[opensuse-security] 'failed' msg in /var/log/boot.msg when encrypted swap set to use "empty password"?
I've setup an encrypted SWAP partition on a RAID-1 array. In /etc/fstab, I've, /dev/mapper/cr_md1 swap swap defaults 0 0 @ SWAP encryption setup, I selected "empty password", assuming that's the equivalent of using random/variable passwords. system boots OK, but i note in /var/log/boot.msg egrep "md1|swap" /var/log/boot.msg <6>Command line: root=/dev/system/ROOT resume=/dev/md1 ... <5>Kernel command line: root=/dev/system/ROOT resume=/dev/md1 ... <6>md: md1 stopped. <6>raid1: raid set md1 active with 2 out of 2 mirrors <6>md1: bitmap initialized from disk: read 1/1 pages, set 0 bits <6>created bitmap (8 pages) for device md1 Trying manual resume from /dev/md1 Invoking userspace resume from /dev/md1 Trying manual resume from /dev/md1 Invoking in-kernel resume from /dev/md1 doneActivating swap-devices in /etc/fstab... ---> donePlease enter passphrase for /dev/md1 (cr_md1): /dev/md1... failed doneActivating remaining swap-devices in /etc/fstab... is that, "Please enter passphrase for /dev/md1 (cr_md1): /dev/md1... failed" a problem? I'm unclear, as I've noticed nothing else relevant in any logs :-/ How can I specifically validate that encryption on the swap partition if functioning correctly? Thanks. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Wed, Jan 14, 2009 at 11:03 AM, PGNet <pgnet.trash+ossec@gmail.com> wrote:
a problem?
apparently, yes ... piecing together info from ubuntu forums, this process works, echo "cr_md1 /dev/md1 /dev/urandom swap" > /etc/crypttab where the '/dev/urandom', above, tells the encryption to use a random, not empty ('none', as selecting "empty password" sets up) password. then, replacing my 'swap' line in /etc/fstab with /dev/mapper/cr_md1 swap swap defaults 0 0 and, ensuring, in /etc/sysconfig/kernel INITRD_MODULES="... dm_mod dm-crypt aes sha1 sha256 sha512 ..." on reboot I no longer see in /var/log/boot.msg Please enter passphrase for /dev/md1 (cr_md1): Enter passphrase: rather, ... doneActivating swap-devices in /etc/fstab... doneSetting up swapspace version 1, size = 522096 KiB ... which looks right.
How can I specifically validate that encryption on the swap partition if functioning correctly?
i still am unclear how one verifies that swap encryption is working. i'll dig a bit more ... hints appreciated. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-01-14 at 13:59 -0800, PGNet wrote: ..
i still am unclear how one verifies that swap encryption is working.
i'll dig a bit more ... hints appreciated.
Look: nimrodel:~ # file -s /dev/hda5 /dev/hda5: Linux/i386 swap file (new style) 1 (4K pages) size 1574361 pages Label 320_swap If you do that on your md1 and it is recognized as swap, then it is not encrypted. Instead, you should get that result on /dev/mapper/cr_md1 - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklufvcACgkQtTMYHG2NR9XeyACfSaKty7Kqxo/GI1yOnSKqSewC LAgAn3/xV6IqT0+zXFLuVL/xJoVQxLVm =aqO+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Carlos, On Wed, Jan 14, 2009 at 4:10 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
If you do that on your md1 and it is recognized as swap, then it is not encrypted. Instead, you should get that result on /dev/mapper/cr_md1
looks like i'm ok, then, file -s /dev/md1 /dev/md1: data file -s /dev/mapper/cr_md1 /dev/mapper/cr_md1: Linux/i386 swap file (new style) 1 (4K pages) size 130524 pages Thanks! -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (2)
-
Carlos E. R. -
PGNet