Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Problems with cryptsetup keyfile encrypted root partition under Debian 9, i386
Operating Systems Linux Debian Problems with cryptsetup keyfile encrypted root partition under Debian 9, i386 Post 303024527 by tyuxar on Wednesday 10th of October 2018 11:19:03 AM
Old 10-10-2018
Problems with cryptsetup keyfile encrypted root partition under Debian 9, i386
Hello, i'm trying to set up a machine with an encrypted filesystem. It's a Debian 9/i386.

The partition table on /dev/sda
Code:
1.    1 MiB BIOS BOOT  (04) N/A  N/A
2.  256 MiB Linux      (83) ext4 /boot
3. 2304 MiB Linux      (83) ext4 /
4.    1 MiB MINIX      (81) N/A  N/A
5.  510 MiB Linux swap (82) swap swap

When i finished the partitioning, i run these:
Code:
dd if=/dev/urandom of=/dev/sda4 bs=1 count=512
echo 'YES' | cryptsetup -v -c aes-xts-plain64 -s 512 -h sha256 -i 2000 --keyfile-size=512 luksFormat /dev/sda3 /dev/sda4
cryptsetup -c aes-xts-plain64 -d /dev/sda4 -s 512 -i 2000 --keyfile-size=512 open --type=plain /dev/sda3 eldcr
mkfs.ext4 -F /dev/sda2
e2label /dev/sda2 BootLabel
mkfs.ext4 -F /dev/mapper/eldcr
e2label /dev/mapper/eldcr RootLabel
mkdir -p /mnt/disk
mount /dev/mapper/eldcr /mnt/disk
mkswap /dev/sda5

/etc/fstab looks like this:
Code:
/dev/disk/by-partuuid/<partuuid of /dev/sda2> /boot ext4 errors=remount-ro 0 1
/dev/mapper/eldcr / ext4 errors=remount-ro 0 1
/dev/disk/by-partuuid/<partuuid of /dev/sda5> none swap sw 0 0

/etc/crypttab:
Code:
eldcr /dev/disk/by-partuuid/<partuuid of /dev/sda3> /dev/disk/by-partuuid/<partuuid of /dev/sda4> luks,cipher=aes-xts-plain64,size=512,hash=sha256,keyfile-size=512,time=2000,keyscript=getlukskey.sh

/etc/initramfs-tools/conf.d/cryptroot:
Code:
CRYPTROOT=target=eldcr,source=/dev/disk/by-partuuid/<partuuid of /dev/sda3>

I modified some lines in /etc/default/grub:
Code:
GRUB_ENABLE_CRYPTODISK=y
GRUB_PRELOAD_MODULES="luks cryptodisk"
GRUB_CMDLINE_LINUX=""
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/disk/by-partuuid/<partuuid of /dev/sda3>:eldcr root=/dev/mapper/eldcr cryptopts=target=eldcr,source=/dev/disk/by-partuuid/<partuuid of /dev/sda3>,keyscript=getlukskey.sh crypto=sha256:aes-xts-plain64:512:0:0

The scripts:

/lib/cryptsetup/scripts/getlukskey.sh:
Code:
#!/bin/sh
dd if=/dev/disk/by-partuuid/<partuuid of /dev/sda4> bs=1 count=512 2>/dev/null

/usr/share/initramfs-tools/hooks/glkcopy:
Code:
#!/bin/sh -e
PREREQS=""
case $1 in
        prereqs) echo "${PREREQS}"; exit 0;;
esac
. /usr/share/initramfs-tools/hook-functions
copy_exec /lib/cryptsetup/scripts/getlukskey.sh /bin
copy_exec /sbin/cryptsetup
copy_exec /sbin/dmsetup
copy_exec /lib/cryptsetup/askpass

And i added the following modules to /etc/initramfs-tools/modules: chainiv, cryptomgr, krng, cbc, ecb, ctr, aes, sha256, xts, dm-mod, dm-crypt

Then i install grub and make the initramfs:
Code:
grub-install --target=i386-pc --skip-fs-probe --efi-directory=/ --boot-directory=/boot --root-directory=/ /dev/sda
grub-mkconfig -o /boot/grub/grub.cfg
update-initramfs -c -k all

and in the end "update-initramfs -u -k". (The creation does not include my script, so i have to update it again...)

Result is "cryptsetup (eldcr): unknown fstype, bad password or options?" when i try to boot.

What is the problem?

I also tried to remove the "keyscript" from the boot options and the crypttab and put "cryptkey=/dev/disk/by-partuuid/<partuuid of /dev/sda4>:0:512" into the boot options. Then when i run the initramfs update it says: "WARNING: root target eldcr uses a key file, skipped." And after boot it asks for a password...

Any idea?
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Partition Problems

I just finished installing Solaris 5.8 and I tried to install StarOffice, it said I was out of room. Now I have a 3 gig HD and I THOUGHT that I gave 512 to swap and kept the rest for storage room. How do I check how much room I have, how would I if I figured out I don't have enough room add... (5 Replies)
Discussion started by: veitcha
5 Replies

2. Linux

partition problems!

Hey, haha i'm back! Just when i thought everythign was working fine and dandy i found out that i screwed up my partitions way back when i set teh computer up like 5 months ago...lol. SO! I have decided to format....jus tcause this is my learning computer and install RH9 or whatever the... (15 Replies)
Discussion started by: byblyk
15 Replies

3. Solaris

increasing root / partition

Dear all, I have a root partition which is 20 G in size. I have var and /tmp as seperate file systems. But this 20 G of root is not sufficeint. I want to increase the size of the / partition. Is there any way to increase with out down time. my df -k output is Filesystem ... (4 Replies)
Discussion started by: jegaraman
4 Replies

4. IP Networking

iptables forward public IP, no NAT, Debian i386

Hello all, got kinda problem. Have two machines in LAN, one of them connected to Internet directly, another one must be forwarded through the first one. Masquerading works perfectly, but is not what is needed here. Both machines have public IP addresses, when the second machine is forwarded its... (0 Replies)
Discussion started by: Action
0 Replies

5. Solaris

Need to partition root

Hello guys, I am using Solaris 10 x86 OS. While installing OS i have allocated entire 10 GB space to the root. Now i am not able to create new partition it says me "out of range" or "<cylinder number> not expected". Can someone please help me to allocated a default recommended space i.e 8GB or... (2 Replies)
Discussion started by: bhargav90
2 Replies

6. Red Hat

Removing encrypted lvm partition

Hi guys, let me start by saying I appreciate your assistance always. I was practicing how to encrypt partitions in my server. I encrypted an lvm partition using luks and when I tried to remove the partition using lvremove, I get this message Logical volume vg10/lvol1 is used by another... (2 Replies)
Discussion started by: cjashu
2 Replies

7. Ubuntu

Cannot access or boot encrypted drive (gave up waiting for root device...)

I cannot access or boot from my C drive. I'm running Zorin 9 and the drive is a Samsung SSD. The disk was encrypted on install, and that has not given me any problems before. When I start the system it gets to the memory test page, and does not then load the password prompt, which it used to.... (1 Reply)
Discussion started by: David4321
1 Replies

8. Ubuntu

Regarding OS partition and root user

Dear Concern, I am new in ubuntu. Is root user disable in ubuntu? Also, is os partition default in ubuntu? I don't find any feature to create customize mount point to install OS. Below is my current OS partition. amirislam@blnidapp03:~$ df -h Filesystem Size Used... (1 Reply)
Discussion started by: makauser
1 Replies
All times are GMT -4. The time now is 03:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy