Mkinitcpio hook for early access to MMC/SD cards

Rad3k · 2009-10-12 15:31:32

Hello everyone

Here's a tiny hook for mkinitcpio, useful when you want to do something with MMC/SD card reader (internal, not usb-based) at boot time.
Personally, I use it together with "encrypt" hook to read the disk encryption key from SD card (easier to carry around and not as visible as usb stick).
It's on AUR: http://aur.archlinux.org/packages.php?ID=31150

I hope someone will find it useful.

Heller_Barde · 2009-10-12 18:07:30

cool idea!I have an old 16MB stick somewhere. sounds perfect for such a project. do you mind telling me how you do it exactly?

cheers
Barde

fijam · 2009-10-12 18:10:10

Also, perhaps this could be merged upstream? You might want to post to arch-general instead of maintaining this in aur.

Babets · 2009-10-12 21:14:14

Rad3k, you could change the url in your pkgbuild to point on this thread, so if someone have troubles can post here

fijam wrote:

Also, perhaps this could be merged upstream? You might want to post to arch-general instead of maintaining this in aur.

I absolutely agree!

Rad3k · 2009-10-12 21:28:38

Heller_Barde
Do you mean, how I've made this hook, or the whole encryption setup?
If the former, then it's no big deal:
First I looked at the existing usb hook, and used it as a base for this one. Then, I wrote simple udev rule to load all modules needed for card reader to work. Just look at the files - there are two of them, both only few lines long. The most difficult part was understanding first how the hooks work, and all the udev stuff, to know what I actually need to make my own.

fijam
I considered this, but I didn't know what exactly should I do, and posting it in AUR and this forum seemed the best thing to do first.

Babets
Good idea, I'll change the url.

flamelab · 2009-10-12 21:36:27

Inform the devs, it's a good idea.

Rad3k · 2009-10-12 22:09:51

Ok, I've updated the PKGBUILD (and also made it somewhat conformant to Arch Packaging Guidelines )

The most important thing is now: Does this work for someone else than me?
I just want to know if I didn't forget to include something in the package. So, if someone tested it, any feedback would be appreciated.

tomk · 2009-10-12 22:54:52

If you want it considered for merging into the mkinitcpio package, post a feature request in the bugtracker with all the details.

Heller_Barde · 2009-10-13 18:56:38

Rad3k wrote:

Heller_Barde
Do you mean, how I've made this hook, or the whole encryption setup?

I was referring to your whole setup. Like what file belongs on that card and stuff. E-Mail or PM me, this thread is probably not the right place.

cheers Barde

Last edited by Heller_Barde (2009-10-13 18:57:02)

fijam · 2009-10-13 19:40:20

Heller_Barde wrote:

Rad3k wrote:
Heller_Barde
Do you mean, how I've made this hook, or the whole encryption setup?
I was referring to your whole setup. Like what file belongs on that card and stuff. E-Mail or PM me, this thread is probably not the right place.
cheers Barde

Why not? It's relevant, and I am curious as well.

Rad3k · 2009-10-13 20:42:09

As for encryption setup, this was my primary source of information:
http://wiki.archlinux.org/index.php/Sys … r_dm-crypt

The setup is basically as follows:
All partitions (except one) are encrypted using LUKS, but each separately (no LVM or anything like that, they're plain partitions).
One small partition is left unencrypted and used as /boot .
"encrypt" hook in mkinitcpio is enabled in order to boot from encrypted root.
Encryption keys for partitions other that root are stored in /etc/crypttab .
Boot command line has "cryptdevice=/dev/encrypted root partition:root" and "root=/dev/mapper/root" set.

This is sufficient for booting with passphrase.
I've decided not to store a key on SD card in a file, but to hide it between MBR and first partition, like explained in wiki: http://wiki.archlinux.org/index.php/Sys … _partition
To properly do this, you have to be careful - for example, depending on the length of your key, there may be not enough space for it. Sometimes this can be "fixed" by playing with geometry settings of your card in cfdisk. Generally, you'll rather want to know well what you're doing. It took me some time to figure where exactly I can put the key, and it involved using hex editors, calculating size and offset (converting values between bytes and blocks), but telling you the numbers is pointless, because they vary between different setups.

So, once I put the key on a card, I've added "cryptkey=/dev/mmcblk0:offset:size", and of course enabled mmc hook in mkinitcpio. Now I only have to plug the card for a few seconds at the boot time, no typing passwords. I have to admit that it's pretty convenient that way, and in most circumstances much more secure than typing passwords all the time.

buq2 · 2010-02-24 20:27:04

Rad3k wrote:

The most important thing is now: Does this work for someone else than me?

I just installed arch on my netbook (HP Mini 5101) and your contribution works perfectly. Thank you
I would like to add that I had to use /dev/disk/by-uuid/xx instead of /dev/sdb1 to get it working reliably.

Rad3k · 2010-02-24 20:55:32

I'm glad that you find it useful

Now that I know it works (not only for me, that is), maybe I'll consider poking devs to include it in base mkinitcpio package. But as I'm either busy or lazy person most of the time, I really don't know when it might happen If someone else felt like doing this, I have nothing against. Just Share & Enjoy

pielgrzym · 2010-03-19 00:23:52

Thanks for the hook! Works flawlessly

I'd like to mention a thing that might be not so obvious to anyone: you have to include proper modules in MODULE array in mkinitcpio.conf. In my case it was sd_mod.

Great work, thanks again

Rad3k · 2010-03-19 07:46:39

You're welcome
There's a couple of things that bug me though. I assume you tried and it didn't work without the hook. It seems a bit strange that you had to add sd_mod to mkinitcpio.conf - the modules for card reader are supposed to be taken care of in the hook itself. So, if you're using integrated reader you shouldn't need sd_mod (I may be wrong though, it's based only on my experience, not on an in-depth knowledge of kernel drivers). If your card reader is usb based (some internal card readers are) then you shouldn't need this hook to make it work. There's a usb hook for mkinitcpio. It includes sd_mod, so maybe you could try using this one instead of mine and see if it works.

Arch Linux

#1 2009-10-12 15:31:32

Mkinitcpio hook for early access to MMC/SD cards

#2 2009-10-12 18:07:30

Re: Mkinitcpio hook for early access to MMC/SD cards

#3 2009-10-12 18:10:10

Re: Mkinitcpio hook for early access to MMC/SD cards

#4 2009-10-12 21:14:14

Re: Mkinitcpio hook for early access to MMC/SD cards

#5 2009-10-12 21:28:38

Re: Mkinitcpio hook for early access to MMC/SD cards

#6 2009-10-12 21:36:27

Re: Mkinitcpio hook for early access to MMC/SD cards

#7 2009-10-12 22:09:51

Re: Mkinitcpio hook for early access to MMC/SD cards

#8 2009-10-12 22:54:52

Re: Mkinitcpio hook for early access to MMC/SD cards

#9 2009-10-13 18:56:38

Re: Mkinitcpio hook for early access to MMC/SD cards

#10 2009-10-13 19:40:20

Re: Mkinitcpio hook for early access to MMC/SD cards

#11 2009-10-13 20:42:09

Re: Mkinitcpio hook for early access to MMC/SD cards

#12 2010-02-24 20:27:04

Re: Mkinitcpio hook for early access to MMC/SD cards

#13 2010-02-24 20:55:32

Re: Mkinitcpio hook for early access to MMC/SD cards

#14 2010-03-19 00:23:52

Re: Mkinitcpio hook for early access to MMC/SD cards

#15 2010-03-19 07:46:39

Re: Mkinitcpio hook for early access to MMC/SD cards

Board footer