Hi, Haven't heard back any suggestions on how to work my way around this problem. Hoping the changed subject line is more specific as to the problem I am running into and would attract some more eyeballs to help me figure this one out. To recap,I am trying to use Grub 2.00 (with Luks support enabled) to boot a Debian-live system from an encrypted LUKS partition. /boot is also located in the encrypted Partition. I am using grub.cfg like below, and things work fine (With Grub requesting a password for the encrypted file system and parsing grub.cfg, displaying the menu, etc.. The problem arises with the linux command to load the kernel. Loading the Debian-live based OS requires passing a reference to the file system hosting the file system, via the live-media kernel command-line parameter. I am passing this reference as /dev/disk/by-uuid/<uuid-of-the-decrypted-fs> . The UUID I am using is the one read by blkid when I mounted and decrypted this encrypted partition from another Linux host. However, this does not work and from the debugging output on the console, it appears to be because the path to the decrypted fs device is invalid. If I mount and decrypt the LUKS partition from a running Linux OS, this device is always created with the same UUID, so I expected this to happen when GRUB decrypts the LUKS partition. Turns out not to be the case. Could someone please point me in the right direction or examples showing grub.cfg for fully encrypted Debian-live based systems (including /boot) ? Thanks in advance, and apologies for any newbie questions. I am learning as I go. Regards,Steve.
From: [email protected] To: [email protected]; [email protected] Subject: RE: RE : Full Disk Encryption (including Date: Sun, 9 Sep 2012 08:23:48 -0700 Hi Arbiel, The isofile is set with the leading "/" . The problem appears to be caused by the fact that the system devices are not created at the time the kernel is loaded. The LUKS partition appears to be decrypted, since I can list the ISO folder under (crypt0), but there is no equivalent device under /dev that I can pass to the linux command. Thanks,Steve Date: Sun, 9 Sep 2012 14:38:12 +0200 Subject: RE : Full Disk Encryption (including From: [email protected] To: [email protected]; [email protected] Hi Did'nt you forget a "/" between the disk's UUID and the variable holding the file name in the linux command ? Arbiel Envoyé depuis Samsung Galaxy Note Survey Response <[email protected]> a écrit : Hi, On my USB drive, I have encrypted the entire disk as a single LUKS encrypted partition. I have the grub files on this partition with an ISO image for a Debian-live based distribution. I compiled Grub 2.00 with the necessary crypto modules and left a larger embedding zone before the first LUKS partition to accommodate the larger second-stage bootloader (my core.img is about 44K). When I boot off this USB drive, GRUB asks me the password initially for the encrypted drive and then gets to the point where it brings up the menu, but I couldn't get it to load the kernel since I need to pass the kernel the system device for the ISO image (the live-media and fromiso boot parameters below) and I notice that the devices are not available at the time of loading the kernel (or later, for that matter). Can somebody help me figure out what I am doing wrong? Would be much obliged, since I have been spending some time trying to figure this out. Here is my grub.cfg menuentry 'FDE Live' { set isofile="/ISOs/linux.iso" # The UUID for the encrypted LUKS partition as obtained by running blkid set encryptedfs_uuid="377da6816e9a4c7092ae9016a719d04d" # The UUID for the decrypted ext4 fs in the LUKS partition set decryptedfs_uuid="a8604976-269b-4ab1-8ecc-63960f60f008" insmod part_msdos insmod loopback insmod iso9660 insmod cryptodisk insmod luks echo 'Mounting encrypted disk ...' cryptomount -u ${encryptedfs_uuid} echo 'Searching for the root fs in the decrypted fs...' set root=(cryptouuid/${encryptedfs_uuid}) search --no-floppy --fs-uuid --set=root ${decryptedfs_uuid} echo 'Setting up a loopback device to the CD image' loopback loop $root/$isofile set root=loop echo 'Loading Linux Kernel ...' linux /live/vmlinuz boot=live live-media=/dev/disk/by-uuid/${decryptedfs_uuid} fromiso=/dev/disk/by-uuid/${decryptedfs_uuid}$isofile initrd=/live/initrd.img config debug video=640x480 fbcon=scrollback:128 echo 'Loading initial ramdisk ...' initrd /live/initrd.img} >From the debugging output on the console, I see that >/dev/disk/by-uuid/a8604976-269b-4ab1-8ecc-63960f60f008 (the decryptedfs_uuid) >does not exist at the time the linux kernel is being loaded. I can access this >folder from the grub command line using the Grub drive >(cyrptuuid/377da6816e9a4c7092ae9016a719d04d)/ISOs/linux.iso, but I need to be >able to reference this in a way the linux kernel would understand. Once again, thanks for any help. Pardon any newbie mistakes I may be making. It's a learning experience for me and I am hoping this would be a good exercise in understanding how it all works. Thanks,Steve
_______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
