[Bug 445737] New: Root filesystem encryption mount fails
https://bugzilla.novell.com/show_bug.cgi?id=445737 Summary: Root filesystem encryption mount fails Product: openSUSE 11.1 Version: Beta 5 Platform: x86-64 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: dbailey@datanetworks.com QAContact: qa@suse.de Found By: Beta-Customer Following the work-around in http://en.opensuse.org/Encrypted_Root_File_System since YaST does not support root file encryption, testing with openSUSE 11.1 beta 5, I am no longer given the opportunity to enter the LUKS/dm-crypt password for my partitions and mounting root fails. I have tried to add the pertinent kernel modules manually to see if this helps, but I cannot find the right combination to do so. Optimally, a good way to resolve this would just be to make YaST allow root filesystem encryption using the technologies stated in the article. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445737
David Bailey
https://bugzilla.novell.com/show_bug.cgi?id=445737
David Bailey
https://bugzilla.novell.com/show_bug.cgi?id=445737
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445737#c1
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=445737
User dbailey@datanetworks.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445737#c2
--- Comment #2 from David Bailey
https://bugzilla.novell.com/show_bug.cgi?id=445737
User dbailey@datanetworks.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445737#c3
--- Comment #3 from David Bailey
https://bugzilla.novell.com/show_bug.cgi?id=445737
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445737#c4
--- Comment #4 from Ludwig Nussel
BTW- the script appears to have a couple bugs.
Well, fortunately it's just a hack and nothing I'd publish widely :-)
1. The awk line mangled my luks_root= (or luks_crypt_root= ?) statements as well as removing the root= statement.
They are not needed. The mkinird records those values so the generated initrd automatically uses them (at least if you call mkinitrd in a chroot).
2. On the encrypted root mounted on /mnt, the /etc/fstab must be updated for the filesystem to boot correctly, or even though you decrypted the partition at boot, you are still mounting the unencrypted partition.
IIRC that doesn't happen as / is already mounted by the kernel. fsck will likely check the wrong partition though. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com