
VFS: Mounted root (minix filesystem) readonly.
Mounting /dev/sdc as /lib failed
md: stopping all md devices.
.
.
System halted.
.
.
(follow some suspend2 related messages)
Note that equal output comes if there is no encrypted root (I switch my sata drives sata1,sata2 <-> sda, sdb). No password is asked.


--configurations--

syslinux.cfg:
default linux
timeout 0
prompt 0
label linux
kernel vmlinuz
append initrd=initrd.gz root=100 init=/linuxrc rootfstype=minix


build-initrd.sh :
USEDEVFS=0
USEPIVOT=1
BOOTDEV=/dev/sdc
BOOTTYPE=vfat
CRYPTROOT=/dev/sda1
ROOTTYPE=reiserfs
CIPHERTYPE=AES128
LOINIT="-I 0"
USEGPGKEY=1
GPGKEYFILE=keyfile
EXTERNALGPGFILES=0
EXTERNALGPGDEV=/dev/fd0
EXTERNALGPGTYPE=ext2
USEMODULE=1
INITRDONLY=0
SOURCEROOT=
DESTINATIONROOT=
DESTINATIONPREFIX=/boot
INITRDGZNAME=initrd.gz
ROOTLOOPINDEX=5
TEMPLOOPINDEX=7
LOOPMODPARAMS=""
UTF8KEYBMODE=0
LOADNATIONALKEYB=0
INITIALDELAY=0
MOUNTDELAY=0
TOOLSPROMPT=0
USEROOTSETUP=0
USEDIETLIBC=1

initrd.conf:
BOOTDEV=/dev/sdc            # partitionless USB-stick device
BOOTTYPE=vfat
CRYPTROOT=/dev/sda1
ROOTTYPE=reiserfs
CIPHERTYPE=AES128
LOADNATIONALKEYB=0
INITIALDELAY=0

/etc/fstab:
/dev/sda2    none            swap     sw,loop=/dev/loop6, encryption=AES128 0 0
/dev/loop5    /         reiserfs defaults      0 1
none            /proc         proc     defaults        0 0
none            /dev/shm      tmpfs    defaults        0 0


USB flashdisk directory:
modules-2.6.20-suspend2-r6 ---> loop.ko
aespipe
gpg
initrd.conf
initrd.gz
insmod
ld-linux.so.2
ldlinux.sys
libc.so.6
libz.so.1
keyfile
losetup
syslinux.cfg
System.map-2.6.20-suspend2-r6
vmlinuz

kernel configuration is in attachment.
I would really appreciate some help!
------=_Part_127926_11473483.1186428275952-- ------=_Part_127925_7734952.1186428275952 Content-Type: application/x-bzip2; name=config-suspend2.bz2 Content-Transfer-Encoding: base64 X-Attachment-Id: f_f51codr8 Content-Disposition: attachment; filename="config-suspend2.bz2" QlpoOTFBWSZTWfXqhLEADMnfgGgQXOf//z////C////wYDWcAAAAHvX3d59AAFfdNiA+gtt7Wz0A B3rxvuctlvc43XOKAAAI95e94Dz1ZoNdd2HpR4S9lCtBXp2wGOwBUTQUZltB2YDr3GAKGzAe2vYA 3rt72eaVVDTe29ml2NesqpV99669zh717cd031Id2g1MICaYgAQIhNNJqaaNHqPKNMymZQMgDTQm gEAgk9KeppkkeUemoBkAANAADTTRAhNTSe1T1T8qeptE9JhDQAyGg00eoAAJNJIhMQmE1J5TagaD RoAAAA9TQ0NAxISaT01PRoaBqano0xMKeTJlMjINMg0NBoJEQJoEAgRGo0yUeSND1ADQAAAd35Wf P83vRo2jeymIiqqTG+fTCaENMqXKDlmNQrFGtUqSrtYFRQUmNYaSo3Ml+aHd1Juw9WofLT5v66+F 09kUv3ngujo0cXasH5Uqobe/M2aiyc5IAUoZzrlioorD/WsOj2G2tS6cLVPf76a2uzHdp8XgEwH1 XtfO1ymkqCkXGVy0FMMoTEmLmY5cwosKlo0aWLgiuWW0mNYpjWKKKCzERKiJBVFRAVZiVMQzLVZZ llEWLUDEkW4W4Y2n1tBrQmsyrVosaKxaJTPPWiKTTpkqW2KFykHMmCzMMuRTHGVWALItRZXLSQLS iNLRYYNMsrKwlF+hquaTEigsgFYGJWGMMZMQCsiySmVEUnBmDAjqgCwAUlYCow1vSmOYXLbQHWXJ WKXGxZMtlYYhWQCtZKwqYhFhWLRbRSY5AkUJA80qmnUtQtMZhLTBcFbVzEzBYCr6NYckKx3q3azd hjjRDhqxYjqlUQ1GrWrJSrL8Wq5NRRFFoyocspiMVW2xFE1asmX26vPa7UqtNUzMwcTMmLbcWlpF rFhauVRpu1B1phMtttrKFYBSsMtxLq1mJdNxKOZhla5cmYhiNK4YwFkETFy0YpXmmJrVllqtuMrC 5XlrTG2YYFRdZRyqjKy1sed09NF4ayOSm9zLW4NclbcYoK2jwZYOpW01bEZbmYpi4qWjmJBaWZgt cStQxxkigQyBmsPM13rs2QOOA6alW2/X2Mztt/lg27P65Y7YzL8hBfx4XWnEPsRwNTT3qYhgAzBm kU4K9n7jvvYekTiBRMxPBJO4pJHYICt5IyumqMBOu/ib5qVEJV0brsNZ99h9+sJcMuxs5dmr+HEM bs8O3P6f3KBl6MPsVzIHD0s7E5ooidUnROSddU/enY8vkp8/K3584x3vXQbjYVOR25Pgsw9W9xbg 4sQ5YIXPcvprlJUp5m3gk/WfnfXx2/PrhODO6OTfSdvnoD/3q8W65upLRxdi5NdnF909+JQzg1b5 w6g045dfH6fx7/y9/Lwg261+7rgfk1t32l/L9OmXosZahDrWJf4/WeeZV5/d255wNFm1/2W/P80n PKLsoijsrqTgp6YQnH6XBs22NyTmYdQsgg/bO11NtHU3ha9t4vua4oV1KtSELnGHQRf3l+9rowY3 CmuZ6aQrhJKnwWO3EodbiktU320F76ZkgfTCiPjc9+XUZlB15Eo2wNxrLlX8xbnVzmS0NnE3D7+h +C6PbXJHwnDWC4pS4sS2/Sd/GENt0GpdWx0G5Y54P5XHfV96c0tP7/FqObuy49Z6W2fWA2wo3Rse m46QyrsaNXqDsfxeTkNyE5zThaE+cc1x0zGii9+lGxqZlmRFC6HPa9VaHFyj3WsvY8OGQMsNX9sE 8pdbuiI2DXtdrHKu2PGpYvq3PXC1VUgQ10x/v4jo+EL5x1VRMomYotMRel7nboU8Ky7/nm2Xv55q e1vCCWMfSE53mR0Uy1l6Sxta9yZHdM+WTyppPe+ujoeKNxid+cEAbsepOnwbaN8vn+j3ukEJCTdO sa1rlUQjGD0V97slb7aaQrbHqjUbU/ZrZcBxbTtjCB+zn2T0lXTjy1zVHRFpnT1hhhE+Yqtd1xDz HeT57twOw2jqpi8t+cXZu0+GXwR0tNAuRbYYvXzjFtH5zn4iJIQXONk1m7jxWLYO3xu3yMqlwme2 UsZjtdcuGl3PGk04jzC/nLjDnPG1u+NBhGMyOiLi26m8XzpCjPCsK+mzK8dY7z+N21dlRV1reT0z O/qU7vJuJ6rX2x493SGGERsjVzobXNlzlbXaUsJpeUnNhrDy/XjG5ByF2zFo5/tw2a9VOnW7sxs7 fH/H1fbuJJBBMN8jQ3dk+qEfhdQOzXGWQ07cYZmYMGa8D2Tn6MKifzru/bFenvricETKzOGlkvSv od+n1PdJZjml+QvLpC8iB4gggkEfeXwufFgAXaVdAy4m1h/U1G99qihuPPS7iLHBXHvE/lOfN3+2 dHXi3r1YY9YjjfP9pJ9c+cPs9v6d8wPcfD8UBkPO5jYlT8CROCMTMoVJBJ+p+uxgTV6uT6z+BxLP hYxalz33FLQAi+MlWXaS4KcUu8MDJqXw4GxERKcu7EuRNk9efJ4BZiBQCl0/zyFa59LgZq9oGh1d xY0MWQ3tRrjliz4/wX7sJ0jOn7jp4s15V/y1SjiDjOzxtkYh/1nXf7vhzs/4/z/ongQVrbbx2oCZ l9X4jV+xw0G+jgGqYdqbx3/hYevyXBfykdeZkzPSof3g3ON33iHdpF6h5Rjzv7bQ91mV23iyZiOm Y0cBpL3Ltx4QeBdDDHbv/r93WZXOcPjY3ibGW6IiGMlwz39nXQvxpp2a28ekoNDuxnVdu71u+ftv cUXs6/4SmP8I+l8URnAF4wx4ggYSHYZ8Q7Lwz29HAN11Ide9hN93NjJY+JPjuL8MQ2TOCImlEamo 9b5eyCFXCgGBBBDQl4730272SPGOvWGZLcoyeUbyxn8B/bL/meeCpdo5L20Sp3lGr9UciM94/AY9 V7v1Id6k4XmzJBaSBpirBdGvEA4GLosUDlsIhf7tUpAF3+CBfGklRWYZlwQv8GIVHmVLlA0G79S6 0wgk9ljwhgbu7lVtXY9upNwi8oBdoAIWNd20i6DL2c5tsrb6vyQaUyzVyuA4UnHflepVoaK2uELn Yte8oCKsWKpw09ipTeHDX1UpUzI2HybfyjuV/Gc+Ei3XfpXE3NPAyFuNC9WGx5SuapLYnfHoebQ3 Weq1tHqN2c3xIR4xTw5UrN4tU9EJ4ve3BNJLj5IR98YqHPneq3tLyiDrtkJdvM3wPH/7EnjnX2r6 s3HvEfTLSa0pOGA2A2irHgAVApKEAsqAoOKfd6bHdZ/YetHz6m3D9fhZjzcUOKmzgtnoc8YI9d7I ypa/WoMIc4uHCjNTpA7Qia/CjUiRgya6/Z7hLr1SjCx5G8wfuprWnST/HpvKaxkfkE8HXYx3PrcP nI2C1xyevnTCXs5L/NZISQbUsW5De0nezPwH1AMwrG1vpLPz2j57A0wa4YjSJv1SrdRq7Cc4uudY oERoCmFmrwsIA+F9eXIelLsDblv1L6NvKOCVANvbwyW523vkva9c2Cq3Ll0MM2JoLZmjvvFIVLPc sFamDaPZyewqa1qvw04PCSyGb/zssvj7/ElzhSqtIsnULTdRB8STP2zbM90PSqGZ4attMrM0LyVX pT9ULotzIfpeX2XUvz+i677tES2ZDUlVWIfR4NlJFepYK2znd2uQ8GpAmxRFdFzzanMDolUQRoxx 52a7bKDpzgsITkOcnSxy4WsnIeKXab9sum7rm0F2pjwohSsDqouLusIS5V9nJi8fK9zc23w2RvJp 1W1oG6dZYPt1rlLDU8O3FR2KtvFq1HUX6nG/JZ0PmA6zSOzueMivtcfMT7nz0+nv88PXOE/DCjhs 2etXlrGBNsN1dJp+C5l0UHjOGa0K+ad++HFwbVQnSZC7a68wo18x1a/IPIowbpbe+6+3q7cpO7Fl 5hbOeAfxur/D8/UXguJHCnTcFOZmYpbsUjNu3TUdz3nGXeHe1kvlRt5bd55RdShHX1ndO+MVe1m7 fD3zG0JrpDAlzMwjZp2epOPR+cFatX+m8FpQ4rhtBq5zipsW2SykC7NuJuDrnzUljdLGUnecEAjL S4JPxpbv0361fK7l1pHk09eNV40RSxZarRYyebt7CPTUc8RpY/kwmjDumgcrf7FW2rcYriCcc2fb Gaib1tMYSd0keQuZWYyJME5iCWqK+trhjZWVRo/Dp+OH+5Uaz6AFEIojjC2A+HS5UZggzlWOtP+j 29ygXlUeBF/08T+39MyAvNYw0Q2vd6L+Nzmwewx9ovwU9i1a1SCKF4F7XIFL96xqPe+ZNPYvBXhZ 0iKSR9fECRQBtUNEjyCzSQIZhGabHuaHQoywpCSPGld/F2Zkb2qrSU9257cmjnEQJpgVhadDx2xA w6PaxGWREjrptlnN/Sq6jJ5FjPjdHZA0mYzRmEUnJM9p6ZGkoUgESlO8obZUHyBAHcpBxslq4O9+ RLCtob1IG0Ni3ky+Ye4xeo6JvZAbaOI4Fg1nycd5ORneA29tZAK6z4XfS3m4bwc6r2d6WyiTDEdW UKBicakZsATir2z2E44aMNRv5jOgQKhWC1rKi1UERiqJv18mBD19/dMLpYiHdU06sH8VglcumYKp pBi5c+O3lWA6hjaVH6QiiE0utWHVeXvq1HXb3ochu3Z+XLB5dJ3zEXbyodR1wdsgvTV0kFm9lA9i AJkEhSg7Ae5JAcBHPb366x8s5rj1XzPCJ+HHZsRonyutMXitwHuh6EzSRleEbzwBH0Zer3yZeCUR wivhmHhr3n3kr+lJ1iNWSKrQfuJAEbDZ1I9XS260ftgkgM6d81JGER95A8YIxBD9mCITgRDy7rxe U6d1IsWIijIxdJC9tLg2KMrKRYIiiMPJL3UKrqlkgLFgCjcyGAow/J5yfb5/Gej4515l+pe/xt99 k2yNoJ945vpH9fxh9IXimtwE8CViBLfYHsbDD2sL2W2hK5ljGObaSnbq8Wgj9FmD9pRsoyq6mk3W LyQKo5MY2QPITgZC4RIhHrs0L3EIMSkUkFvcnwaFCmqXUhPf7B3RZlq+bEPyY1O41LO1ClEx05xX WhV8q81wMn+fK2Rcz1/PbFHtcvTMo/WNBEuO6TDr2ynNDocpx6IUFqW1tsLUSoLKktsUtbKqHUDw Yqcjvw477+WtG3dnFkQRUp39p1crRlyzBGRwtiloi+WB2aFijqMkU30lb1LEOJ0aSH8Xxe9oeXE5 Ya7r22n7vWRYxEFFFFQWCkWKsREEVYIqpBGMYwRBjAUEVRkVRVVFVICixUYsVWKiiKogLARURFFg jEFgoKQUVBWKJEWAqogxGKsFBYqRjIqrFAURBWCiiIwYpBgKqsYoorEVVEGCgskSKIgosRioyKSL BWICDAFgqIoqrAFkFVgioqjFWJEYxV9looKMiMFVRZGDEUijFFiIsBRFAWCyCirBQUILEQVSLBIq MWKKAKIkFWKuNVFAggoxGCCiiIiigijtQsFAEYgxEFVUYRiBBYKERFRkFJFkIrGCxRGIySCkBQEG CwFIIqLFYiqgoRFBRIgiIoqwUVYkFFIrEWSIyLFkikgrFAYIgIqAosBVYiIqCRUWCIoRYLEYpFDI eCQ9T1TqzRp46V5qtz7ZJnJPe4VGkiSkm7QSHltVlHy7BkbW8pCIaS7FBCBz2l7FcSSyHlnE2hks JIH5YRm+JF1Mzr9YKUHBAsOENpDEjakC0boqgDN9zbsxAoIdrO4CoctHuZKWKTqqu52cOX3T8Sia EADQBaKfeykWlr0tp/LtztKzp7O/fGbsv5JxOx6vWgNe0+C7r3IpyUyMnABvcMNyLN4yBeImz81L TEgrXTNxeNTUEq9ptmHy3MRFuA/DsjgUBvIGEEi1qjpzuAeHPjwrLO9y677X1ceBsYdYxV3kDxQk r0sCki6jEgKjBKEkTCZ4oqTQlxp+uh3pp9WlGrSD9mICWAxoDxnYY02DGG1/r0VwVhY3fxvQk1Lx ApusDEtanExziBjmLLcvXGl1INtHhUitqmG20Or9zgg98wwwaQGbFQu+BnVpHvODagsPvsUndn4i OAaMIf5a0pzVMNmHFcyd8wlOkCIf1PWUL6tCRy1dmWNqldJq0ppSaY3lHdoyYCAs8NBDMGIlh7tK j7oAPxsC9SzRnXESgQudloct8pVPUYW3qdaUFqemo79eejSsZYmh7jmEvuMcGtJfhQJINT7xPG+l 4nKULG6sqmhNbB62CvKaZVb6B6bGl8Gc6xGBvsKiQ7ig3ppb1PkjDQBzm67NMNKowERBn2l822oH pNpRkGkOJ4P5KkHMh9UL2ABdrnBToVZ6Q8Rjng8WyEqpnvCUaBZjdtwM+AGBYND6g1KUzRiO0h3k PnfFacYDCiJojp+v1PbcCou7YmphbkwJOJLwmVEmMaS8Um/SVA8HjiYIa6hFphwIgILVCirTyFrE kMslE0HQXx4QoHsDKJBanhnLJSBbFqZSgMFvfTUwQi/aTQ3gErHhwIT05mMcZ9nUuh30xzGGaRHH PaN9qnHz5z15cX31rXQbsysZm8+JpsFt6TKAWEgoKEtdVf3IoY73h6I88WKVKvWfkmlIWvqLsQu+ nmuvTO7YN0phTY7sVkJkMWaHJy4XZQYAl8BO8rLnrmZRhoOT0R5ZzxiQbQBcjtGhQOXkmECwiMgp GPKlBGQEedKLJ5Q4cgGuhzICRVGeZiMteT+2jRIl7wEOqFskgolLjuziHCmQ8NUQIWMyTs8J71Wg WBMusT5dAPNICQjXD0raChZEB1WL15sOv3chbW9RvgXP1avxvv2+YzV9/x7SeHUbBtH1GzEcNNg2 kL5dWfhmzsREn0VMTWtGFk8iQAhOrw2+w2JL7RXmFNlXC/c1ewakTj6r/MqrJpyoaMP726enaovz BawgPfMFsQfLD5p0tRBi8C17QraQJ5GmC++EQmuvm6gxuvyr4wpWjs8LyZjIg8g5SEEClOk6KgY7 kH3lEJHU61RYLNUYI5jxIeGI/MPw1OGUZy4TJcM/TX9ZRwxv9WW9R4qe1Yz8QxHVggbNoehHscdS 8s1FgEOZaqwyk6G97mhnt3MCnvARVfj2hJHJYtZuDqV8gFRJUHDUm3lgnLTkv9sW7FSqmGdniSXI 24XbSQYjfxOI3iuKkWprRPFkAUaFLIaSEGXI0MaQxgExCQqEhFABSBIsAJUgVgLIdbQEQgCkgQ82 SQrAkFgopJICwJIjFUAnuSQkKwgHsJ2aEWPcdAwophhZeh2JctaWBHfpCXN+eRvdwqVWGD/OKSgI Gddwkmn670VBsg5JV2SPLDtZKGeYK5jxLB1wqSxBp9Ng9E0aURWSbixhvqHBJWLWARLoniGkCQSR LnntEd0o8T6rJ55eomHr5t7Q8lbvBG/bUVNqBykk2IpO3tQUvwOi1xrq4acF+lPyoZk6VzENXtFT pMoqcpCGcSmdC0Tp3YYMUwCRKxipzfkDOzwnzLGEcYZ65DjJTINrdLWxVFcFDeqbRUah8nCNGPMn R9zXaGhYLCSgFFWSRNWetKNW7YslHTp89K/jBsrY22M1B1R1dBZPlrpeNpU+bghCGwSECMeh7M+N vZGAySvOlJiHQaEGYMunQYxMDdMnUSp1jmku45QLsU0rzMzVHt4mEQMhR7c602o82ienNd8wEjgT 6EkLsxK7DVpGfeFAM39raP6WsMb2ZxevKcpN5iGMKICsHO8GC7FWMYxjZVy12OH6iDNQDcptOqLf F6C8upiItCpBC87wIRlpF3rVx33XohbWqirnXc5RXpCWt/dxEBgtCKTQWQxZFhL9CSJM8LqcRte1 +mxCc1i3FH1xj31AGVttgm0tEhWsFg7FTZrT4IeGPYrSgdK8JN0i0rMUleH7MCB7ajVWNLWPa2GB uzDFmyGJ26yuBS+ZsMVi0EscYhTLCGmRBWfAFb7nTwbkwbCT8SNYcaF5haEIeTqCy3tlWIIq7Y5G ZEFCwWt9TDtr4JlNMdGC0Hi1R81JRXswIiNT3ofi0FLFpj6iauNE5gBBDgccT37zpXhkdsXkRYmC NmHuWoVQTydJr3byH+dcbC91AHuHHZGsuXNDIQdIujBDrWZ4mR3fFwBxmKjop1DbLceTd2+8Ev50 5RkOkuAsaUdxxwada7EcuQu9jSI8QQHp8t+k4GMq7w11V68RqKYFXXNBdG/qpjqbc2uTFR2XItmS 0uPG3BRn5mctT5CvtJ+WC05+rx0Dfj3Lm+/UmRaYdOtYLsBAzTapb4ZR0Ljir2czQRxRp8E8eYVj W9tlVD3hufGxJu1r8EG7sb5e5T4mLLXnmKdsXrVtJDGJMB7nCEDSMMF2FpPvOpFL94olrrAQ0DBQ AkAKbEcEOUoiVD205u+xpURPzHSTi3ws2NRZXCnej3mvX3aAF+a27dDD/IMnZlVCbkZKYvGe44gH bfn23q5rZVsu0YABIvrbxdg5AZLKZjOupPXt0wb0367CzZiyRVkFijxvJ2SdRUZtNtO1zXV2PbrC 03Kk8NQiihOgMISONmacKNrFg6Is+jkMT9RExrolhioQR+uZOrqu+PLOfFUfvHddIH1vIcPDDXij JGbQrYjw7sTcwo/SQn3ojLSWT97iDRQNPl4YjbSvvpLbzF6KCtw8DOjLcVCdDEdrxXp3sqBuewaT Yp6tT9dCDVQd/zgoIbS9DCniITdte3f57SFYr9PRldR9mecwbplpgiwaVAoW7mmKmB51jTNZebTL XUeLW8o/JoNCdbCLM/R+nzEDvDisRMDUsIdqRqz1W0nQxSUDdyopKex5VRwUSq6mg1m+xskN+V2x NYM2bhEHYAhsyElISKtRDvaCWN/k2l0KzPyYSDSdfVtJIQcXlSBKyCgLFhsyQqsQYbSQAhKVIkCM O/LOZy7KswuqtEN7lfTUN4zdCsRNoENlyA2B3aPD1XSnkSoQwvOupC0ZZ1lBRIFOSU/vFJdWpYos JNllSgSHSbTCoSFSzVXT1z+L4vEDa8suvFpI8gCNkCPPuR5pyWCEuRQh3XwS0DjicyfzxhC02Jwa Mh+Oxo2bdgLVrU+9hzWhAMPEyvTSVClCAPZ++6cwwhJDCPcmRZN+xKH14xqs/CxZtLjgSsG/Jnfa o8Qk0FF+bWw+v7vvTsDXEdY7k0N4DZiqqPvY0jBJ2iLcwETAssraAbG3svXbvvDQIBC79+kmjQVH u15USR4uwgrjccDXWeuugdMGu5wo5sNKlE4KPhKbHlkNuGJd+yKjaNn06d9eKeQxe5skC3EtmvC4 Lvco4oVJ7tHcOKFwIRcrrv39wzquIppIW6UhDM7Lk1GZEvnVI1Ozjzg6BBQ0ivr2PbiHir8Dly5N 9GGatFFe7WjRqN8S6yirNLXGxlcyMtqiMaSlvsDnrw2x5ecnnJRDOOG++7MW6owdbHqO03uq8v7N yUQC/b22aoNguy0ehz5kN+K22edOGVkJIO4b4hoMyQiA0nSzvyWE9jOaSBtL39OmvR3Webed6PrZ aXySv4hWaE3i1JVTBCiIS51PyOlOXCE2WkK03Ces0X2BvWrl3SgiuWA74cyLMQRlRhk1vRBM9g1w S0htXaUFQ7aTLMlxzIvBDUYiHEt1Hgkhpsabu0s4ICL0lPp4cGmTATSIzcFOhfKk9kVSNqUSuWMF kcp2eWlFIQDavNifWYnWIjV90pMuMEVQ2E21KtJBSS89YI3Iaq1yCGaILtupvZOeqh3it1m1amKQ 0eOOib7o2rYEsA1CGqLuAkYK57BmefY0Hi7NkkDcGFCKV7lQ54KDIi43nUqQPGGLA3WrirdyNHCo O8b6PgP0kLiSfBAqQBkq6oGZdtRCd2JrXeBKX1uJfM7tGq+0WVIuNXiEdoIxWduhmyl88Iilwe+v y03Igm1ul6pauzAd12aJuVZwO30zfFL9LhkHQRcecwFpiuGWmLUwbsu4jclpRAgv9UECwwWDompJ FFZQ3N2KbzgU18K+jtfDSgGfhxMUtvNE9E9yoVSYNtOqvpnS8RtkkDgYEOKf1KaPNTW1auj9NBNH 34+qkcsb3YyrRehB2k6DLOoWCHhxLsAsJDgmyLNDBhQBUzOHKZa00O/tznNy/mFBMVSEZVCYa4fu DAlhHUwwM4Yv7NVbLa2oRTxIZcGGY7Eui3I9AzY1xUWtmm0ptbMXbDvRnnQDF3zeXvRj2eVV8EKL +baN555BczGSPPKG4oNAiwoAKRYWR3cy4HAw2YMt2EGwhTDhbusEM1IXnECbqy9MpT6rQtsq2Gc6 U2jWUTrHbkX8Xr2XV7Uj2Yg5fDKFywB0oQ2NniIBIDmD0r8Uinge79toGm3doDXONSvyWXyv/XJe QoJQwSGw3UwvTD76Wnu2zriKHYquk8x2jrf2JjIRCD5IRCKKni7dAQqrQUAhQ3bfzKyw1GQ7Hw+V WA0LBAnJBDL0J3Suwo+XtXQxP8oCjl653CFrQS2A+YNRAbNIWJbGZhqH7yhafx/hX9u1r3g+7A1G kIWatCqz3oJoGQdZSBSvm1aSreFYISTPlo6O5kINs5JoNaPjUKHYmlJcpuIWki6F1VHzp1MO1FYK OSmE1VBo6ppF2o5ZviSgAS2UfMm9HBgrCRYr7yktOCCIg+XV6M/Nr30IK9I+mkbGexiBPEfU+pgS IqMhkDkKzEhswD1JCtBteOYKIUjMTIiGWztXrmyL3QTgISoDo/VEQqCNYD2+zEjr0t0zjmzrTzvu jhgb/EAaC3Sh73BCyOOFW0unsr3EI87bknz+TBA6IjILvdVQCuBa+GMeZ6nXeas7d5jidomVM3Yr rrF3mbO2rrVJtdIDjvA78jezTdApKqu6nrVMrsi1uiTJDEQVAIikhFWFAEnpTUp3I+NK1SEOGIou DFCngtTeDUb7OPlyO7r60iTxjWj6Cw0X1/LWs1mPUtEuKNe0hRiFrUOd8WCiHLRkAN5yo62KrsO3 w+1f5V3qu1RhvPMElFsG8WB2tB0Z8Nc6FJplYarMyNoJwvq0Kp6ANQkkhe8bzm2pAY4JYdvG9sik auNIPiH5Cw198/xpt41ZkYllG7I5ukgsofxCO9qnJiNsh05bSBs62eGCgO4k66YYTET4COjSD5aj AD46tJnmrAycANqdZwwQQ5fu6UFJnRV2VBWltygcGBbvppYe1Pu0ifyxG5WoYaWWuRu9jtKXa2Lh i4EXWdgpbZk0RAICnMMUEk2YZxekbcMq288mzIHqdHMl08E4DNrbys5GqHf5gUL9uBoJeF7yU5x3 X7icb072O8LWw0cI0ho2KNJHRjuPWUoGIbQUvxeeKxwS6/IU047zuXEQQkc+HakOVGAs/30Oc/++ 2HMaJshLcnet3ak9A9yUe1jQ8i7/nbaY8EG3sChqshVoSFIwStoB4lGKc1VGoDSmmgA/FL9NNG0t LBAV8pO9fNxBzaDnn102tJqlVrbTRBVHkuGoXc0vJFKrmESWOsq9OmOIxXF1GhHRqjEcNYzDE6tC XJ1xNMwKveNnZiLleZSkZoKjEcNUaSS6ozzpp8Uygod8Toxrp4fikYh66TqqnyroGIs2klFEhRl0 mLJi8MQ1nCr+iJiqvo7A2rP2FYWccD7Wyy9fb+qvIS77SYqG33PLE4RP5Dw5J88XW8/VTwcvSy0A CD7ZL9eM7GRDFcuzyk0BSmD5BG/w7WYE72Gc29XYw3cwlQlEjAlOUPGe2epa7vVw0QaiL66XpdJk CsdGMSaGlGqhMIV7YPz4Fag+0rpYErrcdCjIRsIaFiHjlErqSlqs0dV2qc+VikfmMHkq9dVwkI6R zXBxEIw0yVBw16fQRKTLWbeii52VgTBA2AyRigfUKCXAFiz5cqnPbc8XCnaEz8ppUzJzhomjxm1g ZINMBflCJIXzL5qNJc9uyI7oAksBPQkVfctJBOb7e+PXREkCeMYED2IFuw6rXKa5rlwC9NPfw6Gh os6CotrSZu8kAyCOIIGNhw9K8T9lpnPYzbjXpzQB6Y3eBuvVpAU2N4MBUMkNqxHMCY3WhQkSjYNu eXdkVl3btVwgQA6Lw2zDguClmVLGNN2FTPZYwJ3+jikKdXXSvNlZRjWvUp+WcLT6hGf10wa9jdSk XPR6divIlGoRB3l6Lcxv3VVRfOeD5xcP4GfFu1+fGVv1XUeyYPHEyYYVZlpIOx5+GHjZtuKl2/NO nDu4fvJZUHt2HXnE+pjdoxcPUnl5tv7Z0UZPghQEFyNC2eGcd+k58wYKw4ONL2BFWkLpECIbaG0B Oojba0r33ZBtToMKEzWMs/mQCWTXqxxik7lzIrNQJeTiUVhNBlcaasA2AF84q2FRFkLYGOp6jh6D XX1FRiEUDQlqHPXhnIpREG+h32dMEBEHjWsdpwJy6DHHjbuH42pQUIqUyR1BkyL9d7ETKYZR4ebK ELRM0NgsC6TvbcnOyJlroQVERDMzpzeTgztC3MGUufA5eu9e4qAKgo9rfK8vAylAK8fn19/TiiVF CGzcwE+33896jU8LhF4z1lMMMgkFEXp4tpAVnlrL9Q1SPOa5Z26wEtHRoyxJS0Fd944iidMzvN3r iKqKi4lBfbtwwBTmZ7U5NVJIEDni+sw9zmiiZCAKN72wyiW8J8Lvi/tGtKDC/EAGJpP2hRp0c/Yp RpXa1aSCH1tBGvMQEVd5M9IDP0Vrul5AGHhVGL1hzdr8cQLAs1BHZWyq2Et1YNvyxO3xMNBF7swP UuKyllZ4eryoouqiAgsowU3Ka1FHccNhldmCVv2y4llVfocrR4279d7qibY2mhpoYwZnbc21Mzvb omcmY12YWKIL3wDtkyGL3YVoqdDM3Qh0U6lB6K+w29si+VQTQNZwtkDhBzGK0qsC5kZFwuwdtrea 64ZrCOrOO+k9jMdHhquYSSr7KEkl06buYy2Tujx78VRRixFFURWHu8PPcCHLvVjXjZoNlgPxTL7F OdZ15kJ8W0vCYWOBbSdtX7Vdrsi1jrmeizoug3tQYqJx0yY6o+3SnJzxFOrQQiAZhS5kyg9hNeiN 2VALoXWuJS2BWNr+FkOCHtf0ddL+bY6Zjlh1eWNs5zbMWjCV+1bXoIbDyeHfu4ran25lewquXyVK acLHE76fXG0WrQAr5HiH4qctDGZuooYyX88gEoRM6YM8LBuxWvtsgUMoC0LjQezS4jnglJATe4NZ XGyTEDBhoObbBkWFGOHaS6aacHFhK+vv0ur7baTFdE0BA9pBJbc680CL6G2+ttfaOiN9ZswQuc6S wQ2A2KWoSscsTxEg6Fac18y3pZNKb76SFJ77FjLmfiQDkTjm+pFVDv1zMap5kQhcfkR5dWreYVGt XTEycbTGHiQGnGz2ru9qXCJftW7+qb0FCMLjpacwEEiNNvDUlWvQ0rbq+WcOLQusZPB7A0xsKkvu +ul3S5UJaiuo3py8gJUGKuMGvdjztmc0HHxl3xdmGT2fYG5t0JxSVl1utxGcKqvUD1am8u/WSF0y lDGpq0hrYfdxc3JBdWkCTYufjnfHXTnGCOGZ1XFOelS8CyWJHi/VQuOKCUxTzlgERt9r7SqRUoNa NPjngusMhK5Cm8Y11JnTXWiQstC370oq9Ol66MJJmZgYpOOxMiAb8r444pHuArDb3bt/cPE1fPt3 iSw4fp+3LJlg/JqK1WsND9s9yB8ogh768ct4+xqhu08S4HPH5VMbgewv0HCM+oD+IYr7tiBZ0ybL I2f/EHIYFSLyrpuRhuWXLi39CDFVL+mIHX2uxPEqzgEgA95pAQSltipjp+hp2oXvcIZp/wuFa2X1 eC4Po4Y0ySCWu8IOqeQAza9EmTAfeQAHmSF6iunvIMlqyJsjIO/+HlkPmFYnb6KJQFeG371j/Qzs Qq+W/ZNqNZAgZMIEkMYS4a35wH1Xwp9j43l2/z97BSgfUkz34GgvvHIxPciM8NKgfKTbCuw9kDNa WqY+wPIYsGcmXAdei1/66bndlv4kzDjChfC9Scxn+tnhd9NmZYNtjbezDD19ENC2fyzfpCMGzjMB lJIQlhauOvf9gllGEei5/UrgmxDTG/z/fwu69zUFC4COHI3aBauHAxst+0R/ANWXeJvW1Yxu6SEN YkmkyaIF0ALYe8OTmfVlrmJVotLjRlfkvkABn59jVpffohHJww85JILDq8WdOnmtFn348aSHlqrU yrYbWxQJADOiEiBFaic1PPhz20rolAAJBPQRKNIV4+6d847a+lCkIB25zy4JBHSnrr52mkTMeCEI MK5BBKuw6x1+a/wrsxwcvuSrW4zNJKoB2U83g01tJfANbNalv6yl7EWI1DC44zT/mJWGgQk/6GTP YgtLqPJqVOHV2pK+GqYqJSNFWiIFiMS2DZDTpTzcuFgsisrpW4LWqS/piM1h6/yw0SSCCYy8kVGk IVQOT3sGCY3acHJS+JDtyT0BFSKD5v1+Kb/nmtK/ufTIv7NFV1AS5QG/6ZuHkNEJCZU8gJyF7Fjq E1lLhoFeAq2muZCYhzEEiEBuaelJEkggm1KIbbh5AH3+c2uYXnpWhRM+QYq0QzIdMIDjffv4SA1b Gq1ndJB/C+A8hsNaknlZ0YVGgVF4Up9rfvzRk+p7Pxee3cQ+PhJYhxebaHT5Gt0vDPxvGCp+36tp sTbZKVGZhK/175+0m1kE4kIL2pyOGs0/F9XlDz3qC+6/AuX6fZcIxXwfVmsu5xMXEbpxt0aWyq3+ 3D3apXuAEhJm/MVp0YRSV/mrCSQhLu+/fNdsnYZwVpTBYtbbYehH3AmK1ugD7/VpYgFqIBiQkIs0 JII21NVSHTr+NpubYAEhKS7NFSNJnLMXvW1MAcB2zouoaasM/zUxjJeNdcuqFZ3N0AnDNgGkP9KL adlNXZUzSwkPvdE/isNBf6eRbMZ9Bqx2RcD/TCBj1DFRLXNiv1WLyBSSARQISBFkIoi/OA/gtP20 0+VjGPH0fv7r4+DtCA4tFEAYt3ZYTjyxvJw96h4d4+GcBN3ZJppOBIJINM9nKMcSTrz2Wx45njkw oBKX/i7kinChIevVCWI= ------=_Part_127925_7734952.1186428275952-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Aug 06 21:45:19 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1II8Vu-0000VZ-KT; Mon, 06 Aug 2007 21:45:14 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 06 Aug 2007 21:45:04 +0200 (CEST) Received: from fk-out-0910.google.com ([209.85.128.187]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1II8Va-0000Tr-1V for linux-crypto@nl.linux.org; Mon, 06 Aug 2007 21:44:54 +0200 Received: by fk-out-0910.google.com with SMTP id 19so2672484fkr for ; Mon, 06 Aug 2007 12:44:49 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=twMcWL29wlSAsSIFetRANY5RBkjpbZcWKthNpnkq9r0JMDtdTf8w6qw99s6crTZ5kz5JZdT4e72qZKBWPN3y/sOzXwMpnxEjUzgejq8yXhSAcUm6PIjWmfGUZ20D5oJCe5Rgxtikug5rRt33rSvk5vsRHu85QWAz0rGT3TyFgRc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=q8+yJOXTqylaXHn6SACdoaqypvBc6ziyCF0CSLKErg/cEQPkXHGJJ6xt6Fu/3QKTF/S3iHatCRy8qmWAfdnn72X1UFY+vJvGO5Q2nNonSxd3q6ihFTU9wf5dF203D1OTYsAgwApQ4yDhlhFUpeJDGpj6d5hzxPcpuxK9upyZpdE= Received: by 10.82.108.9 with SMTP id g9mr6031063buc.1186429098426; Mon, 06 Aug 2007 12:38:18 -0700 (PDT) Received: by 10.82.163.6 with HTTP; Mon, 6 Aug 2007 12:38:18 -0700 (PDT) Message-ID: <9e0cf0bf0708061238h46faef58ld26837ead973a42a@mail.gmail.com> Date: Mon, 6 Aug 2007 22:38:18 +0300 From: "Alon Bar-Lev" To: "Jan Klod" Subject: Re: initramfs and loop-aes Cc: linux-crypto@nl.linux.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070805210135.145930@gmx.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: alon.barlev@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto On 8/6/07, Jan Klod wrote: > After repeating loop-aes setup I'm sure, that it should work, but it > doesn't. I'll give you all configurations: Please review the following, maybe it will help you: http://wiki.tuxonice.net/EncryptedSwapAndRoot Best Regards, Alon Bar-Lev. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Aug 06 22:58:44 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1II9ew-00022u-0H; Mon, 06 Aug 2007 22:58:38 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Mon, 06 Aug 2007 22:58:03 +0200 (CEST) Received: from mail.gmx.net ([213.165.64.20]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1II9eA-0001xb-Pp for linux-crypto@nl.linux.org; Mon, 06 Aug 2007 22:57:50 +0200 Received: (qmail 9618 invoked by uid 0); 6 Aug 2007 20:55:59 -0000 Received: from 84.175.5.143 by www044.gmx.net with HTTP; Mon, 06 Aug 2007 22:55:59 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" Date: Mon, 06 Aug 2007 22:55:59 +0200 From: Peter_22@gmx.de In-Reply-To: Message-ID: <20070806205559.21970@gmx.net> MIME-Version: 1.0 References: <20070805210135.145930@gmx.net> Subject: Re: initramfs and loop-aes To: "Jan Klod" , linux-crypto@nl.linux.org X-Authenticated: #5663700 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 X-Provags-ID: V01U2FsdGVkX1+oMwd/ihuovwNq4tcRyLpxt2ftjgf39wEgRreG0c H77C6fOcl8SWr1dHnm9umbabPcBF6FkMYu7Q== Content-Transfer-Encoding: 7bit X-GMX-UID: 7byCd+BgbUk7IOJYZGgnceVsZ2hlN4rT Received-SPF: X-Spam-Status: No, score=-0.6 required=5.0 tests=AWL,BAYES_05,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto "Jan Klod" wrote: > When booting from USB flashdrive, kernel boots ok until this: > > RAMDISK: Compressed image found at block 0 > Replacing swsusp. > No storage allocator is currently active. Rechecking weather we can use > one. > > Compression Driver: Argh! Nothing follows me in the pipeline! > Compressor didn't initialise okay. > Suspend2: Initialise modules failed! > VFS: Mounted root (minix filesystem) readonly. > Mounting /dev/sdc as /lib failed > md: stopping all md devices. Looks you are starting from removable USB drive. Good idea! I am not familiar with loop-aes in connection with software suspend/hibernate but as you fail to reach the point where the pass phrase is asked I come to remember difficulties I had... Could you verify that your two sata drives are assigned as /dev/sda and sdb? How about the USB drive? The usb part of the kernel posts plenty of messages even *before* a partition is mounted. Since your setup fails to mount /dev/sdc it might be a timing problem. I am uncertain but I suggest you increase the delay for usb devices in the built-intrd.sh and make up a new initial ramdisk INITIALDELAY=0 -> 3 to 10 This aims to mount /dev/sdc as /lib so that the passphrase will be asked. Delay of USB devices is hardware specific and needs some tweaks. Kernel should post messages about manufacturer/capacity of the medium *before* it gets mounted. Give it a try! It may also be an issue of this software suspend which I am not familiar with. But anyway, you have to make the kernel mount this USB drive. Best regards, Peter -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Aug 07 14:47:33 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIOTA-00071N-3Z; Tue, 07 Aug 2007 14:47:28 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 07 Aug 2007 14:46:40 +0200 (CEST) Received: from mail.korax.net ([216.201.96.57]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIOS8-0006vz-9p for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 14:46:24 +0200 Received: from webmail.korax.net (localhost [127.0.0.1]) by mail.korax.net (Postfix) with ESMTP id 7B82117047C for ; Tue, 7 Aug 2007 08:45:46 -0400 (EDT) Received: from 69.70.158.163 (SquirrelMail authenticated user jsabev@nicmus.com) by webmail.korax.net with HTTP; Tue, 7 Aug 2007 08:45:46 -0400 (EDT) Message-ID: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> Date: Tue, 7 Aug 2007 08:45:46 -0400 (EDT) Subject: Help booting a gpg encrypted loop-aes backed root partition From: "Jivko Sabev" To: linux-crypto@nl.linux.org User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 (Normal) Importance: Normal Content-Transfer-Encoding: quoted-printable Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jsabev@nicmus.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi I have been trying to boot my loop-aes backed gpg encrypted root partitio= n with no success. I know the partition is alright as I can mount it using = a rescue cd such as knoppix or from my unencrypted temporary root. I have followed the README file in loop-AES directory step by step but no avail. When the system boots, it just sits after uncompressing the initrd image. There is no error message printed and no password prompt. It sits there forever. The last message it prints is something of the sort compressed ram image found at 0. Mounting root fs minixfs filesystem or something similar but it never goes any further. I am using a custom compiled kernel (2.6.22.1) with the following relevan= t config options: CONFIG_BLK_DEV_RAM=3Dy CONFIG_BLK_DEV_RAM_SIZE=3D4096 CONFIG_BLK_DEV_INITRD=3Dy CONFIG_MINIX_FS=3Dy CONFIG_PROC_FS=3Dy USEDIETLIBC=3D1 # CONFIG_CRAMFS is not set CONFIG_EXT2_FS=3Dy CONFIG_EXT3_FS=3Dy Note the system detects the hds correctly as the chipset drivers are compiled in and I can see them being detected on boot. I am using loop-AES-3.2a and the actual loop device is fine - i.e. make tests is ok. The contents of my build-inittrd.sh file are as follows: USEDEVFS=3D0 USEPIVOT=3D1 BOOTDEV=3D/dev/hda1 BOOTTYPE=3Dext2 CRYPTROOT=3D/dev/hda2 ROOTTYPE=3Dext3 LOINIT=3D"-I 0" USEGPGKEY=3D1 GPGKEYFILE=3Drootkey.gpg EXTERNALGPGFILES=3D0 USEMODULE=3D1 INITRDONLY=3D0 ROOTLOOPINDEX=3D5 TEMPLOOPINDEX=3D7 DESTINATIONPREFIX=3D/boot I don't know if it is relevant but it is running on a heavily modified ubuntu 7.04. Any help is greatly appreciated. Regards, Jivko - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Aug 07 15:14:13 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIOt0-0006rm-DA; Tue, 07 Aug 2007 15:14:10 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 07 Aug 2007 15:13:44 +0200 (CEST) Received: from mta-2.ms.rz.rwth-aachen.de ([134.130.7.73]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIOsM-0006r6-9I for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 15:13:30 +0200 Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.3.58]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTP id <0JME006TMN4VWL00@mta-2.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 15:07:43 +0200 (CEST) Received: from talos.rz.rwth-aachen.de (HELO smarthost.rwth-aachen.de) ([134.130.3.22]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Tue, 07 Aug 2007 15:07:43 +0200 Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l77D7g9f023123 for ; Tue, 07 Aug 2007 15:07:42 +0200 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id F0E825B7EA for ; Tue, 07 Aug 2007 15:07:42 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03699-06 for ; Tue, 07 Aug 2007 15:07:42 +0200 (CEST) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 9426F5B7DD for ; Tue, 07 Aug 2007 15:07:42 +0200 (CEST) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id 180451A6326; Tue, 07 Aug 2007 15:09:37 +0200 (CEST) Date: Tue, 07 Aug 2007 15:09:37 +0200 From: markus reichelt Subject: Re: Help booting a gpg encrypted loop-aes backed root partition In-reply-to: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20070807130937.GA4781@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-disposition: inline X-IronPort-AV: E=Sophos;i="4.19,229,1183327200"; d="scan'208";a="14338839" X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Jivko Sabev wrote: > # CONFIG_CRAMFS is not set try again with CONFIG_CRAMFS=3Dy I have it set for my kernels and root encryption. --=20 left blank, right bald --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFGuG8RLMyTO8Kj/uQRAoebAJ4pfatKLreTyZB0GTVap3xkWQ/U0ACcCVi4 s9q5jBET7cZ6ksb1gTUShyQ= =3PR1 -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Aug 07 19:24:06 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IISme-0008HT-Ik; Tue, 07 Aug 2007 19:23:52 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 07 Aug 2007 19:23:19 +0200 (CEST) Received: from mail.korax.net ([216.201.96.57]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IISlm-0008Bc-TH for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 19:22:59 +0200 Received: from webmail.korax.net (localhost [127.0.0.1]) by mail.korax.net (Postfix) with ESMTP id 4C7F9170C2A for ; Tue, 7 Aug 2007 13:22:21 -0400 (EDT) Received: from 66.46.76.114 (SquirrelMail authenticated user jsabev@nicmus.com) by webmail.korax.net with HTTP; Tue, 7 Aug 2007 13:22:21 -0400 (EDT) Message-ID: <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> In-Reply-To: <20070807130937.GA4781@tatooine.rebelbase.local> References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> Date: Tue, 7 Aug 2007 13:22:21 -0400 (EDT) Subject: Re: Help booting a gpg encrypted loop-aes backed root partition From: "Jivko Sabev" To: linux-crypto@nl.linux.org User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 (Normal) Importance: Normal Content-Transfer-Encoding: quoted-printable Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jsabev@nicmus.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Having CONFIG_CRAMFS=3Dy does not change anything. Exactly the same problem as before. Namely boot process hangs after finding the compressed ram image. There are no errors reported. Has anyone experienced this and been able to resolve the issue. Regards, Jivko > * Jivko Sabev wrote: > >> # CONFIG_CRAMFS is not set > > try again with CONFIG_CRAMFS=3Dy > > I have it set for my kernels and root encryption. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Aug 07 19:53:08 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IITEn-0001j3-Ie; Tue, 07 Aug 2007 19:52:57 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 07 Aug 2007 19:52:29 +0200 (CEST) Received: from py-out-1112.google.com ([64.233.166.180]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IITEB-0001iV-Ht for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 19:52:19 +0200 Received: by py-out-1112.google.com with SMTP id u52so3042405pyb for ; Tue, 07 Aug 2007 10:52:17 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=m8OtaHapn0MVkCsVw4PuuSA5bCpTMfrnHBAX9Gl47KfHH0jYm4dAHq8BqRYSbTBdD/iKHGVpA85Z8hDXmvO7AHpNfikw1JlWBR4YHWNPUKZknFG2g1EN9Z6OQetQqd6+a6NR9z3mjnyHBrsdGlDqCqFG7M8mTlAFB8HrYrVhAtk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lFtDz33uW7kjca2S0qkquyhptwjPruC5x3SFXFfJXnc8EFdHRIwRbtF7HIrVesKBGIsVSVyXV+vngyQ2+Ews/szutzQSnET5SbR4NCl7D/w0lDc8ewtZjT9/BvJRnh9e/ipUyTBHjzUpdLcBvT0Q42aUagwTcYr1rU1xE2FOE9Y= Received: by 10.35.86.12 with SMTP id o12mr12016249pyl.1186509137091; Tue, 07 Aug 2007 10:52:17 -0700 (PDT) Received: by 10.35.69.17 with HTTP; Tue, 7 Aug 2007 10:52:17 -0700 (PDT) Message-ID: <4255c2570708071052pd606328h1760e634275f7bd7@mail.gmail.com> Date: Tue, 7 Aug 2007 12:52:17 -0500 From: RB To: "Jivko Sabev" Subject: Re: Help booting a gpg encrypted loop-aes backed root partition Cc: linux-crypto@nl.linux.org In-Reply-To: <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: aoz.syn@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto What console are you using? Looks to me like you're hooked up to the VGA console, but the bootloader/initrd set their output to a serial console, or vice versa. Are you sure it hangs? Is there a kernel panic (i.e. num, scroll, & caps locks blink in unison), does an expected service not come up, or...? If you haven't disabled it, try hitting 'ctrl-alt-del' when you think you have it hung - chances are you'll get a summary reboot, indicating your console is pointing where you don't expect it or can't see it. There are other things that could cause this problem (or cause ctrl-alt-del to fail), but the most likely explanation is your 'console=' kernel argument. RB - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Aug 07 20:37:16 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IITvQ-0002e6-Sf; Tue, 07 Aug 2007 20:37:00 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 07 Aug 2007 20:36:30 +0200 (CEST) Received: from mta-2.ms.rz.rwth-aachen.de ([134.130.7.73]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IITue-0002dW-Dr for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 20:36:12 +0200 Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.3.58]) by mta-2.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTP id <0JMF00CL925LEG00@mta-2.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 20:32:09 +0200 (CEST) Received: from talos.rz.rwth-aachen.de (HELO smarthost.rwth-aachen.de) ([134.130.3.22]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Tue, 07 Aug 2007 20:32:09 +0200 Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l77IW8jl019957 for ; Tue, 07 Aug 2007 20:32:08 +0200 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 9E0125B7E5 for ; Tue, 07 Aug 2007 20:32:09 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02089-03 for ; Tue, 07 Aug 2007 20:32:09 +0200 (CEST) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 295B85B7DD for ; Tue, 07 Aug 2007 20:32:09 +0200 (CEST) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id C20CC1A6326; Tue, 07 Aug 2007 20:34:05 +0200 (CEST) Date: Tue, 07 Aug 2007 20:34:05 +0200 From: markus reichelt Subject: Re: Help booting a gpg encrypted loop-aes backed root partition In-reply-to: <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20070807183405.GB4781@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5/uDoXvLw7AC5HRs" Content-disposition: inline X-IronPort-AV: E=Sophos;i="4.19,230,1183327200"; d="scan'208";a="14397760" X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --5/uDoXvLw7AC5HRs Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Jivko Sabev wrote: > Has anyone experienced this and been able to resolve the issue. Hm. Apart from the console issue RB described (which should not happen at all, but I don't know Ubuntu), it could be related to pivot mode and kernel boot parameters. I don't use pivot mode, here's my config: #initrd.conf INITRDONLY=3D0 USEPIVOT=3D0 USEDEVFS=3D0 BOOTDEV=3D/dev/hdc # CDROM BOOTTYPE=3Diso9660 # lowercase matters CRYPTROOT=3D/dev/hda2 GPGKEYFILE=3Drootkey.gpg ROOTTYPE=3Dext3 CIPHERTYPE=3DAES128 LOADNATIONALKEYB=3D1 INITIALDELAY=3D0 DESTINATIONPREFIX=3D/boot/iso INITRDGZNAME=3Dinitrd.gz #isolinux.cfg default test timeout 100 prompt 1 label test kernel test2621.5 append initrd=3Dinitrd.gz root=3D/dev/hda2 HTH --=20 left blank, right bald --5/uDoXvLw7AC5HRs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFGuLsdLMyTO8Kj/uQRAhrHAJ9Uj8AvIuIR5Mb/P8DwFQmH9sN/JwCePcvU 9OQzonUCv/epdjPdFXePdX4= =kEmV -----END PGP SIGNATURE----- --5/uDoXvLw7AC5HRs-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Aug 07 21:31:35 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIUm4-0004eI-3Z; Tue, 07 Aug 2007 21:31:24 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 07 Aug 2007 21:31:02 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIUlU-0004dJ-Jq for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 21:30:48 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id D8F9D17F47; Tue, 7 Aug 2007 22:30:40 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kh-QuHay8RrR; Tue, 7 Aug 2007 22:30:35 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 3743117F343; Tue, 7 Aug 2007 22:30:35 +0300 (EEST) Message-ID: <46B8C85A.A18ADF4@users.sourceforge.net> Date: Tue, 07 Aug 2007 22:30:34 +0300 From: Jari Ruusu To: Jivko Sabev Cc: linux-crypto@nl.linux.org Subject: Re: Help booting a gpg encrypted loop-aes backed root partition References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jivko Sabev wrote: > Having > > CONFIG_CRAMFS=y > > does not change anything. Exactly the same problem as before. Namely boot > process hangs after finding the compressed ram image. There are no errors > reported. The reason why loop-AES README says CONFIG_CRAMFS=n is because long time ago someone had problems with it when cramfs tried to "probe" if root file system type was cramfs. While doing that, cramfs also damaged the initrd data sufficiently badly that minix file system could not mount it any more. The workaround was to disable cramfs, or to specify rootfstype=minix kernel parameter. That rootfstype=minix kernel parameter disables attempts to mount using all built-in file systems, so cramfs no longer got a chance to probe/damage the initrd data. You provided some data about your setup, but something is still missing. Your bootloader configuration, and specifically what parameters get passed to kernel when it boots is important. Please provide that info. Can you also modify your build-initrd.sh config so that TOOLSPROMPT=1 is set there? Then build new initrd. It doesn't do much other than ask you to press ENTER key when initrd code begins to run. At least you get to know if it got that far. Also, can you verify that dietlibc is working ok? Like this: $ printf '#include \nint main(){write(1,"hello\\n",6);}\n' >xxx.c $ diet gcc -O2 -s xxx.c $ ./a.out hello $ -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Aug 07 21:31:39 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIUm5-0004f6-E1; Tue, 07 Aug 2007 21:31:25 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 07 Aug 2007 21:31:19 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIUll-0004eV-QR for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 21:31:05 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id E62FA17F45; Tue, 7 Aug 2007 22:31:04 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OdtBhkxvZxQt; Tue, 7 Aug 2007 22:30:59 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 7358017F343; Tue, 7 Aug 2007 22:30:59 +0300 (EEST) Message-ID: <46B8C873.3BA72A13@users.sourceforge.net> Date: Tue, 07 Aug 2007 22:30:59 +0300 From: Jari Ruusu To: Jan Klod Cc: linux-crypto@nl.linux.org Subject: Re: initramfs and loop-aes References: <20070805210135.145930@gmx.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_20 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jan Klod wrote: > VFS: Mounted root (minix filesystem) readonly. > Mounting /dev/sdc as /lib failed Above 'failed' message comes from initrd code running. Meaning: 1) bootloader loaded kernel and initrd ok 2) kernel booted ok 3) initrd code started running ok The remaining problem is why USB device mount failed. Kernel may start running initrd code before USB devices are detected. You may say that your computer booted from USB so USB is ok. Well.. that was computer's BIOS and bootloader that accessed that USB device, not linux kernel. Linux kernel also needs to recognize those devices before those devices "exist" to linux kernel. That may take some time when kernel chats with USB devices and becomes convinced that they exists. The fix is to tell initrd code to wait few seconds before it attempts to mount any USB device. This can be achieved by setting INITIALDELAY=3 in your build-initrd.sh configuration. That waits 3 seconds. [ Peter_22@gmx.de provided almost same info yesterday, but I haven't seen any "solved" messages from you yet ] -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Aug 07 22:36:24 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIVmn-0007O6-Qu; Tue, 07 Aug 2007 22:36:13 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Tue, 07 Aug 2007 22:35:17 +0200 (CEST) Received: from ug-out-1314.google.com ([66.249.92.172]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIVlh-0007NN-3x for linux-crypto@nl.linux.org; Tue, 07 Aug 2007 22:35:05 +0200 Received: by ug-out-1314.google.com with SMTP id u40so131034ugc for ; Tue, 07 Aug 2007 13:35:00 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Ml+HzqHH3T/K364mKD9e0u5Ze6akf6liiB7/6skaySNqny7BJ/bQT+XTQb6ECY6ZbbXQRxH6S8e/5bc3Durnd3/arXWjTFWogL5RxqW9BbwmgEkj43RgEKNVia8LLA7zpMZC/dyE7+LNHMmwt1THT4y84wK0fZewoRM7N1H6ea0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=EDdnkI7LtHdx/EpOp/4/eNZHEaMoy1PUC89M6UOXjRbqYaHgZOjdflQ/oWkrImZHtuAKuqZgIDDSDM8kU1olE2jHRJMjXZ0IwMoE5oRnmDU/PgkZ3IdfuYE2sv0nF92D5aXU88lv5snTSkKMnICbiq7xmR3s2XqP4F4DpYmjpcY= Received: by 10.78.201.15 with SMTP id y15mr1945431huf.1186518899929; Tue, 07 Aug 2007 13:34:59 -0700 (PDT) Received: by 10.78.192.4 with HTTP; Tue, 7 Aug 2007 13:34:59 -0700 (PDT) Message-ID: Date: Tue, 7 Aug 2007 23:34:59 +0300 From: "Jan Klod" To: linux-crypto@nl.linux.org Subject: Re: initramfs and loop-aes In-Reply-To: <46B8C873.3BA72A13@users.sourceforge.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_145469_3692322.1186518899894" References: <20070805210135.145930@gmx.net> <46B8C873.3BA72A13@users.sourceforge.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: janklodvan@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto ------=_Part_145469_3692322.1186518899894 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thanks to Peter_22@gmx.de and Jari! Now I've just booted in encrypted root for first time! You are right, it takes some time for kernel to find USB device. INITIALDELAY=10 just worked good, 3 was to less. I think 4s could be good for me. Sorry for delay, I had some problems with reiserfs. I agree, it would be better to answer sooner, but I wanted to complete this loop-aes thing. Jari, I am really grateful about loop-aes! Best wishes, Jan ------=_Part_145469_3692322.1186518899894 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thanks to Peter_22@gmx.de and Jari!
Now I've just booted in encrypted root for first time!
You are right, it takes some time for kernel to find USB device.

INITIALDELAY=10 just worked good, 3 was to less. I think 4s could be good for me.

Sorry for delay, I had some problems with reiserfs. I agree, it would be better to answer sooner, but I wanted to complete this loop-aes thing.
Jari, I am really grateful about loop-aes!

Best wishes,
Jan
------=_Part_145469_3692322.1186518899894-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Aug 08 10:54:27 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIhJ8-00058j-OO; Wed, 08 Aug 2007 10:54:22 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 08 Aug 2007 10:53:44 +0200 (CEST) Received: from ug-out-1314.google.com ([66.249.92.169]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIhIK-000588-H7 for linux-crypto@nl.linux.org; Wed, 08 Aug 2007 10:53:32 +0200 Received: by ug-out-1314.google.com with SMTP id u40so168346ugc for ; Wed, 08 Aug 2007 01:53:31 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=H1MsnlVsbfoDUU4RpLB5vbYbBwMvgK1bSXlr1mOmq1s0fqBOrKKcrsI/LD/5yzvbHuXvbTQ3A8t3Mv6bfNQHrNRd8fK2HkU5Y2m5gALMYddMHppx6lt6wJe4OFXfyU6TYfmkFU6cE9h3lIRKtFsFpWpBILFtMh21AWGTn6Nzy7I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=qM4NBY4cju9CkEtg1sjRp/0QyRsORAUkabkxU59OFxUgKonZ3p/+JOVWlFqfAQdG6d4uq1JaJ1a+rUjWLF4SRN9l5hPiLKhDk9nsgKYU3Jx9wW4kjXNt5nYbZa4BIEkrHy0sDT7yNKX6M5uPZSOOogxh3ZhPNust8c5rPs1SnFU= Received: by 10.78.172.20 with SMTP id u20mr54466hue.1186563210887; Wed, 08 Aug 2007 01:53:30 -0700 (PDT) Received: by 10.78.192.4 with HTTP; Wed, 8 Aug 2007 01:53:30 -0700 (PDT) Message-ID: Date: Wed, 8 Aug 2007 11:53:30 +0300 From: "Jan Klod" To: linux-crypto@nl.linux.org Subject: Re: initramfs and loop-aes In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_151688_4499537.1186563210836" References: <20070805210135.145930@gmx.net> <46B8C873.3BA72A13@users.sourceforge.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: janklodvan@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto ------=_Part_151688_4499537.1186563210836 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline > > INITIALDELAY=10 just worked good, 3 was to less. I think 4s could be good > for me. > ..and one more thing: if use command ./build-initrd.sh /boot/initrd.conf, it is not necessary to change INITIALDELAY option in build-initrd.sh (only initrd.conf makes sense then). Probably initrd.conf is not really necessary, because it doesn't changed delay w/o remaking initrd.gz. Jan ------=_Part_151688_4499537.1186563210836 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
INITIALDELAY=10 just worked good, 3 was to less. I think 4s could be good for me.

..and one more thing: if use command ./build-initrd.sh /boot/initrd.conf, it is not necessary to change INITIALDELAY option in build-initrd.sh (only initrd.conf makes sense then). Probably initrd.conf is not really necessary, because it doesn't changed delay w/o remaking initrd.gz.

Jan
------=_Part_151688_4499537.1186563210836-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Aug 08 14:21:15 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIkXG-0005Ao-HW; Wed, 08 Aug 2007 14:21:10 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 08 Aug 2007 14:20:39 +0200 (CEST) Received: from mail.korax.net ([216.201.96.57]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIkWV-00055V-RB for linux-crypto@nl.linux.org; Wed, 08 Aug 2007 14:20:23 +0200 Received: from webmail.korax.net (localhost [127.0.0.1]) by mail.korax.net (Postfix) with ESMTP id C2A8B1708A4 for ; Wed, 8 Aug 2007 08:19:51 -0400 (EDT) Received: from 69.70.158.163 (SquirrelMail authenticated user jsabev@nicmus.com) by webmail.korax.net with HTTP; Wed, 8 Aug 2007 08:19:51 -0400 (EDT) Message-ID: <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> In-Reply-To: <46B8C85A.A18ADF4@users.sourceforge.net> References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> Date: Wed, 8 Aug 2007 08:19:51 -0400 (EDT) Subject: Re: Help booting a gpg encrypted loop-aes backed root partition From: "Jivko Sabev" To: linux-crypto@nl.linux.org User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 (Normal) Importance: Normal Content-Transfer-Encoding: quoted-printable Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jsabev@nicmus.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jari, thank you for your suggestion. However, the problem persists. I did set TOOLSPROMT=3D1 and rebuild my initrd but the boot process hangs at exactly the same place as up until now. It doesn't ask to press enter. The last message it prints is: RAMDISK: Compressed image found at block 0 VFS: Mounted root (minix filesystem) readonly Freeing unused kernel memory: 192k free and it just sits there. Note that it doesn't freeze - there is no kernel panic and it accepts input from the keyboard. It echos characters typed o= n the console and you can reboot by . My Grub configuration is pretty standard as per build-init-rd.sh instructions. Namely: title Ubuntu, kernel 2.6.22.1 Encrypted root (hd0,0) kernel /vmlinuz-2.6.22.1 root=3D100 init=3D/linuxrc rootfstype=3Dminix initrd /initrd-crypt.gz I did verify dietlibc and it is working fine. Regards, Jivko > Jivko Sabev wrote: > > > > You provided some data about your setup, but something is still missing= . > Your bootloader configuration, and specifically what parameters get pas= sed > to kernel when it boots is important. Please provide that info. > > Can you also modify your build-initrd.sh config so that > > TOOLSPROMPT=3D1 > > is set there? Then build new initrd. It doesn't do much other than ask = you > to press ENTER key when initrd code begins to run. At least you get to > know > if it got that far. > > Also, can you verify that dietlibc is working ok? Like this: > > $ printf '#include \nint main(){write(1,"hello\\n",6);}\n' > >xxx.c > $ diet gcc -O2 -s xxx.c > $ ./a.out > hello > $ > > -- > Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A= 9 > DD > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > > > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Aug 08 14:42:28 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIkrr-0006fh-2g; Wed, 08 Aug 2007 14:42:27 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 08 Aug 2007 14:42:13 +0200 (CEST) Received: from py-out-1112.google.com ([64.233.166.178]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIkrT-0006fE-AW for linux-crypto@nl.linux.org; Wed, 08 Aug 2007 14:42:03 +0200 Received: by py-out-1112.google.com with SMTP id u52so240539pyb for ; Wed, 08 Aug 2007 05:42:00 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uuwekeSRm60z20ir7br5FYvbdBQwbLbQl9+G5uaMgtKkAlrJIpyszHN/BqD9JlYYwNpGe5lAq5+CHm++4ZSt5s9CfmwfascO9IFbpBnL7l9e8hwLT9MK2LtlTGb8F+g76FXRTLO6GbQ3RCRgA1GRoI3uWUBHK+9HMa3sUk5A2LU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=aPNIQvl5ZmjIdvGgLjo/6skn/qgp/PJpdGaFtPIy5vTAWgIwakpThk44GY7bzpZqRm2iLTS6c+k+Lj2onNsbJ6jdcDTmg+jb9gN/AWi9tM3K1/8kw47Zyio6vAp328GgL3pvSGKBjIaTHLfjTqTqBPP7aFNQvYfr/BIWI0+TscU= Received: by 10.35.77.18 with SMTP id e18mr1467824pyl.1186576919866; Wed, 08 Aug 2007 05:41:59 -0700 (PDT) Received: by 10.35.69.17 with HTTP; Wed, 8 Aug 2007 05:41:59 -0700 (PDT) Message-ID: <4255c2570708080541h224e0d0ft4a4dcfba4d098e96@mail.gmail.com> Date: Wed, 8 Aug 2007 07:41:59 -0500 From: RB To: "Jivko Sabev" Subject: Re: Help booting a gpg encrypted loop-aes backed root partition Cc: linux-crypto@nl.linux.org In-Reply-To: <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: aoz.syn@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto > kernel /vmlinuz-2.6.22.1 root=100 init=/linuxrc rootfstype=minix This looks right; I would suggest trying adding 'console=tty1' (see Documentation/kernel-parameters.txt) just to make your using the VGA console explicit rather than implied. You should be seeing all the kernel boot-time messages scroll by, unless you have some redirection like bootsplash going on; if not, I would think you are missing some console option - consider posting your video hardware, the output of 'grep CONSOLE .config', and 'grep _FB_ .config'. At this point, it would also be fruitful to tell us if you're using the vanilla kernel.org sources, a patched set from Ubuntu, or otherwise (I use Gentoo's hardened-sources, myself). If you know where your boot-time kernel messages are going and are okay with that, then my next suspect would be the actual init process - i.e., it's starting, but freezing at some point. That, I'm not sure I can help you with. RB - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Aug 08 19:16:39 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIp99-0007By-5h; Wed, 08 Aug 2007 19:16:35 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 08 Aug 2007 19:16:02 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIp8R-0007B4-89 for linux-crypto@nl.linux.org; Wed, 08 Aug 2007 19:15:51 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id C482818AAC; Wed, 8 Aug 2007 20:15:45 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DccDgJqOzRYq; Wed, 8 Aug 2007 20:15:40 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 301A017DF57; Wed, 8 Aug 2007 20:15:40 +0300 (EEST) Message-ID: <46B9FA3A.9E186B5E@users.sourceforge.net> Date: Wed, 08 Aug 2007 20:15:38 +0300 From: Jari Ruusu To: Jivko Sabev Cc: linux-crypto@nl.linux.org Subject: Re: Help booting a gpg encrypted loop-aes backed root partition References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jivko Sabev wrote: > However, the problem persists. I did set TOOLSPROMT=1 and rebuild my > initrd but the boot process hangs at exactly the same place as up until > now. It doesn't ask to press enter. The last message it prints is: > > RAMDISK: Compressed image found at block 0 > VFS: Mounted root (minix filesystem) readonly > Freeing unused kernel memory: 192k free > > and it just sits there. Note that it doesn't freeze - there is no kernel > panic and it accepts input from the keyboard. It echos characters typed on > the console and you can reboot by . Either your kernel does not run initrd code, or initrd is somehow messed up and is unrunnable. Can you send me your full compressed kernel config, and a copy of your initrd.gz file? I did spot one inconsistency: Your build-initrd.sh config creates initrd.gz file, and your bootloader config loads initrd-crypt.gz file. Are you sure that bootloader is actually loading correct initrd file? -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Aug 08 22:17:51 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIryP-0005cJ-Ix; Wed, 08 Aug 2007 22:17:41 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 08 Aug 2007 22:17:13 +0200 (CEST) Received: from mta-1.ms.rz.rwth-aachen.de ([134.130.7.72]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIrxd-0005aZ-O3 for linux-crypto@nl.linux.org; Wed, 08 Aug 2007 22:16:53 +0200 Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.3.58]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTP id <0JMH00BYS16N0C00@mta-1.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Wed, 08 Aug 2007 22:06:23 +0200 (CEST) Received: from talos.rz.rwth-aachen.de (HELO smarthost.rwth-aachen.de) ([134.130.3.22]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Wed, 08 Aug 2007 22:06:23 +0200 Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l78K6MER031993 for ; Wed, 08 Aug 2007 22:06:22 +0200 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 72EDD5B801 for ; Wed, 08 Aug 2007 22:06:23 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01304-08 for ; Wed, 08 Aug 2007 22:06:22 +0200 (CEST) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id F09465B777 for ; Wed, 08 Aug 2007 22:06:22 +0200 (CEST) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id 967131A6326; Wed, 08 Aug 2007 22:08:23 +0200 (CEST) Date: Wed, 08 Aug 2007 22:08:23 +0200 From: markus reichelt Subject: Re: Help booting a gpg encrypted loop-aes backed root partition In-reply-to: <46B9FA3A.9E186B5E@users.sourceforge.net> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20070808200823.GC4781@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=xesSdrSSBC0PokLI Content-disposition: inline X-IronPort-AV: E=Sophos;i="4.19,237,1183327200"; d="scan'208";a="14678779" X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> <46B9FA3A.9E186B5E@users.sourceforge.net> User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --xesSdrSSBC0PokLI Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Jari Ruusu wrote: > Either your kernel does not run initrd code, or initrd is somehow > messed up and is unrunnable. Can you send me your full compressed > kernel config, and a copy of your initrd.gz file? When I was setting up root encryption on some machines with different kernel versions I ran into problems with pivot mode. On some it worked, on most it didn't, so I'm not using it for new setups these days. I remembered there was some talk on LKML about it, here's the link: http://lkml.org/lkml/2007/06/24/130 Jivko, have you tried using an initrd with USEPIVOT=3D0? Don't forget to adapt kernel boot parameters. --=20 left blank, right bald --xesSdrSSBC0PokLI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFGuiK3LMyTO8Kj/uQRAtIRAJ4/BixEExu6FayUeTeyVX/2jrD3SgCfSSF6 w5c6RLTcyL1ekIOuLM2gR94= =bB2s -----END PGP SIGNATURE----- --xesSdrSSBC0PokLI-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Aug 09 06:08:06 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIzJa-0001JL-Gx; Thu, 09 Aug 2007 06:08:02 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 09 Aug 2007 06:07:32 +0200 (CEST) Received: from mail.korax.net ([216.201.96.57]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IIzIS-00070d-Nl for linux-crypto@nl.linux.org; Thu, 09 Aug 2007 06:06:52 +0200 Received: from [69.70.158.163] (modemcable163.158-70-69.mc.videotron.ca [69.70.158.163]) by mail.korax.net (Postfix) with ESMTP id AA5331703C5 for ; Thu, 9 Aug 2007 00:06:14 -0400 (EDT) Message-ID: <46BA92B6.4040600@nicmus.com> Date: Thu, 09 Aug 2007 00:06:14 -0400 From: Jivko Sabev User-Agent: Thunderbird 1.5.0.12 (X11/20070604) MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Help booting a gpg encrypted loop-aes backed root partition References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> <46B9FA3A.9E186B5E@users.sourceforge.net> <20070808200823.GC4781@tatooine.rebelbase.local> In-Reply-To: <20070808200823.GC4781@tatooine.rebelbase.local> X-Enigmail-Version: 0.94.2.0 OpenPGP: id=3617A618 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jsabev@nicmus.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Thanks for all your suggestions. I have been experimenting with the various approaches with little success. Passing the boot parameter console=tty (or console=tty1) as RB suggested does not help. By the way, I am using a vanilla kernel straight from kernel.org. Prior to that, I was using an ubuntu-sources kernel but having had the same problem I thought that maybe the issue was due to some ubuntu specific patch to the kernel. grep CONSOLE .config outputs # CONFIG_NETCONSOLE is not set CONFIG_VT_CONSOLE=y CONFIG_HW_CONSOLE=y CONFIG_VT_HW_CONSOLE_BINDING=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_SERIAL_CORE_CONSOLE=y # CONFIG_LP_CONSOLE is not set CONFIG_VGA_CONSOLE=y CONFIG_DUMMY_CONSOLE=y grep _FB_ .config doesn't output anything as I do not have any Frame Buffer support enabled. Setting USEPIVOT=0 as per Markus' suggestion and rebuilding the initrd image results in a kernel panic after reboot with the following grub configuration (taken from the build-initrd.sh comments) title Ubuntu, kernel 2.6.22.1vanila Encrypted No Pivot root (hd0,0) kernel /vmlinuz-2.6.22.1vanila ro root=101 console=tty initrd /initrd-crypt.gz (initrd-crypt.gz is the correct initrd image. I have set INITRDGZNAME=initrd-crypt.gz) The kernel panic seemed due to the initrd image not being able to mount root - i.e. last messages printed to the console are: List of All Partitions: 0300 78150744 hda driver ide-disk 0301 64228 hda1 0302 76172197 hda2 0303 1911735 hda3 No filesystems can mount root tried ext2 ext3 minix Kernel panic - not syncing VFS: unable to mount rootfs on unknow-block(1,1) hda1 is boot initialised as ext2, hda2 is root initialised as ext3. I find this kind of strange as I have the chipset drivers compiled in and ext2 and ext3 compiled in the kernel as well. I can see the kernel detecting the hds correctly before panicking. Regards, Jivko markus reichelt wrote: > * Jari Ruusu wrote: > > >> Either your kernel does not run initrd code, or initrd is somehow >> messed up and is unrunnable. Can you send me your full compressed >> kernel config, and a copy of your initrd.gz file? >> > > When I was setting up root encryption on some machines with different > kernel versions I ran into problems with pivot mode. On some it > worked, on most it didn't, so I'm not using it for new setups these > days. I remembered there was some talk on LKML about it, here's the > link: > > http://lkml.org/lkml/2007/06/24/130 > > Jivko, have you tried using an initrd with USEPIVOT=0? Don't forget > to adapt kernel boot parameters. > > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Aug 09 19:48:47 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IJC7i-0003Vj-Ff; Thu, 09 Aug 2007 19:48:38 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 09 Aug 2007 19:47:43 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IJC6Z-0003Um-3j for linux-crypto@nl.linux.org; Thu, 09 Aug 2007 19:47:27 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 7419F19164; Thu, 9 Aug 2007 20:47:20 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KFzuRpgkfM9r; Thu, 9 Aug 2007 20:47:14 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id D608719161; Thu, 9 Aug 2007 20:47:14 +0300 (EEST) Message-ID: <46BB5321.910C5415@users.sourceforge.net> Date: Thu, 09 Aug 2007 20:47:13 +0300 From: Jari Ruusu To: Jivko Sabev Cc: linux-crypto@nl.linux.org Subject: Re: Help booting a gpg encrypted loop-aes backed root partition References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> <46B9FA3A.9E186B5E@users.sourceforge.net> <20070808200823.GC4781@tatooine.rebelbase.local> <46BA92B6.4040600@nicmus.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jivko Sabev wrote: > Passing the boot parameter console=tty (or console=tty1) as RB suggested > does not help. If console was redirected elsewhere, you would not be seeing these messages: RAMDISK: Compressed image found at block 0 VFS: Mounted root (minix filesystem) readonly Freeing unused kernel memory: 192k free So it is not console redirection issue. > Setting > > USEPIVOT=0 pivot_root is used after encrypted root file system has been mounted. So this is not a problem with pivot_root system call. Your encrypted-root-boot doesn't get that far, yet. > title Ubuntu, kernel 2.6.22.1vanila Encrypted No Pivot > root (hd0,0) > kernel /vmlinuz-2.6.22.1vanila ro root=101 console=tty > initrd /initrd-crypt.gz [snip] > No filesystems can mount root tried ext2 ext3 minix > Kernel panic - not syncing > VFS: unable to mount rootfs on unknow-block(1,1) Did you see a password prompt before kernel panic? I quickly looked at kernel config that you sent me privately. I didn't see anything wrong with it. I also disassembled the /linuxrc program binary that was inside initrd-crypt.gz that you sent me. It seems to be linked to some older version of dietlibc. I looked at first few systems calls in main() function. Looked mostly ok, except there was one unexplained line: 8048383: 65 8b 15 14 00 00 00 mov %gs:0x14,%edx which was put there by gcc compiler. Maybe there is some reasonable explanation for why that is there, but I didn't immediately see it. Can you test an initrd that I created for you? I used this config: BOOTDEV=/dev/hda1 BOOTTYPE=ext2 CRYPTROOT=/dev/hda2 ROOTTYPE=ext3 CIPHERTYPE=AES128 INITRDONLY=1 DESTINATIONPREFIX=/tmp All other config entries are defaults that are found in unmodified loop-AES-v3.2a build-initrd.sh script. You can download it here: http://koti.tnnet.fi/jari.ruusu/tmp/initrd.gz http://koti.tnnet.fi/jari.ruusu/tmp/initrd.gz.sign -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Aug 10 04:34:02 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IJKK1-0006LF-2y; Fri, 10 Aug 2007 04:33:53 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 10 Aug 2007 04:33:20 +0200 (CEST) Received: from mail.korax.net ([216.201.96.57]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IJKJD-0006GU-0f for linux-crypto@nl.linux.org; Fri, 10 Aug 2007 04:33:03 +0200 Received: from [69.70.158.163] (modemcable163.158-70-69.mc.videotron.ca [69.70.158.163]) by mail.korax.net (Postfix) with ESMTP id BE88D170511; Thu, 9 Aug 2007 22:32:30 -0400 (EDT) Message-ID: <46BBCE3E.6020705@nicmus.com> Date: Thu, 09 Aug 2007 22:32:30 -0400 From: Jivko Sabev User-Agent: Thunderbird 1.5.0.12 (X11/20070604) MIME-Version: 1.0 To: Jari Ruusu CC: linux-crypto@nl.linux.org Subject: Re: Help booting a gpg encrypted loop-aes backed root partition References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> <46B9FA3A.9E186B5E@users.sourceforge.net> <20070808200823.GC4781@tatooine.rebelbase.local> <46BA92B6.4040600@nicmus.com> <46BB5321.910C5415@users.sourceforge.net> In-Reply-To: <46BB5321.910C5415@users.sourceforge.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jsabev@nicmus.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Thanks again to all who responded and especially to Jari who built an initrd that works. Using Jari's initrd worked right away without any issues. I suppose ubuntu 7.04 uses some weird combinations of compiler/linker options or their package of dietlibc is somehow incompatible but those are just my speculations and I am by no means an expert at this. FYI: I also tried to build the initrd with USEDIETLIBC=0 and that yielded the same result on ubuntu i.e. it didn't work. Many thanks again. Jivko Jari Ruusu wrote: > [snip] > [snip] > >> No filesystems can mount root tried ext2 ext3 minix >> Kernel panic - not syncing >> VFS: unable to mount rootfs on unknow-block(1,1) >> > > Did you see a password prompt before kernel panic? > > No, there was no password prompt either. It just panicked. Building the intird with USEPIVOT=0 didn't help. > I quickly looked at kernel config that you sent me privately. I didn't see > anything wrong with it. > [snip] > 8048383: 65 8b 15 14 00 00 00 mov %gs:0x14,%edx > > which was put there by gcc compiler. Maybe there is some reasonable > explanation for why that is there, but I didn't immediately see it. > > Can you test an initrd that I created for you? I used this config: > > BOOTDEV=/dev/hda1 > BOOTTYPE=ext2 > CRYPTROOT=/dev/hda2 > ROOTTYPE=ext3 > CIPHERTYPE=AES128 > INITRDONLY=1 > DESTINATIONPREFIX=/tmp > > All other config entries are defaults that are found in unmodified > loop-AES-v3.2a build-initrd.sh script. You can download it here: > > http://koti.tnnet.fi/jari.ruusu/tmp/initrd.gz > http://koti.tnnet.fi/jari.ruusu/tmp/initrd.gz.sign - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Aug 10 15:13:44 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IJUJ8-0008UX-PV; Fri, 10 Aug 2007 15:13:38 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 10 Aug 2007 15:13:05 +0200 (CEST) Received: from mta-1.ms.rz.rwth-aachen.de ([134.130.7.72]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IJUIL-0008TQ-8P for linux-crypto@nl.linux.org; Fri, 10 Aug 2007 15:12:49 +0200 Received: from ironport-out-1.rz.rwth-aachen.de ([134.130.3.58]) by mta-1.ms.rz.RWTH-Aachen.de (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTP id <0JMK0055U6W39O00@mta-1.ms.rz.RWTH-Aachen.de> for linux-crypto@nl.linux.org; Fri, 10 Aug 2007 15:02:27 +0200 (CEST) Received: from talos.rz.rwth-aachen.de (HELO smarthost.rwth-aachen.de) ([134.130.3.22]) by ironport-in-1.rz.rwth-aachen.de with ESMTP; Fri, 10 Aug 2007 15:02:27 +0200 Received: from enterprise.ram.rwth-aachen.de (enterprise.ram.RWTH-Aachen.DE [137.226.68.2]) by smarthost.rwth-aachen.de (8.13.8/8.13.1/1) with ESMTP id l7AD2QpW030308 for ; Fri, 10 Aug 2007 15:02:26 +0200 Received: from localhost (localhost [127.0.0.1]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 10DF05B80C for ; Fri, 10 Aug 2007 15:02:27 +0200 (CEST) Received: from enterprise.ram.rwth-aachen.de ([127.0.0.1]) by localhost (enterprise [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15504-05 for ; Fri, 10 Aug 2007 15:02:26 +0200 (CEST) Received: from tatooine.rebelbase.local (wintergate.ram.rwth-aachen.de [137.226.69.158]) by enterprise.ram.rwth-aachen.de (Postfix) with ESMTP id 9E5885B777 for ; Fri, 10 Aug 2007 15:02:26 +0200 (CEST) Received: by tatooine.rebelbase.local (Postfix, from userid 500) id A95BC1A6324; Fri, 10 Aug 2007 15:04:30 +0200 (CEST) Date: Fri, 10 Aug 2007 15:04:30 +0200 From: markus reichelt Subject: Re: Help booting a gpg encrypted loop-aes backed root partition In-reply-to: <46BBCE3E.6020705@nicmus.com> To: linux-crypto@nl.linux.org Mail-followup-to: linux-crypto@nl.linux.org Message-id: <20070810130430.GA23954@tatooine.rebelbase.local> Organization: still stuck in reorganization mode MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=3V7upXqbjpZ4EhLz Content-disposition: inline X-IronPort-AV: E=Sophos;i="4.19,245,1183327200"; d="scan'208";a="15101599" X-PGP-Key: 0xC2A3FEE4 X-PGP-Fingerprint: FFB8 E22F D2BC 0488 3D56 F672 2CCC 933B C2A3 FEE4 X-Request-PGP: http://mareichelt.de/keys/c2a3fee4.asc X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at enterprise.ram.rwth-aachen.de References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> <46B9FA3A.9E186B5E@users.sourceforge.net> <20070808200823.GC4781@tatooine.rebelbase.local> <46BA92B6.4040600@nicmus.com> <46BB5321.910C5415@users.sourceforge.net> <46BBCE3E.6020705@nicmus.com> User-Agent: Mutt/1.5.13 (2006-08-11) Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ml@mareichelt.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Jivko Sabev wrote: > I suppose ubuntu 7.04 uses some weird combinations of > compiler/linker options or their package of dietlibc is somehow > incompatible but those are just my speculations and I am by no > means an expert at this. FYI: I also tried to build the initrd with > USEDIETLIBC=3D0 and that yielded the same result on ubuntu i.e. it > didn't work. http://trac.autopackage.org/wiki/GlibcVersionsOfDifferentLinuxDistributions lists both glibc and gcc versions of some distros. Let's blame gcc ;) --=20 left blank, right bald --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFGvGJeLMyTO8Kj/uQRAviLAJsEaXgd2vj7xz2kTSHWT4sOcSSKSgCfTySy 3o4b9bWCpzo44VkD0UkN9uE= =vAQA -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Aug 10 19:37:36 2007 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IJYQJ-0005TV-3E; Fri, 10 Aug 2007 19:37:19 +0200 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 10 Aug 2007 19:36:45 +0200 (CEST) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1IJYPT-0005Si-Ku for linux-crypto@nl.linux.org; Fri, 10 Aug 2007 19:36:27 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 5D6D717BD25; Fri, 10 Aug 2007 20:36:26 +0300 (EEST) X-Virus-Scanned: amavisd-new at tnnet.fi Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail.tnnet.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Io1jtZb4pwwP; Fri, 10 Aug 2007 20:36:20 +0300 (EEST) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id B270917BD24; Fri, 10 Aug 2007 20:36:20 +0300 (EEST) Message-ID: <46BCA213.1F8E57E4@users.sourceforge.net> Date: Fri, 10 Aug 2007 20:36:19 +0300 From: Jari Ruusu To: Jivko Sabev Cc: linux-crypto@nl.linux.org Subject: Re: Help booting a gpg encrypted loop-aes backed root partition References: <39527.69.70.158.163.1186490746.squirrel@webmail.korax.net> <20070807130937.GA4781@tatooine.rebelbase.local> <1147.66.46.76.114.1186507341.squirrel@webmail.korax.net> <46B8C85A.A18ADF4@users.sourceforge.net> <58465.69.70.158.163.1186575591.squirrel@webmail.korax.net> <46B9FA3A.9E186B5E@users.sourceforge.net> <20070808200823.GC4781@tatooine.rebelbase.local> <46BA92B6.4040600@nicmus.com> <46BB5321.910C5415@users.sourceforge.net> <46BBCE3E.6020705@nicmus.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Jivko Sabev wrote: > Using Jari's initrd worked right away without any issues. Ok. That narrows the problem down to gcc and dietlibc. > I suppose ubuntu 7.04 uses some > weird combinations of compiler/linker options or their package of > dietlibc is somehow incompatible but those are just my speculations and > I am by no means an expert at this. FYI: I also tried to build the > initrd with USEDIETLIBC=0 and that yielded the same result on ubuntu > i.e. it didn't work. USEDIETLIBC=0 setting is incompatible with some glibc versions, so that could explain that failure. I really need to know what causes this problem. So, I have to harass you with more questions: 1) Can you try creating an initrd using different gcc version? You distro probably has precompiled binary of some gcc-3 version. As in, install that package and change "diet gcc" command at build-initrd.sh script line 635 to "diet gcc-3.3" or something like that. Then create new initrd and boot it. 2) Can you recompile dietlibc from source, using default dietlibc config but with WANT_SYSENTER option disabled? As in, apply the patch below, then compile and install dietlibc normally. Then create new initrd and boot it. 3) Compile using gcc-3 and link with dietlibc that has WANT_SYSENTER option disabled. (Both 1 and 2 at same time) 4) Can you try building an initrd on knoppix? If so, what version of knoppix and what gcc version does it have? Just for the record, that initrd.gz that I created for you was linked to dietlibc that has WANT_SYSENTER disabled. Earlier when I examined that initrd-crypt.gz that you sent me, I said "It seems to be linked to some older version of dietlibc". That was incorrect. Startup code looked different from ones that I compiled, so I incorrectly assumed that it was linked to older version of dietlibc. Sorry. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD --- dietlibc-0.30.orig/dietfeatures.h 2006-04-04 08:35:14.000000000 +0300 +++ dietlibc-0.30/dietfeatures.h 2006-07-04 12:49:34.0000