Hello together, just like before the CRUX 2.5 release I packed together a test iso with support for an ecrypted root partition (on setup-time).
I'd really like to get your feedback on this. Technically speaking there were not much changes that had to be done to the ISO repository, the diff [1] is really tiny. A new package named cryptsetup-initrd got added and its name makes its purpose quite obvious: it will enable you to build the required initial ram disk that allows the system to decrypt / during startup. I put the raw package [2] up for review, too. The test ISO [3] can be downloaded, too though I will upload a slightly fixed version tomorrow adressing a special use case mentioned in the /init script. To make your live easier I provide some documentation [4] covering the new parts for installation. The passphrase you have to provide your partition(s) could be provided via a USB-stick, too. This scenario is not yet covered by my documentation but I will add this, as soon as possible. Please let me know if you can think of any other ``authentication-scenario" that you would like to have added. There's only one issue left that may require discussion: when the boot process leaves initrd (switch_root /newroot) the real root's /dev directory is already mounted as tmpfs + populated but /sbin/start_udev calls ,---- [ head -2 /sbin/start_udev ] | # mount /dev as a tmpfs; note: some video drivers require exec access in /dev | /bin/mount -n -t tmpfs udev /dev -o exec,nosuid,mode=0755 | `---- so we end up with an (almost) empty /dev-directory. My idead was to check for the existence of /etc/.dev_populated (which would be creatd by our initrd before switch_root). If the file is available, start_udev should not (re)mount /dev but delete /etc/.dev_populated and continue execution after line #3. Currently this is not implemented so you'll have to comment out the command in /sbin/start_udev. Comments/Suggestions/critique is welcome! [1] https://serverop.de/~tek/crux-dmcrypt/ISO.DIFF [2] https://serverop.de/~tek/crux-dmcrypt/cryptsetup-initrd/ [3] https://serverop.de/~tek/crux-dmcrypt/crux-2.6-test0a.iso https://serverop.de/~tek/crux-dmcrypt/crux-2.6-test0a.iso.md5 [4] https://serverop.de/~tek/crux-dmcrypt/DM-CRYPT-STEPS kind regards, Thomas Penteker --
pgp6H25Onepm0.pgp
Description: PGP signature
_______________________________________________ crux-devel mailing list [email protected] http://lists.crux.nu/mailman/listinfo/crux-devel
