[solved] how to set up in Syslinux LUKS encrypted root to run system?

infoslaw · 2013-07-29 12:02:12

Hi,
I'm just wondering if somebody can share experience about LUKS encrypted root in syslinux to password request before run system.

I have two partitions:

sda1 - boot
sda2 - root LUKS password encrypted

I added in /etc/mkinitcpio.conf

in line:
HOOKS="(base udev) ... encrypt ... filesystems ..."

then generated initramfs:
mkinitcpio -p linux

installed and configured bootloader:
pacman -S syslinux

edited syslinux config:
nano /boot/syslinux/syslinux.cfg

where:
LABEL Arch
MENU LABEL Arch Linux
LINUX ../vmlinuz-linux
APPEND root=/dev/mapper/cryptroot cryptdevice=/dev/sda2:cryptroot ro
INITRD ../initramfs-linux.im

Syslinux running OK but can't find encrypted device and give me password request

Have afraid that missing something. Could you help me please? Thank you.

Last edited by infoslaw (2013-07-31 12:33:20)

infoslaw · 2013-07-29 14:08:27

whenever running Syslinux hook [encrypt]....

Waiting 10 seconds for device /dev/mapper/cryptroot
ERROR: device '/dev/mapper/cryptroot' not found. Skipping fsck.
ERROR: Unable to find root device 'dev/mapper/cryptroot'.
Tou are being dropped to a recovery shell
Type 'exit' to try and continue booting
sh: can't access tty; job control turned off
[rootfs /]#

Any idea?

Last edited by infoslaw (2013-07-29 14:08:45)

Gregosky · 2013-07-29 17:22:45

So during boot do you get password prompt or not?

Strike0 · 2013-07-29 17:39:20

infoslaw wrote:

...
HOOKS="(base udev) ... encrypt ... filesystems ..."
....
INITRD ../initramfs-linux.im

You are missing a "g" at the end of ".img". Additionally please post your HOOK line exactly like your config. The one up there is a 1:1 copy from the abbreviated wiki example.

jasonwryan · 2013-07-29 18:03:35

Not an Installation issue. moving to NC...

infoslaw · 2013-07-29 21:12:38

Gregosky wrote:

So during boot do you get password prompt or not?

Unfortunately no password at prompt.

infoslaw · 2013-07-29 21:16:50

Strike0 wrote:

infoslaw wrote:
...
HOOKS="(base udev) ... encrypt ... filesystems ..."
....
INITRD ../initramfs-linux.im
You are missing a "g" at the end of ".img". Additionally please post your HOOK line exactly like your config. The one up there is a 1:1 copy from the abbreviated wiki example.

Strike0 sorry my mistake just type from finger. of course it is initramfs-linux.img

jasonwryan · 2013-07-29 21:20:36

Please paste your entire syslinux.cfg and mkinitcpio.conf files.

Strike0 · 2013-07-29 21:55:31

Typos happen. To do what jasonwryan asks, you can boot from a system with network (e.g. the Arch live-iso), unlock and mount /dev/sda2 (see wiki), and paste the conf files like this

 curl -F 'sprunge=@-' http://sprunge.us </mnt/etc/mkinitcpio.conf

or, without network, copy them around to where they are accessible to post.

infoslaw · 2013-07-30 12:16:30

sorry guys I wiped hard disk last night on test machine
I trying to find best solution to encrypt personal data (/home) before deploying on "live" machine. I highly appreciate if you can recommend something for me.

weirddan455 · 2013-07-30 16:20:57

You can use LUKS to my encrypt /home if it's a seperate partition (and you won't have to mess with your mkinitcpio.conf if root is unencrypted.) There are other solutions that may be able to encrypt /home even if it shares a partition with root. eCryptfs comes to mind but I've never used it so I'll leave you to search the wiki if that's what you need.

cfr · 2013-07-31 01:31:00

Depending on your concerns, encrypting /home may or may not be enough. If you don't use swap, you don't need to worry about encrypting that but there will still be some data in log files etc.

infoslaw · 2013-07-31 12:34:42

I choose LUKS on /home sda4. Thank you very much for your help.

Amanda S · 2013-09-25 09:35:42

I think I'm close to discovering how to encrypt everything except /boot. I'll get back in a few hours. Also https://gist.github.com/sch1zo/5653983/ … ch_base.sh

EDIT: Oh, you solved your issue already. Sorry.

Last edited by Amanda S (2013-09-25 09:36:35)

crs · 2014-12-02 17:29:28

this worked for me:

* add "encrypt" to HOOKS in /etc/mkinitcpio.conf
run "mkinitcpio -p linux"

* Change the APPEND line in /boot/syslinux/syslinux.cfg to
APPEND cryptdevice=/dev/sda1:rootfs root=/dev/mapper/rootfs rw

jasonwryan · 2014-12-02 17:32:25

Please don't necrobump, especially solved threads. The information you posted is in the wiki.
https://wiki.archlinux.org/index.php/Fo … Bumping.27

Closing

Arch Linux

#1 2013-07-29 12:02:12

[solved] how to set up in Syslinux LUKS encrypted root to run system?

#2 2013-07-29 14:08:27

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#3 2013-07-29 17:22:45

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#4 2013-07-29 17:39:20

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#5 2013-07-29 18:03:35

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#6 2013-07-29 21:12:38

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#7 2013-07-29 21:16:50

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#8 2013-07-29 21:20:36

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#9 2013-07-29 21:55:31

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#10 2013-07-30 12:16:30

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#11 2013-07-30 16:20:57

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#12 2013-07-31 01:31:00

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#13 2013-07-31 12:34:42

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#14 2013-09-25 09:35:42

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#15 2014-12-02 17:29:28

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

#16 2014-12-02 17:32:25

Re: [solved] how to set up in Syslinux LUKS encrypted root to run system?

Board footer