boot from LVM2 device on loop-aes
Matthias Teege
I've created some LVM2 volumes on a loop-aes device which works
great. I put
mkdir /stick
mount -r -t vfat /dev/sdb4 /stick
losetup -e AES256 -K /stick/key.gpg /dev/loop0 /dev/sda3
in my initrd.scripts before the vgscan/vgchange commands but the
losetup in busybox doesn't understand all commandline switches.
Is it possible to boot from an LVM2 volume on top of loopaes? How
do I setup it correct?
Many thanks
Matthias
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
Jari Ruusu
> I've created some LVM2 volumes on a loop-aes device which works
> great. I put
>
> mkdir /stick
> mount -r -t vfat /dev/sdb4 /stick
> losetup -e AES256 -K /stick/key.gpg /dev/loop0 /dev/sda3
>
> in my initrd.scripts before the vgscan/vgchange commands but the
> losetup in busybox doesn't understand all commandline switches.
>
> Is it possible to boot from an LVM2 volume on top of loopaes? How
> do I setup it correct?
You need to use loop-AES version of losetup in your initrd.
Try copying a statically linked version of losetup to your USB-stick.
mkdir /stick
mount -r -t vfat /dev/sdb4 /stick
/stick/losetup -e AES256 -K /stick/key.gpg -G / /dev/loop0 /dev/sda3
^^^^^^^ ^^^^
To compile statically linked version of losetup, add this to util-linux
configure comand:
CFLAGS=-O2 LDFLAGS="-s -static" ./configure
^^^^^^^^^^^^^^^^^^^^
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
Jari Ruusu
> > mkdir /stick
> > mount -r -t vfat /dev/sdb4 /stick
> > /stick/losetup -e AES256 -K /stick/key.gpg -G / /dev/loop0 /dev/sda3
>
> after the lines above. Losetup ask for the password but I've got
> no output from losetup -a after giving the password. There are no
> error messages. Do I need something else?
Statically linked gpg program must be in /bin/ or /usr/bin/ or /usr/local/bin/
losetup uses gpg to decrypt the key file.