On Wed, Oct 12, 2016 at 3:34 PM, Josef Wolf <jw@raven.inka.de> wrote:
Hello,
I am using the scheme outlined below to install opensuse with encrypted root partition.
The detailed description how I do this, is described below in this post.
This scheme worked great since about 2008 (don't remember which opensuse release it was in 2008) up to opensuse-13.1, with minor tweaks at every new opensuse release.
Unfortunately, with opensuse-Leap-42.1 it don't work anymore. When booting the new encrypted root, it won't ask for the passphrase. It just hangs.
Without any output at all? You do not even see bootloader?
It looks as if the contents of initrd don't know how to ask for the passphrase.
Any ideas how to track down the problem?
Start with describing in more details what happens.
Here is the procedure how I do it:
I do not see anything related to /etc/crypttab modification (creation) for new encrypted root.
Install base system with a partitioning scheme like this:
/dev/sda1 1g ext2 /boot (unencrypted) /dev/sda2 20g ext4 / (unencrypted) /dev/sda3 20g swap swap (encrypted) /dev/sda4 20g none (encrypted root will go here later)
(device names are just examples here)
When the base system is installed, I do the following:
# create new encrypted filesystem # cryptsetup -v --key-size 256 luksFormat /dev/sda4 cryptsetup luksOpen /dev/sda4 cr_sda4 mkfs.ext4 -O dir_index /dev/mapper/cr_sda4
# mount old (unencrypted) and new (crypted) root filesystems # SRCMNT=/tmp/root-src-$$ DSTMNT=/tmp/root-dst-$$ mkdir -p $SRCMNT $DSTMNT mount -obind / $SRCMNT mount /dev/mapper/cr_sda4 $DSTMNT
# copy contents from unencrypted root to encrypted root # rsync -ax $SRCMNT/ $DSTMNT sync cp /boot/initrd /boot/initrd.backup
# Fix up /etc/fstab on new root (remove old root and add new root to fstab) # perl -ani.bak -e "s#^\S+#/dev/mapper/cr_sda4# if \$F[1] eq '/'; \ print unless \$F[0] eq '/dev/mapper/cr_sda4'" \ $DSTMNT/etc/fstab
# set grub2 defaults on new root (no splash, no resume, quiet boot) # perl -pi.bak -e "s#splash=\S+##; s#resume=\S+#noresume#; s#quiet##;" \ $DSTMNT/etc/default/grub
# make sure grub2-mkconfig can search for operating systems within encrypted root # mount -obind /dev $DSTMNT/dev mount -obind /sys $DSTMNT/sys mount -obind /proc $DSTMNT/proc mount -obind /boot $DSTMNT/boot
# Create /boot/grub2/grub.cfg # cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.backup chroot $DSTMNT /usr/sbin/grub2-mkconfig --output=/boot/grub2/grub.cfg
# add crypt modules to initrd # mkinitrd -d /dev/mapper/cr_sda4 -f "dm luks"
# Clean up and reboot # sync umount $DSTMNT/proc umount $DSTMNT/boot umount $DSTMNT/dev umount $DSTMNT/sys/fs/fuse/connections # FIXME: what the heck? umount $DSTMNT/sys umount $DSTMNT && rmdir $DSTMNT umount $SRCMNT && rmdir $SRCMNT
cryptsetup luksClose cr_sda4
sync reboot
-- Josef Wolf jw@raven.inka.de
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org