Re: encryption of root filesystem

[Boryeu Mao]

After following up on the suggestions (and thinking some more), I am
concluding that a bootable encrypted root filesystem is perhaps an
over-kill for my need to have in one iso image a complete copy of my
system (including the encrypted home) - the latter for example can be
stored in an encrypted loop-back file easily enough.

For bootable root filesystem, indeed it seems possible (e.g.
http://askubuntu.com/questions/95392/how-to-create-a-bootable-system-with-a-squashfs-root
), with the aid of live-boot and live-boot-initramfs-tools, etc.  For
myself though, for now this would be left a project for another day.
Help and suggestions were much appreciated.

On 3/10/14, Boryeu Mao boryeu@gmail.com wrote:
 I am running SL via 'livecd-iso-to-disk' from
 XL-65-x86_64-2014-02-06-LiveDVD.iso, with an encrypted home.  Although
 my overlay is fairly large, I don't know (yet) the rate at which it
 will grow but expect it to be full eventually, at which point the
 system would become un-bootable (as it is abundantly pointed out in
 the livecd-iso-do-disk man page).  In preparation for such an
 eventuality I made an iso of the system fashioned after the LiveDVD
 iso; for this iso image, it would be simpler not to treat the home
 directory separatly but to include it in the root filesystem, if that
 could be encryted, thus my query.

 Thanks all for the replies - I will try to followup the pointers and
 suggestions.

 Regards,
 Boryeu

 On 3/10/14, David Sommerseth sl+us...@lists.topphemmelig.net wrote:
 On 07/03/14 18:33, Boryeu Mao wrote:
 In building a bootable DVD image (in the manner of
 SL-65-x86_64-2014-02-06-LiveDVD.iso), is it possible to encrypt the
 system?  If so, should the file LiveOS/squashfs.img be encrypted, or
 the file ext3fs.img contained therein? and what other changes (for
 example in the boot configuration) would be needed?   Hopefully this
 is a question not outside of the design goals.  Thanks in advance for
 any help/pointers.

 I've never thought of this need.  I don't know if it's possible.  The
 only thing which cannot be encrypted normally, is /boot.  Grub does not
 support encryption, but as long as grub can load a kernel and initrd,
 the root fs can pretty much be encrypted.  You just need to be sure the
 initrd contains the needed tools to decrypt the file system (such as
 cryptsetup and so on).  Dracut has fairly good encryption support these
 days.  So it should be possible.

 I'm sorry I don't have any wise pointers right now.


 --
 kind regards,

 David Sommerseth

Re: Upgraded to SL 6.5 - no ethernet

[Connie Sieh]

On Thu, 13 Mar 2014, Larry Linder wrote:


On one of our development systems the Internet quit working after a power
failure and a reboot.   We suspect that that a new kernel was downloaded by
Yum and never took effect till a reboot occurred sometime later.
History:
We know that the realtech driver for chip set RTL 8111/8168B works with SL
5.4 - 5.10.  The problem is with SL 6.1 - 6.5.  Same box same hardware.

A long time ago we installed a special kernel from ELRepo.org to fix the
problem with SL 6.4.

SL 6.4 later was updated to SL 6.5 and still no Ethernet -

ifconfig shows that it can receive but not transmit as before.

Would it be appropriate to reinstall the
kernel-lt-3.10.32-1.el6.elrepo.x86_64.rpm date  28 Feb. 14
to fix the problem.

Second question: How do you turn automatic updates OFF.

Larry Linder



You can boot with the prior kernel to verify that it is a newer kernel 
that caused the net to not work.  It should still be on your system.


-Connie Sieh