[crux-devel] CRUX 2.6 Testiso with dm-crypt support

Thomas Penteker tek at serverop.de
Tue Aug 4 22:43:15 UTC 2009


Hello together,

just like before the CRUX 2.5 release I packed together a test iso with
support for an ecrypted root partition (on setup-time).

I'd really like to get your feedback on this.

Technically speaking there were not much changes that had to be done to the
ISO repository, the diff [1] is really tiny.
A new package named cryptsetup-initrd got added and its name makes its purpose
quite obvious: it will enable you to build the required initial ram disk that
allows the system to decrypt / during startup.
I put the raw package [2] up for review, too.

The test ISO [3] can be downloaded, too though I will upload a slightly fixed
version tomorrow adressing a special use case mentioned in the /init script.

To make your live easier I provide some documentation [4] covering the new parts
for installation.

The passphrase you have to provide your partition(s) could be provided via a 
USB-stick, too.  This scenario is not yet covered by my documentation but I
will add this, as soon as possible. Please let me know if you can think of any
other ``authentication-scenario" that you would like to have added.

There's only one issue left that may require discussion:
when the boot process leaves initrd (switch_root /newroot) the real root's
/dev directory is already mounted as tmpfs + populated but /sbin/start_udev
calls

,---- [ head -2 /sbin/start_udev  ]
| # mount /dev as a tmpfs; note: some video drivers require exec access in /dev
| /bin/mount -n -t tmpfs udev /dev -o exec,nosuid,mode=0755
|
`----
so we end up with an (almost) empty /dev-directory.

My idead was to check for the existence of /etc/.dev_populated (which
would be creatd by our initrd before switch_root). If the file is available,
start_udev should not (re)mount /dev but delete /etc/.dev_populated and
continue execution after line #3.

Currently this is not implemented so you'll have to comment out the command in
/sbin/start_udev.


Comments/Suggestions/critique is welcome!


[1] https://serverop.de/~tek/crux-dmcrypt/ISO.DIFF
[2] https://serverop.de/~tek/crux-dmcrypt/cryptsetup-initrd/
[3] https://serverop.de/~tek/crux-dmcrypt/crux-2.6-test0a.iso
    https://serverop.de/~tek/crux-dmcrypt/crux-2.6-test0a.iso.md5
[4] https://serverop.de/~tek/crux-dmcrypt/DM-CRYPT-STEPS


kind regards, Thomas Penteker
-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.crux.nu/pipermail/crux-devel/attachments/20090805/8005cc6e/attachment.asc>


More information about the crux-devel mailing list