[SOLVED] Root Encrypted Filesystem (LUKS)

chendler · 2007-06-09 15:47:41

Hello dudez! I just installed new fresh copy of Arch (Duke) here is my fstab

/dev/sda1 -> boot -> ext2
/dev/sda2 -> / -> reiserfs (/dev/mapper/root)

I cant boot it normal from beginnig always get same stuff

:: Checking Filesystems [BUSY]
/dev/mapper/root:  Reiserfs super block in block 16 on /dev/mapper/root of format 3.6 with standard journal
Blocks (total/free): 5000096/4884772 by 4096 bytes
Filesystem is clean
/dev/sda1: clean, 32/24096 files, 18360/96356 blocks

************** FILE SYSTEM CHECK FAILED ***************
Please repair manually and reboot. Note that the root
fileystem is currentyl mounted read-only. To remount
it read-write type: mount -n -o remount,rw /

blablabla

I checked all filesystems and they are clean and I still cant reboot! Help me please

Last edited by chendler (2007-06-09 21:29:28)

brain0 · 2007-06-09 16:47:58

Your /etc/fstab should have /dev/mapper/root as device for /, not /dev/sda2.

chendler · 2007-06-09 17:08:57

it have /dev/mapper/root ;p

brain0 · 2007-06-09 17:44:48

Could you paste your fstab then?

chendler · 2007-06-09 18:08:40

here it is:

none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0

/dev/cdrom /mnt/cdrom iso9660 ro,user,noauto,unhide 0 0
/dev/mapper/archive /mnt/archive reiserfs defaults 0 1
/dev/mapper/data /mnt/data reiserfs defults 0 1
/dev/mapper/home /home reiserfs defaults 1 2
/dev/mapper/root / reiserfs defaults 0 1
/dev/sda1 /boot ext2 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0

I rewrited it by hand casue I dont have connection under arch till I boot

Last edited by chendler (2007-06-09 18:09:58)

brain0 · 2007-06-09 19:14:07

Obviously, at least one of the filesystems in /dev/mapper hasn't been opened. You could disable the filesystem check by putting a 0 in the last column to make your system boot.

chendler · 2007-06-09 21:28:46

w00t thx brain0 ! I boot the arch finally. I notice that I dont have proper lines in /etc/crypttab
I make it

# NAME          SOURCE DEVICE           PASSWORD                OPTIONS
home            /dev/sda3               ASK
data            /dev/sda4               ASK
archive         /dev/sdb2               ASK

that for one, and rewrite the /etc/fstab

# <file system>         <dir>           <type>          <options>             <dump> <pass>
none                    /dev/pts        devpts          defaults                0       0
none                    /dev/shm        tmpfs           defaults                0       0
/dev/cdrom              /mnt/cdrom      iso9660         ro,user,noauto,unhide   0       0
/dev/mapper/archive     /mnt/archive    reiserfs        defaults                0       2
/dev/mapper/data        /mnt/data       reiserfs        defaults                0       2
/dev/mapper/home        /home           reiserfs        defaults                0       2
/dev/mapper/root        /               reiserfs        defaults                0       2
/dev/sda1               /boot           ext2            defaults                0       1
/dev/mapper/swap        swap            swap            defaults                0       0

and finally everything works cool and fast!! except this one line at boot

Configuring System Clock [FAIL]
dunno why is it so I got proper date after login anyway;p

brain0 · 2007-06-10 10:27:29

chendler wrote:

w00t thx brain0 ! I boot the arch finally. I notice that I dont have proper lines in /etc/crypttab
I make it
# NAME          SOURCE DEVICE           PASSWORD                OPTIONS
home            /dev/sda3               ASK
data            /dev/sda4               ASK
archive         /dev/sdb2               ASK
that for one, and rewrite the /etc/fstab

As your root is already encrypted anyway, I recommend the following:

- Create a directory for keyfiles: mkdir /etc/crypttab.d; chmod 700 /etc/crypttab.d
- Create a keyfile: dd if=/dev/urandom of=/etc/crypttab.d/home bs=1K count=10; chmod 400 /etc/crypttab.d/home
- Add the keyfile as a second passphrase: cryptsetup luksAddKey /dev/sda3 /etc/crypttab.d/home (you have to enter your passphrase)
- Change /etc/crypttab to use it: home /dev/sda3 /etc/crypttab.d/home

Do that for the other two as well. Now you only have to enter the passphrase for your root when you start the system, but you can still open the partitions with their own passphrase if necessary.

chendler · 2007-06-10 13:31:17

Is it possible to get AES key from partition when someone for example get a root with exploit on my encrypted shell?

rochus · 2007-10-16 07:12:51

Configuring System Clock [FAIL]
dunno why is it so I got proper date after login anyway;p

Sorry for opening a solved thread, but do you have a solution to the Configuring System Clock failure? This happens to me, too...

Arch Linux

#1 2007-06-09 15:47:41

[SOLVED] Root Encrypted Filesystem (LUKS)

#2 2007-06-09 16:47:58

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

#3 2007-06-09 17:08:57

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

#4 2007-06-09 17:44:48

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

#5 2007-06-09 18:08:40

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

#6 2007-06-09 19:14:07

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

#7 2007-06-09 21:28:46

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

#8 2007-06-10 10:27:29

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

#9 2007-06-10 13:31:17

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

#10 2007-10-16 07:12:51

Re: [SOLVED] Root Encrypted Filesystem (LUKS)

Board footer