Mailinglist Archive: opensuse (3831 mails)

< Previous Next >
Re: [opensuse] encrypted usb drives - fixed mount points
  • From: "Dennis E. Slice" <dslice@xxxxxxxxxxxxxxxxx>
  • Date: Wed, 17 Jan 2007 21:54:50 -0500
  • Message-id: <45AEE17A.3060502@xxxxxxxxxxxxxxxxx>
[Sorry for the formatting. I wanted to reorder the comments.]

My system works fine, but I was very interested in Carlos' suggestions.
Here are my observations:

> They would mount if available at boot time, if the service is enabled:
>
> nimrodel:~ # chkconfig boot.crypto
> boot.crypto on
>
> and the device is available at that time. It prompts for a password
during
> boot up.

boot.crypto tries, but fails to find the partitions at boot time. In
fact, it fails without delay. The relevant line from the boot.msg is:

Activating crypto devices using /etc/cryptotab ...failed

actually, while booting, there are messages to the effect that the
specified partitions are not available. Later in the file is:

System Boot Control: The system has been set up
Failed features: boot.crypto

It does try to start the USB system and waits 3 seconds before
attempting to mount the encrypted drives. The drive lights are on.
(These are MyBooks that power up/down with the computer.)

> As I mentioned previously, you can also use fstab for encrypted
> partitions. For instance, one of mine:
>
>
> /device_or_file /mnt/crypto xfs
noauto,loop=/dev/loop4,encryption=twofish256 0 0
>
>
> I doubt labels could be used here, but I assume dev-ids would - I never
> thought of that till reading this thread ;-)

Right, there is no way to label an encrypted partition as far as I can
tell. I moved the specs to fstab, but no go. At boot, the system doesn't
seem to know about encryption and just says:

mount: going to use the loop device /dev/loop0
/dev/disk/by-id/usb-WD_<snip>-part1: No such file or directory
mount: failed setting up loop device

for each drive. Here, the drive lights are not yet on.

Subsequently, trying to manually mount the partitions as root gives:

ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key
length (256 bits) not supported by kernel

I am curious as to why the initial boot.crypto fails, why booting with
the specs in fstab doesn't invoke boot.crypto, and why my kernel doesn't
support 256 bit encryptions. Actually, I guess I just didn't specify
something about the latter when I installed, but I'm not going to
reinstall the kernel at this time - everything does work as originally
described.

> sync/nosunc?
>

Not sure the relevance here for encrypted partitions. I am running with
whatever the default is and previous discussions seemed tp focus on
FAT32 files systems and such.

Best, ds

Carlos E. R. wrote:
...<snip>

--
Dennis E. Slice
Department of Anthropology
University of Vienna
========================================================
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups