grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RE : Full Disk Encryption (including

From: Survey Response
Subject: RE: RE : Full Disk Encryption (including
Date: Sun, 9 Sep 2012 08:23:48 -0700
Hi Arbiel,

The isofile is set with the leading "/" . The problem appears to be caused by the fact that the system devices are not created at the time the kernel is loaded. The LUKS partition appears to be decrypted, since I can list the ISO folder under (crypt0), but there is no equivalent device under /dev that I can pass to the linux command.

Thanks,
Steve


Date: Sun, 9 Sep 2012 14:38:12 +0200
Subject: RE : Full Disk Encryption (including
From: address@hidden
To: address@hidden; address@hidden

Hi

Did'nt you forget a "/" between the disk's UUID and the variable holding the file name in the linux command ?

Arbiel




Envoyé depuis Samsung Galaxy Note

Survey Response <address@hidden> a écrit :
Hi,

On my USB drive, I have encrypted the entire disk as a single LUKS encrypted partition. I have the grub files on this partition with an ISO image for a Debian-live based distribution. I compiled Grub 2.00 with the necessary crypto modules and left a larger embedding zone before the first LUKS partition to accommodate the larger second-stage bootloader (my core.img is about 44K). When I boot off this USB drive, GRUB asks me the password initially for the encrypted drive and then gets to the point where it brings up the menu, but I couldn't get it to load the kernel since I need to pass the kernel the system device for the ISO image (the live-media and fromiso boot parameters below) and I notice that the devices are not available at the time of loading the kernel (or later, for that matter). Can somebody help me figure out what I am doing wrong? Would be much obliged, since I have been spending some time trying to figure this out.

Here is my grub.cfg

menuentry 'FDE Live' {
        
        set isofile="/ISOs/linux.iso"

        # The UUID for the encrypted LUKS partition as obtained by running blkid
        set encryptedfs_uuid="377da6816e9a4c7092ae9016a719d04d" 

        # The UUID for the decrypted ext4 fs in the LUKS partition
        set decryptedfs_uuid="a8604976-269b-4ab1-8ecc-63960f60f008"

        insmod part_msdos
        insmod loopback
        insmod iso9660
        insmod cryptodisk
        insmod luks

        echo 'Mounting encrypted disk ...' 
        cryptomount -u ${encryptedfs_uuid}

        echo 'Searching for the root fs in the decrypted fs...'
        set root=(cryptouuid/${encryptedfs_uuid})
        search --no-floppy --fs-uuid --set=root ${decryptedfs_uuid}

        echo 'Setting up a loopback device to the CD image'
        loopback loop $root/$isofile
        set root=loop

        echo 'Loading Linux Kernel ...'
        linux  /live/vmlinuz boot=live live-media=/dev/disk/by-uuid/${decryptedfs_uuid} fromiso=/dev/disk/by-uuid/${decryptedfs_uuid}$isofile initrd=/live/initrd.img config debug video=640x480 fbcon=scrollback:128

        echo 'Loading initial ramdisk ...'
        initrd /live/initrd.img
}

From the debugging output on the console, I see that /dev/disk/by-uuid/a8604976-269b-4ab1-8ecc-63960f60f008 (the decryptedfs_uuid) does not exist at the time the linux kernel is being loaded. I can access this folder from the grub command line using the Grub drive (cyrptuuid/377da6816e9a4c7092ae9016a719d04d)/ISOs/linux.iso, but I need to be able to reference this in a way the linux kernel would understand.

Once again, thanks for any help. Pardon any newbie mistakes I may be making. It's a learning experience for me and I am hoping this would be a good exercise in understanding how it all works.

Thanks,
Steve
reply via email to
[Prev in Thread] Current Thread [Next in Thread]