Cryptkey kernel option not working

babyface · 2009-08-06 13:53:19

Hello,
I installed an ubuntu distro (please to trow me any stone ) with all partitions encrypted (except boot of course) and following this :
http://wiki.archlinux.org/index.php/..._1st_partition
I found out that if added to kernel option, root partition can be unlock with a key stored on a block-device sectors with the cryptkey option (cryptkey=/dev/sd[a-z]:OFFSET:SIZE) but it doesn't seam to work for me.
It keeps asking for passphrase for root partition at boot. Do I have to build a custom kernel that support this option ?
Is this an initrd issue or a kernel issue ?
By the way I also add a "test" key to root partition from internal drive to be sure it's not usb related and I get the same none working cryptkey kernel option.
Tried also with initrd with no root partition in crypttab to be sure it doesn't ask for passphrase but then it doesn't even try unlock root partition on boot.
I suspect it to be kernel to recompile to get the option working but I'm not sure.

Profjim · 2009-08-06 14:07:29

This is a hook that works with the initrd's created by Arch. Are you trying to decrypt the partitions while booting into Ubuntu? Then you'd have to rely on whatever hooks they provide through their initrd-making tools. The kernel doesn't itself do anything with the cryptkey argument. It's just passed to the Arch tools on the initrd.

babyface · 2009-08-06 18:25:52

Could you tell me where to find instructions to build this correct initrd so cryptkey option would work ?
Or could you tell me what files to copy and/or modify in the /etc/initramfs-tools/ folder if it's not to heavy to explain so I could adapt it to my ubuntu distro ?
In fact my root partition is crypt and it works fine with passphrase. I would just like to have this cryptkey option to work so I would not have to enter the passphrase as luks slot 1 is key stored on an SD card sectors. I notice in console (if cryptkey option is set) that AFTER entering luks passphrase for root partition I get directly after root part is mount a log like
19+0 records in
19+0 records out
like for dd command except that option I pass doesn't match 19 blocks but 5 (weard I know)
So I'm kind of lost as I don't know where to start.
Could I get Arch's initrd and boot my ubuntu with it ?

Profjim · 2009-08-06 18:50:11

It would take close familiarity with the sources of the Arch and Ubuntu initrd-making tools, to port this over to Ubuntu.

To do it in Arch, you add "encrypt" to your HOOKS line in /etc/mkinitcpio.conf. Then you rebuild your initrd:

sudo mkinitcpio -p kernel26

Then you add the right arguments to your kernel line in /boot/grub/menu.lst. I recommend reading /lib/initcpio/install/encrypt and /lib/initcpio/hooks/encrypt and http://wiki.archlinux.org/index.php/Sys … r_dm-crypt and http://wiki.archlinux.org/index.php/Con … mkinitcpio.

Arch Linux

#1 2009-08-06 13:53:19

Cryptkey kernel option not working

#2 2009-08-06 14:07:29

Re: Cryptkey kernel option not working

#3 2009-08-06 18:25:52

Re: Cryptkey kernel option not working

#4 2009-08-06 18:50:11

Re: Cryptkey kernel option not working

Board footer