Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Security and Privacy
Reload this Page Boot from fully encrypted disk which looks like unused
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 15th May 2011, 02:08 PM
User000 Offline
Registered User
  
Join Date: May 2011
Posts: 4
windows_98_nt_2000ie
Boot from fully encrypted disk which looks like unused
Using luks is the standard way of boot from an encrypted disk. However luks header is not encrypted and it may cause a security shortcoming when it is necessary to hide the fact of encryption.

Standard section of grub.conf when root file system is placed on an unencrypted disk has the form:
Code:
title Fedora 12
root (hd0,0)
kernel /boot/vmlinuz-2.6.31.12-174.2.3.fc12.i686.PAE ro root=/dev/sda1 LANG=ru_RU.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rhgb quiet
initrd /boot/initramfs-2.6.31.12-174.2.3.fc12.i686.PAE.img
Boot works.

After this I rsync this file system as a whole to a filesystem on an encrypted virtual disk /dev/mapper/hdd2 corresponding to another physical disk, for example /dev/sdb. Then I created an additional section in grub.conf so as to make it possible to boot from /dev/sdb. It looks the same as above, but with some distinctions. Location of bootloader and kernel image is unchanged (1st sector and /boot directory), only root filesystem is transferred onto an encrypted new device.
Code:
title Fedora 12 NEW
root (hd0,0)
kernel /boot/vmlinuz-2.6.31.12-174.2.3.fc12.i686.PAE ro root=/dev/mapper/hdd2 LANG=ru_RU.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rhgb quiet
initrd /boot/initramfs-NEW.img
Two modifications of the initial section have been done:
1. root=/dev/sda1 ---> root=/dev/mapper/hdd2
2. initramfs-2.6.31.12-174.2.3.fc12.i686.PAE.img ---> initramfs-NEW.img

The second modification is needed to prepare /dev/mapper/hdd2 before mounting it as a root filesystem. So changing initramfs is necessary. I did it in the following way.

1. At the beginning of /mount/mount-root.sh, before 'mount' command, I put the string:
Code:
cryptsetup -d /etc/key -c aes-cbc-essiv:sha256 -s 256 create hdd2 /dev/sdb
2. key file is added to /etc

After this I reboot and select the second item in grub menu. During the boot the messages appear:
Quote:
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
(... the same string repeats a number of times ...)
No root device found
Boot has failed, sleeping forever
Please, give me a suggestion what should I do to cope with this issue.
Last edited by User000; 15th May 2011 at 02:15 PM.
Reply With Quote
Reply

Tags
boot, disk, encrypted, fully, unused

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable prompting for passphrase at boot (encrypted disk) jdelisle Security and Privacy 10 26th January 2012 04:36 AM
Need to claim unused disk space jaysun834 Using Fedora 4 24th January 2010 10:00 PM
F12 install fully from disk Tieum Installation and Live Media 2 28th November 2009 06:52 PM
Encrypted Disk Boot BarlasGuclu Using Fedora 1 27th November 2009 06:49 PM
F9 to F10 upgrade, now can't boot encrypted disk ottow Installation and Live Media 9 5th October 2009 08:04 PM


Current GMT-time: 10:46 (Thursday, 23-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat