From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1TBffi-0006qh-Sc for mharc-grub-devel@gnu.org; Wed, 12 Sep 2012 01:39:34 -0400 Received: from eggs.gnu.org ([208.118.235.92]:41198) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TBffg-0006qA-U8 for grub-devel@gnu.org; Wed, 12 Sep 2012 01:39:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TBfff-000670-DE for grub-devel@gnu.org; Wed, 12 Sep 2012 01:39:32 -0400 Received: from mail-wg0-f49.google.com ([74.125.82.49]:43259) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TBfff-00066V-3q for grub-devel@gnu.org; Wed, 12 Sep 2012 01:39:31 -0400 Received: by wgbdt14 with SMTP id dt14so828768wgb.30 for ; Tue, 11 Sep 2012 22:39:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type; bh=FHjb/UYLy7Ci+8GwBGJYj1aEDAYLX2qhSPoGcb1X420=; b=o5i3/wRamm6ByeCjf++d4j/tUFu+Fo1TWmAuylPX1/xoANajyjPIWud6JPUyEyR94a 97+MVJHnoZbyOnD7d99+IHml57Ej4BKm0bqC+0jHNMLDI9VUWzUEPexWyzhAJgJ5eety sE62+zBQg/mHJQQMY7K0ca0EkmdZxhJrhzhT6O3qh/JSZ803Mkr4UChbu2CYlgLFdTb7 oOmgB+l4jV2D0GGVHtfKNMI+vNFVABt7mkomaZNHWtVge0cvy5AsT79BLL9mR/k3Qf/C KM06vOBa3ou0od/OABW1VTuSUhU6ENzSlxG2kavnKXGZpkfR0tqC5YJIe4AKzbRMqxj4 5MdA== Received: by 10.216.208.104 with SMTP id p82mr11431922weo.119.1347428369388; Tue, 11 Sep 2012 22:39:29 -0700 (PDT) Received: from debian.x201.phnet (68-73.106-92.cust.bluewin.ch. [92.106.73.68]) by mx.google.com with ESMTPS id t7sm9640091wix.6.2012.09.11.22.39.28 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 11 Sep 2012 22:39:28 -0700 (PDT) Message-ID: <50502008.9020701@gmail.com> Date: Wed, 12 Sep 2012 07:39:20 +0200 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120817 Icedove/10.0.6 MIME-Version: 1.0 To: The development of GNU GRUB Subject: Re: Grub with LUKS support: Passing a reference to the decrypted filesystem to the "linux" command References: <5hafxin601eeac13md39jisn.1347194040233@email.android.com>, In-Reply-To: X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigF18FEDD59DDF731BFB0546F9" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 74.125.82.49 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 05:39:34 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF18FEDD59DDF731BFB0546F9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 12.09.2012 04:34, Steve R wrote: > Hi, >=20 > Haven't heard back any suggestions on how to work my way around this > problem. Hoping the changed subject line is more specific as to the > problem I am running into and would attract some more eyeballs to help > me figure this one out. >=20 > To recap, > I am trying to use Grub 2.00 (with Luks support enabled) to boot a > Debian-live system from an encrypted LUKS partition. /boot is also > located in the encrypted Partition. I am using grub.cfg like below, and= > things work fine (With Grub requesting a password for the encrypted fil= e > system and parsing grub.cfg, displaying the menu, etc.. The problem > arises with the linux command to load the kernel. Loading the > Debian-live based OS requires passing a reference to the file system > hosting the file system, via the live-media kernel command-line > parameter. I am passing this reference as > /dev/disk/by-uuid/ . The UUID I am using is > the one read by blkid when I mounted and decrypted this encrypted > partition from another Linux host. However, this does not work and from= > the debugging output on the console, it appears to be because the path > to the decrypted fs device is invalid. If I mount and decrypt the LUKS > partition from a running Linux OS, this device is always created with > the same UUID, so I expected this to happen when GRUB decrypts the LUKS= > partition. Turns out not to be the case. >=20 > Could someone please point me in the right direction or examples showin= g > grub.cfg for fully encrypted Debian-live based systems (including /boot= ) ? >=20 > Thanks in advance, and apologies for any newbie questions. I am learnin= g > as I go. >=20 > Regards, > Steve. >=20 > -----------------------------------------------------------------------= - > From: survey.response@live.com > To: arbiel.perlacremaz@laposte.net; grub-devel@gnu.org > Subject: RE: RE : Full Disk Encryption (including > Date: Sun, 9 Sep 2012 08:23:48 -0700 >=20 > Hi Arbiel, >=20 > The isofile is set with the leading "/" . The problem appears to be > caused by the fact that the system devices are not created at the time > the kernel is loaded. The LUKS partition appears to be decrypted, since= > I can list the ISO folder under (crypt0), but there is no equivalent > device under /dev that I can pass to the linux command. >=20 > Thanks, > Steve >=20 >=20 > -----------------------------------------------------------------------= - > Date: Sun, 9 Sep 2012 14:38:12 +0200 > Subject: RE : Full Disk Encryption (including > From: arbiel.perlacremaz@laposte.net > To: survey.response@live.com; grub-devel@gnu.org >=20 > Hi >=20 > Did'nt you forget a "/" between the disk's UUID and the variable holdin= g > the file name in the linux command ? >=20 > Arbiel >=20 >=20 >=20 >=20 > Envoy=C3=A9 depuis Samsung Galaxy Note >=20 > Survey Response a =C3=A9crit : > Hi, >=20 > On my USB drive, I have encrypted the entire disk as a single LUKS > encrypted partition. I have the grub files on this partition with an IS= O > image for a Debian-live based distribution. I compiled Grub 2.00 with > the necessary crypto modules and left a larger embedding zone before th= e > first LUKS partition to accommodate the larger second-stage bootloader > (my core.img is about 44K). When I boot off this USB drive, GRUB asks m= e > the password initially for the encrypted drive and then gets to the > point where it brings up the menu, but I couldn't get it to load the > kernel since I need to pass the kernel the system device for the ISO > image (the live-media and fromiso boot parameters below) and I notice > that the devices are not available at the time of loading the kernel (o= r > later, for that matter). Can somebody help me figure out what I am doin= g > wrong? Would be much obliged, since I have been spending some time > trying to figure this out. >=20 > Here is my grub.cfg >=20 > menuentry 'FDE Live' { > =20 > set isofile=3D"/ISOs/linux.iso" >=20 > # The UUID for the encrypted LUKS partition as obtained by > running blkid > set encryptedfs_uuid=3D"377da6816e9a4c7092ae9016a719d04d"=20 >=20 > # The UUID for the decrypted ext4 fs in the LUKS partition > set decryptedfs_uuid=3D"a8604976-269b-4ab1-8ecc-63960f60f008" >=20 > insmod part_msdos > insmod loopback > insmod iso9660 > insmod cryptodisk > insmod luks >=20 > echo 'Mounting encrypted disk ...'=20 > cryptomount -u ${encryptedfs_uuid} >=20 > echo 'Searching for the root fs in the decrypted fs...' > set root=3D(cryptouuid/${encryptedfs_uuid}) > search --no-floppy --fs-uuid --set=3Droot ${decryptedfs_uuid} >=20 > echo 'Setting up a loopback device to the CD image' > loopback loop $root/$isofile > set root=3Dloop >=20 > echo 'Loading Linux Kernel ...' > linux /live/vmlinuz boot=3Dlive > live-media=3D/dev/disk/by-uuid/${decryptedfs_uuid} > fromiso=3D/dev/disk/by-uuid/${decryptedfs_uuid}$isofile > initrd=3D/live/initrd.img config debug video=3D640x480 fbcon=3Dscrollba= ck:128 >=20 > echo 'Loading initial ramdisk ...' > initrd /live/initrd.img > } >=20 > From the debugging output on the console, I see that > /dev/disk/by-uuid/a8604976-269b-4ab1-8ecc-63960f60f008 (the > decryptedfs_uuid) does not exist at the time the linux kernel is being > loaded. I can access this folder from the grub command line using the > Grub drive (cyrptuuid/377da6816e9a4c7092ae9016a719d04d)/ISOs/linux.iso,= > but I need to be able to reference this in a way the linux kernel would= > understand. >=20 Linux simply doesn't have such a way. You need to get Linux guys to add it first. Or to do something with initramfs > Once again, thanks for any help. Pardon any newbie mistakes I may be > making. It's a learning experience for me and I am hoping this would be= > a good exercise in understanding how it all works. >=20 > Thanks, > Steve >=20 >=20 > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel --=20 Regards Vladimir '=CF=86-coder/phcoder' Serbinenko --------------enigF18FEDD59DDF731BFB0546F9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREKAAYFAlBQIA8ACgkQNak7dOguQgmrJwD/QWpI45lXbiDtqvxO2o6yUDCf uKqEzHSh4BdDaOoTBQ8A/RgTg2bkIrJH3wmd0PwIJnJMIrSBnBWZ0662y9xOU21/ =yNnt -----END PGP SIGNATURE----- --------------enigF18FEDD59DDF731BFB0546F9--