On 2014-08-09 14:17, peng wrote:
Hi All,
I followed http://www.cyrius.com/debian/kirkwood/qnap/ts-219/ and
converted my NAS to Debian. I tried the following,
1. raid0 (1G) as swap(encrypted as well with random key) and raid1
(rest of 2x1T); luks on raid1; lvm on luks; /root and /home on lvm
2. raid0 (1G) and raid1 (rest of 2x1T); lvm on luks; /root and /home on
lvm.
Seceraio 2 works. sceraio 1 doesn't. Even I was able to put in
passphrase during initial boot via console, it's landing in initram
sys mode.
My intention is to have a fully encrypted NAS. I thought that
kernel/initramdisk on the internal Flash of NAS (which was instralled
by installer script) would good enough to serve as function of a
seperate /boot (which would host kernel/initramdisk image). It seems
not so.
My question is , do we still have to rely on /boot on disk (be it on
Harddisk or a seperate usb), even we have kernel/initramd on the
flash, to make this full encryption working?
many thanks
Peng
So, here's my test.
1. Sole relying U-boot/kernel/initramd, with /root on hard disk, I can
enter passphrase for luks (for /root), but will land in shell and
complain lacking of /dev/ram.
2. Creating a seperate /boot either on harddisk or separate usb disk,
with /boot on luks on harddisk, I can enter passphrase for luks , but
will land in shell and it complains lacking of /dev/ram.
3. without luks, it works.
So, What seems to have caused this problem of not making luks work?
The other question is, whether the following are correct boot sequence?
U-boot----> Kernel on flash-->initramd on flash--> /boot/kernel on hard
disk and /boot/initramd on harddisk ---> /root.
or
U-boot----> Kernel on flash-->initramd on flash--> ---> /root.
On a typical linux system, it would be , Grub--->/boot/kernel+initramd
on hardisk---->/root.
Please help to clarrify.
thakns
peng
--
To UNSUBSCRIBE, email to debian-arm-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/0ed514927fab186ca35c1e80eb3eb...@f2f10.com