Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Using Fedora
Reload this Page Auto-unlocking LUKS with keyfile from CD-ROM
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Using Fedora General support for current versions. Ask questions about Fedora and it's software that do not belong in any other forum.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 3rd July 2012, 01:07 AM
CoffeeNKeyboard's Avatar
CoffeeNKeyboard Offline
Registered User
  
Join Date: Sep 2011
Location: Jammed between 2 DDR3 RAM sticks
Posts: 25
linuxfirefox
Auto-unlocking LUKS with keyfile from CD-ROM
On the lines of this thread: Unlocking LUKS with USB key - method - seeking help to improve, I am trying to automatically boot a system with an encrypted drive by pointing it to a keyfile on a CD-ROM. I have revived this laptop to use it as a file server. This would enable me to boot the server when away from home. The reason behind trying the CD-ROM approach is that the USB port contacts are loose and proving to be unreliable.

The boot process appears to go past the point where the password prompt comes up, but fails like so shortly after. Don't have a clue where to start investigating. Any pointers? I'm afraid, I might need a bit of handholding with the commands in this area.

Code:
dracut Warning: unable to process initqueue
dracut Warning: /dev/mapper/vg_cpaqn610c-lv_root does not exist
dracut Warning: /dev/vg_cpaqn610c/lv_root does not exist
dracut Warning: /dev/vg_cpaqn610c/lv_swap does not exist

Dropping to debug shell.

dracut:/#
1. Made a keyfile
# dd if=/dev/urandom of=secretkey bs=512 count=4

2. Burnt the keyfile onto a CD with a label CDRW

3. Added the keyfile to slot 1
cryptsetup luksAddKey /dev/sda2 secretkey --key-slot 1

This step asked for the passphrase, but there was not acknowledgement to confirm that it successfully added the keyfile.

Verified like so
cryptsetup luksDump /dev/sda2
Code:
Key Slot 0: ENABLED
	Iterations:         	32675
	Salt:               	XX XX XX XX XX XX XX XX XX
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: ENABLED
	Iterations:         	40930
	Salt:               	XX XX XX XX XX XX XX XX XX
	Key material offset:	512
	AF stripes:            	4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Booted up with this additional grub argument
rd.luks.key=/secretkey:LABEL=CDRW

Code:
#ls -l /dev/disk/by-label/
total 0
lrwxrwxrwx. 1 root root 9 Jul  3 00:53 CDRW -> ../../sr0
Code:
#ls -l /dev/disk/by-id/
total 0
lrwxrwxrwx. 1 root root  9 Jul  3 00:53 ata-Compaq_DVD-ROM_GDR-8081N -> ../../sr0
lrwxrwxrwx. 1 root root  9 Jul  3 00:53 ata-HTS424040M9AT00_MPA242Q2GPAMTB -> ../../sda
lrwxrwxrwx. 1 root root 10 Jul  3 00:53 ata-HTS424040M9AT00_MPA242Q2GPAMTB-part1 -> ../../sda1
lrwxrwxrwx. 1 root root 10 Jul  3 00:53 ata-HTS424040M9AT00_MPA242Q2GPAMTB-part2 -> ../../sda2
lrwxrwxrwx. 1 root root 10 Jul  3 00:53 dm-name-luks-26290b8b-47aa-47c1-8d81-23a197d2df7a -> ../../dm-0
lrwxrwxrwx. 1 root root 10 Jul  3 00:53 dm-name-vg_cpaqn610c-lv_root -> ../../dm-2
lrwxrwxrwx. 1 root root 10 Jul  3 00:53 dm-name-vg_cpaqn610c-lv_swap -> ../../dm-1
lrwxrwxrwx. 1 root root 10 Jul  3 00:53 dm-uuid-CRYPT-LUKS1-26290b8b47aa47c18d8123a197d2df7a-luks-26290b8b-47aa-47c1-8d81-23a197d2df7a -> ../../dm-0
lrwxrwxrwx. 1 root root 10 Jul  3 00:53 dm-uuid-LVM-pbRVQKyYwcJMsZu8jo0zyIG2gqoEA0BjCLhZjTj5AD1Z4haRz0d1I486PJ26adA5 -> ../../dm-2
lrwxrwxrwx. 1 root root 10 Jul  3 00:53 dm-uuid-LVM-pbRVQKyYwcJMsZu8jo0zyIG2gqoEA0BjvdB8vDf879SckXIPRhkXYTkWfq9Ngisv -> ../../dm-1
__________________
Laptops: HP DV6T-6000 Quad Edition, Dell 510m, Dell D410

System details
Reply With Quote
Reply

Tags
autounlocking, cdrom, keyfile, luks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unlocking LUKS with USB key - method - seeking help to improve gaztronics Using Fedora 37 12th February 2013 12:34 PM
Unlocking a LUKS encrypted root partition via ssh icy-flame Security and Privacy 2 20th May 2010 11:45 PM
Decrypt during boot using luks keyfile on usb drive geofft Security and Privacy 6 20th October 2009 02:53 AM
cryptsetup luks max keyfile support fleshm Security and Privacy 0 22nd July 2009 09:45 AM
mounting encrypted luks partition with keyfile gnapp Using Fedora 0 27th March 2009 08:27 AM


Current GMT-time: 07:43 (Sunday, 19-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat