Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 25/26 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Thread Tools Search this Thread Display Modes
Old 15th May 2011, 02:08 PM
User000 Offline
Registered User
Join Date: May 2011
Posts: 4
Boot from fully encrypted disk which looks like unused

Using luks is the standard way of boot from an encrypted disk. However luks header is not encrypted and it may cause a security shortcoming when it is necessary to hide the fact of encryption.

Standard section of grub.conf when root file system is placed on an unencrypted disk has the form:
title Fedora 12
root (hd0,0)
kernel /boot/vmlinuz- ro root=/dev/sda1 LANG=ru_RU.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rhgb quiet
initrd /boot/initramfs-
Boot works.

After this I rsync this file system as a whole to a filesystem on an encrypted virtual disk /dev/mapper/hdd2 corresponding to another physical disk, for example /dev/sdb. Then I created an additional section in grub.conf so as to make it possible to boot from /dev/sdb. It looks the same as above, but with some distinctions. Location of bootloader and kernel image is unchanged (1st sector and /boot directory), only root filesystem is transferred onto an encrypted new device.
title Fedora 12 NEW
root (hd0,0)
kernel /boot/vmlinuz- ro root=/dev/mapper/hdd2 LANG=ru_RU.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rhgb quiet
initrd /boot/initramfs-NEW.img
Two modifications of the initial section have been done:
1. root=/dev/sda1 ---> root=/dev/mapper/hdd2
2. initramfs- ---> initramfs-NEW.img

The second modification is needed to prepare /dev/mapper/hdd2 before mounting it as a root filesystem. So changing initramfs is necessary. I did it in the following way.

1. At the beginning of /mount/mount-root.sh, before 'mount' command, I put the string:
cryptsetup -d /etc/key -c aes-cbc-essiv:sha256 -s 256 create hdd2 /dev/sdb
2. key file is added to /etc

After this I reboot and select the second item in grub menu. During the boot the messages appear:
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
(... the same string repeats a number of times ...)
No root device found
Boot has failed, sleeping forever
Please, give me a suggestion what should I do to cope with this issue.

Last edited by User000; 15th May 2011 at 02:15 PM.
Reply With Quote

boot, disk, encrypted, fully, unused

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable prompting for passphrase at boot (encrypted disk) jdelisle Security and Privacy 10 26th January 2012 05:36 AM
Need to claim unused disk space jaysun834 Using Fedora 4 24th January 2010 11:00 PM
F12 install fully from disk Tieum Installation, Upgrades and Live Media 2 28th November 2009 07:52 PM
Encrypted Disk Boot BarlasGuclu Using Fedora 1 27th November 2009 07:49 PM
F9 to F10 upgrade, now can't boot encrypted disk ottow Installation, Upgrades and Live Media 9 5th October 2009 08:04 PM

Current GMT-time: 20:25 (Saturday, 19-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin Copyright 2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat