• Home
  • Help
  • Search
  • Login
  • Register
Pages: [1]
Author Topic: howto sheeva-with-linux 3.4.2 and encrypted fs  (Read 5311 times)
rray
Newbie
*

Karma: 0
Posts: 11


View Profile
« on: June 12, 2012, 08:22:29 AM »

I have guruplug loading and running Debian Wheezy from a usb harddrive. I have 3.2 Debian kernel and root and swap encrypted. No problem. I loaded 3.4.2 kernel from SwL. I built a initrd and booted up. It asked me for the passphrase for root and swap and appeared to proceed ok then crash. Any ideas what caused this. I do have a third encrypted fs that is user data. It did not get far enough to ask for the passphrase for it.
The root fs is ext3 and the data fs is ext4 if that matters. Built the ramdisk as

update-initramfs -c -k 3.4.2
mkimage -A arm -O linux -T ramdisk -C gzip -a 0x0 -e 0x0 -n "Debian ramdisk 3.4.2" -d /boot/initrd.img-3.4.2 /boot/uInitrd_3.4.2



Uncompressing Linux... done, booting the kernel.
Booting Linux on physical CPU 0
Initializing cgroup subsys cpu
Linux version 3.4.2 (kelly@bbb.internal) (gcc version 4.5.3 (PlugComputer G++ 20110530) ) #4 PREEMPT Mon Jun 11 15:48:21 MDT 2012
CPU: Feroceon 88FR131 [56251311] revision 1 (ARMv5TE), cr=00053977
CPU: VIVT data cache, VIVT instruction cache
Machine: Marvell GuruPlug Reference Board
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 130048
Kernel command line: console=ttyS0,115200
PID hash table entries: 2048 (order: 1, 8192 bytes)
Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Memory: 512MB = 512MB total
Memory: 509528k/509528k available, 14760k reserved, 0K highmem
Virtual kernel memory layout:
    vector  : 0xffff0000 - 0xffff1000   (   4 kB)
    fixmap  : 0xfff00000 - 0xfffe0000   ( 896 kB)
    vmalloc : 0xe0800000 - 0xff000000   ( 488 MB)
    lowmem  : 0xc0000000 - 0xe0000000   ( 512 MB)
    modules : 0xbf000000 - 0xc0000000   (  16 MB)
      .text : 0xc0008000 - 0xc05aca40   (5779 kB)
      .init : 0xc05ad000 - 0xc05d8000   ( 172 kB)
      .data : 0xc05d8000 - 0xc061c630   ( 274 kB)
       .bss : 0xc061c654 - 0xc0677420   ( 364 kB)
SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS:114
gpiochip_add: registered GPIOs 0 to 31 on device: orion_gpio0
gpiochip_add: registered GPIOs 32 to 49 on device: orion_gpio1
sched_clock: 32 bits at 200MHz, resolution 5ns, wraps every 21474ms
Console: colour dummy device 80x30
Calibrating delay loop... 1191.11 BogoMIPS (lpj=5955584)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
Initializing cgroup subsys cpuacct
Initializing cgroup subsys devices
Initializing cgroup subsys freezer
Initializing cgroup subsys blkio
CPU: Testing write buffer coherency: ok
Setting up static identity map for 0x4463a8 - 0x4463e4
devtmpfs: initialized
NET: Registered protocol family 16
Kirkwood: MV88F6281-A1, TCLK=200000000.
Feroceon L2: Enabling L2
Feroceon L2: Cache support initialised.
bio: create slab <bio-0> at 0
vgaarb: loaded
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
Switching to clocksource orion_clocksource
FS-Cache: Loaded
NET: Registered protocol family 2
IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
TCP established hash table entries: 16384 (order: 5, 131072 bytes)
TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
TCP: Hash tables configured (established 16384 bind 16384)
TCP: reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
Trying to unpack rootfs image as initramfs...
Freeing initrd memory: 3596K
NFS: Registering the id_resolver key type
FS-Cache: Netfs 'nfs' registered for caching
jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
JFS: nTxBlock = 4008, nTxLock = 32070
msgmni has been set to 1002
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
io scheduler noop registered
io scheduler deadline registered
io scheduler cfq registered (default)
mv_xor_shared mv_xor_shared.0: Marvell shared XOR driver
mv_xor_shared mv_xor_shared.1: Marvell shared XOR driver
mv_xor mv_xor.0: Marvell XOR: ( xor cpy )
mv_xor mv_xor.1: Marvell XOR: ( xor fill cpy )
mv_xor mv_xor.2: Marvell XOR: ( xor cpy )
mv_xor mv_xor.3: Marvell XOR: ( xor fill cpy )
Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0xf1012000 (irq = 33) is a 16550A
console [ttyS0] enabled
brd: module loaded
loop: module loaded
NAND device: Manufacturer ID: 0xec, Chip ID: 0xdc (Samsung NAND 512MiB 3,3V 8-bit)
Scanning device for bad blocks
Bad eraseblock 2499 at 0x000013860000
Creating 3 MTD partitions on "orion_nand":
0x000000000000-0x000000100000 : "u-boot"
0x000000100000-0x000000500000 : "uImage"
0x000000500000-0x000020000000 : "root"
mv643xx_eth: MV-643xx 10/100/1000 ethernet driver version 1.4
mv643xx_eth smi: probed
mv643xx_eth_port mv643xx_eth_port.0: eth0: port 0 with MAC address f0:ad:4e:01:27:31
mv643xx_eth_port mv643xx_eth_port.1: eth1: port 0 with MAC address 02:50:43:56:a6:2b
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
orion-ehci orion-ehci.0: Marvell Orion EHCI
orion-ehci orion-ehci.0: new USB bus registered, assigned bus number 1
orion-ehci orion-ehci.0: irq 19, io mem 0xf1050000
orion-ehci orion-ehci.0: USB 2.0 started, EHCI 1.00
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver ums-cypress
usbcore: registered new interface driver ums-datafab
usbcore: registered new interface driver ums-freecom
usbcore: registered new interface driver ums-jumpshot
usbcore: registered new interface driver ums-sddr09
usbcore: registered new interface driver ums-sddr55
mousedev: PS/2 mouse device common for all mice
rtc-mv rtc-mv: rtc core: registered rtc-mv as rtc0
i2c /dev entries driver
cpuidle: using governor ladder
cpuidle: using governor menu
sdhci: Secure Digital Host Controller Interface driver
sdhci: Copyright(c) Pierre Ossman
mmc0: mvsdio driver initialized, lacking card detect (fall back to polling)
sdhci-pltfm: SDHCI platform and OF driver helper
usbcore: registered new interface driver usbhid
usbhid: USB HID core driver
TCP: cubic registered
NET: Registered protocol family 10
NET: Registered protocol family 17
lib80211: common routines for IEEE802.11 drivers
Registering the dns_resolver key type
registered taskstats version 1
rtc-mv rtc-mv: setting system clock to 2012-06-12 15:04:22 UTC (1339513462)
Freeing init memory: 172K
Loading, please wait...
mmc0: new high speed SDIO card at address 0001
udevd[636]: starting version 175
usb 1-1: new high-speed USB device number 2 using orion-ehci
sata_mv sata_mv.0: slots 32 ports 1
scsi0 : sata_mv
ata1: SATA max UDMA/133 irq 21
hub 1-1:1.0: USB hub found
hub 1-1:1.0: 4 ports detected
ata1: SATA link down (SStatus 0 SControl F300)
usb 1-1.3: new high-speed USB device number 3 using orion-ehci
usb-storage 1-1.3:1.0: Quirks match for vid 152d pid 2329: 8020
scsi1 : usb-storage 1-1.3:1.0
usbcore: registered new interface driver uas
Begin: Loading essential drivers ... modprobe: module unix not found in modules.dep
done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... device-mapper: ioctl: 4.22.0-ioctl (2011-10-19) initialised: dm-devel@redhat.com
cryptsetup: lvm is not available
cryptsetup: evms_activate is not available
Begin: Waiting for encrypted source device... ... scsi 1:0:0:0: Direct-Access     WDC WD20 EURS-63S48Y0          PQ: 0 ANSI: 2 CCS
sd 1:0:0:0: Attached scsi generic sg0 type 0
sd 1:0:0:0: [sda] 3907029168 512-byte logical blocks: (2.00 TB/1.81 TiB)
sd 1:0:0:0: [sda] Write Protect is off
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
 sda: sda1 sda2 sda3 sda4
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sda] Attached SCSI disk
done.
Unlocking the disk /dev/disk/by-uuid/c34f5d53-8365-469a-aeb0-eb840ac0cc56 (sda2_crypt)
Enter passphrase:
cryptsetup: sda2_crypt set up successfully
Unlocking the disk /dev/disk/by-uuid/a3561ff3-09dc-49cb-b21b-fffe4489a0f1 (sda3_crypt)
Enter passphrase:
cryptsetup: sda3_crypt set up successfully
done.
Begin: Running /scripts/local-premount ... done.
modprobe: module ext3 not found in modules.dep
EXT3-fs (dm-0): mounted filesystem with writeback data mode
Begin: Running /kjournald starting.  Commit interval 5 seconds
scripts/local-bottom ... done.
done.
Begin: Running /scripts/init-bottom ... done.
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

[<c000d240>] (unwind_backtrace+0x0/0xe0) from [<c043f090>] (panic+0x74/0x1b0)
[<c043f090>] (panic+0x74/0x1b0) from [<c0018f20>] (do_exit+0x39c/0x7b8)
[<c0018f20>] (do_exit+0x39c/0x7b8) from [<c001967c>] (do_group_exit+0xb0/0xdc)
[<c001967c>] (do_group_exit+0xb0/0xdc) from [<c002657c>] (get_signal_to_deliver+0x5bc/0x634)
[<c002657c>] (get_signal_to_deliver+0x5bc/0x634) from [<c000aa80>] (do_signal+0xc4/0x4fc)
[<c000aa80>] (do_signal+0xc4/0x4fc) from [<c000b308>] (do_notify_resume+0x18/0x60)
[<c000b308>] (do_notify_resume+0x18/0x60) from [<c0008cb4>] (work_pending+0x24/0x28)



Richard
Logged

cbxbiker61
Global Moderator
Sr. Member
*****

Karma: 38
Posts: 497


View Profile
« Reply #1 on: June 12, 2012, 02:12:07 PM »

Try 3.3.8.
Logged

rray
Newbie
*

Karma: 0
Posts: 11


View Profile
« Reply #2 on: June 13, 2012, 05:52:06 AM »

I built a ramdisk for 3.3.8 and got a little bit farther
Is there a way to contact the people who build the kernels at xilka.com


sd 1:0:0:0: Attached scsi generic sg0 type 0
sd 1:0:0:0: [sda] 3907029168 512-byte logical blocks: (2.00 TB/1.81 TiB)
sd 1:0:0:0: [sda] Write Protect is off
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
 sda: sda1 sda2 sda3 sda4
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sda] Attached SCSI disk
Begin: Loading essential drivers ... modprobe: module unix not found in modules.dep
done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... device-mapper: ioctl: 4.22.0-ioctl (2011-10-19) initialised: dm-devel@redhat.com
Unlocking the disk /dev/disk/by-uuid/c34f5d53-8365-469a-aeb0-eb840ac0cc56 (sda2_crypt)
Enter passphrase:
cryptsetup: sda2_crypt set up successfully
Unlocking the disk /dev/disk/by-uuid/a3561ff3-09dc-49cb-b21b-fffe4489a0f1 (sda3_crypt)
Enter passphrase:
cryptsetup: sda3_crypt set up successfully
done.
Begin: Running /scripts/local-premount ... done.
modprobe: module luks not found in modules.dep
mount: mounting /dev/sda2 on /root failed: No such device
Begin: Running /scripts/local-bottom ... done.
done.
Begin: Running /scripts/init-bottom ... mount: mounting /dev on /root/dev failed: No such file or directory
done.
Target filesystem doesn't have requested /sbin/init.
No init found. Try passing init= bootarg.
modprobe: module i8042 not found in modules.dep
modprobe: module atkbd not found in modules.dep
modprobe: module ehci-hcd not found in modules.dep
modprobe: module uhci-hcd not found in modules.dep
modprobe: module ohci-hcd not found in modules.dep
modprobe: module usbhid not found in modules.dep


BusyBox v1.19.3 (Debian 1:1.19.3-7) built-in shell (ash)
Enter 'help' for a list of built-in commands.

/bin/sh: can't access tty; job control turned off
(initramfs)

Logged

birdman
Sr. Member
****

Karma: 4
Posts: 443


View Profile WWW
« Reply #3 on: June 13, 2012, 11:29:34 AM »

...
Unlocking the disk /dev/disk/by-uuid/c34f5d53-8365-469a-aeb0-eb840ac0cc56 (sda2_crypt)
Enter passphrase:
cryptsetup: sda2_crypt set up successfully
...
mount: mounting /dev/sda2 on /root failed: No such device
Wild guess here (since I've never used encrypted fs)
Should that root device be /dev/sda2_crypt, rather than /dev/sda2?
Logged

rray
Newbie
*

Karma: 0
Posts: 11


View Profile
« Reply #4 on: June 13, 2012, 12:41:21 PM »

If I give bootargs root=/dev/mapper/sda2_crypt or root=/dev/disk/by-uuid/c34f5d53-8365-469a-aeb0-eb840ac0cc56 I get


sd 1:0:0:0: Attached scsi generic sg0 type 0
sd 1:0:0:0: [sda] 3907029168 512-byte logical blocks: (2.00 TB/1.81 TiB)
sd 1:0:0:0: [sda] Write Protect is off
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
 sda: sda1 sda2 sda3 sda4
sd 1:0:0:0: [sda] No Caching mode page present
sd 1:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sda] Attached SCSI disk
Begin: Loading essential drivers ... modprobe: module unix not found in modules.dep
done.
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... device-mapper: ioctl: 4.22.0-ioctl (2011-10-19) initialised: dm-devel@redhat.com
Unlocking the disk /dev/disk/by-uuid/c34f5d53-8365-469a-aeb0-eb840ac0cc56 (sda2_crypt)
Enter passphrase:
cryptsetup: sda2_crypt set up successfully
Unlocking the disk /dev/disk/by-uuid/a3561ff3-09dc-49cb-b21b-fffe4489a0f1 (sda3_crypt)
Enter passphrase:
cryptsetup: sda3_crypt set up successfully
done.
Begin: Running /scripts/local-premount ... done.
modprobe: module ext3 not found in modules.dep
EXT3-fs (dm-0): mounted filesystem with writeback data mode
kjournald starting.  Commit interval 5 seconds
Begin: Running /scripts/local-bottom ... done.
done.
Begin: Running /scripts/init-bottom ... done.
Kernel panic - not syncing: Attempted to kill init!
[<c000d360>] (unwind_backtrace+0x0/0xe0) from [<c04475d4>] (panic+0x74/0x1b0)
[<c04475d4>] (panic+0x74/0x1b0) from [<c0018b88>] (do_exit+0x9c/0x730)
[<c0018b88>] (do_exit+0x9c/0x730) from [<c001955c>] (do_group_exit+0xb0/0xdc)
[<c001955c>] (do_group_exit+0xb0/0xdc) from [<c00273bc>] (get_signal_to_deliver+0x5bc/0x630)
[<c00273bc>] (get_signal_to_deliver+0x5bc/0x630) from [<c000a8e8>] (do_signal+0xc4/0x590)
[<c000a8e8>] (do_signal+0xc4/0x590) from [<c000b294>] (do_notify_resume+0x18/0x60)
[<c000b294>] (do_notify_resume+0x18/0x60) from [<c0008cb4>] (work_pending+0x24/0x28)



Thanks
Richard
Logged

cbxbiker61
Global Moderator
Sr. Member
*****

Karma: 38
Posts: 497


View Profile
« Reply #5 on: June 13, 2012, 04:44:23 PM »

Sanity check... why do you want to encrypt the rootfs?  For a low-power device like a sheevaplug, it doesn't sound very practical (probably not too practical even on high-powered systems).

Why not run an un-encrypted root and mount an encrypted fs somewhere where it makes sense.
Logged

rray
Newbie
*

Karma: 0
Posts: 11


View Profile
« Reply #6 on: June 14, 2012, 05:57:22 AM »

An encrypted root fs is prudent whenever the hardware is in a place where it may be stolen. The Guruplug handles an encrypted root fs just fine as long as I use the stock Debian kernel. But, I wanted to get the wifi working and the best way I know is the SwL kernel. So how do I get the SwL kernel to work with an encrypted root fs? The message, http://www.plugcomputer.org/plugforum/index.php?topic=6145.0, says 3.4.2 and 3.3.8 support dmcrypt.

Richard
Logged

cbxbiker61
Global Moderator
Sr. Member
*****

Karma: 38
Posts: 497


View Profile
« Reply #7 on: June 14, 2012, 08:04:21 PM »

An encrypted root fs is prudent whenever the hardware is in a place where it may be stolen. The Guruplug handles an encrypted root fs just fine as long as I use the stock Debian kernel. But, I wanted to get the wifi working and the best way I know is the SwL kernel. So how do I get the SwL kernel to work with an encrypted root fs? The message, http://www.plugcomputer.org/plugforum/index.php?topic=6145.0, says 3.4.2 and 3.3.8 support dmcrypt.

Richard

No, an encrypted root has no significant advantage over an encrypted /home when you locate the files that need to be secure in you home tree.  The system will definitely be slower since it has to decrypt everything.

In any case I'll see if i can create an encrypted (non-root) partition on my sheevaplug when I get a chance.  I haven't tested that for quite some time.
Logged

rray
Newbie
*

Karma: 0
Posts: 11


View Profile
« Reply #8 on: June 15, 2012, 07:13:57 AM »

I respect your opinion but the question is, a stock unmodified Debian kernel supports an encrypted root fs and a SwL kernel does not, what do I need to do to get the SwL kernel to support an encrypted root fs?
Logged

Pages: [1]
Print
Jump to: