Cannot boot into encrypted root file system
I am trying to set up encrypted root file system with cryptsetup and LUKS.
This is what I have done:
I created these partitions
~ $ sudo fdisk -l /dev/sda
Password:
Disk /dev/sda: 80.0 GB, 80026361856 bytes
16 heads, 63 sectors/track, 155061 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 31012 15630016+ 7 HPFS/NTFS
/dev/sda2 * 31013 31603 297864 83 Linux
/dev/sda3 31604 145800 57555257 5 Extended
/dev/sda4 145801 155055 4664520 c W95 FAT32 (LBA)
/dev/sda5 31604 141079 55175872+ 83 Linux
/dev/sda6 141080 145800 2379352+ 82 Linux swap / Solaris
Then I installed the base system with sda6 as / and sda2 as /boot.
I used a Kubuntu 7.04 desktop install cd for installation.
Then I created a LUKS partition on sda5 with:
cryptsetup luksFormat /dev/sda5
Then I copied the base installation from sda6 to sda5:
cryptsetup luksOpen /dev/sda5 root
mount /dev/mapper/root /mnt
cp -ax / /mnt
Then I chrooted into /mnt:
mount -o bind /dev /mnt/dev
mount -o bind /proc /mnt/proc
mount -o bind /sys /mnt/sys
chroot /mnt
Then I edited /etc/fstab to look like this:
root@bart:/# cat /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# /dev/sda6
#UUID=c7045f36-
# /dev/mapper/root
#UUID=09712129-
/dev/mapper/root / ext3 defaults,
# /dev/sda2
UUID=aef3f30b-
# /dev/sda1
UUID=80C2F69090
# /dev/sda4
UUID=1B33-0A00 /media/sda4 vfat defaults,
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
Then I edited /etc/crypttab to look like this:
root@bart:/# cat /etc/crypttab
# <target name> <source device> <key file> <options>
root /dev/sda5 none cipher=
Then I edited /boot/grub/menu.lst to look like this:
root@bart:/# cat /boot/grub/menu.lst
# menu.lst - See: grub(8), info grub, update-grub(8)
# grub-install(8), grub-floppy(8),
# grub-md5-crypt, /usr/share/doc/grub
# and /usr/share/
## default num
# Set the default entry to the entry number NUM. Numbering starts from 0, and
# the entry number 0 is the default if the command is not used.
#
# You can specify 'saved' instead of a number. In this case, the default entry
# is the entry saved with the command 'savedefault'.
# WARNING: If you are using dmraid do not change this entry to 'saved' or your
# array will desync and will not let you boot your system.
default 0
## timeout sec
# Set a timeout, in SEC seconds, before automatically booting the default entry
# (normally the first entry defined).
timeout 10
## hiddenmenu
# Hides the menu by default (press ESC to see the menu)
#hiddenmenu
# Pretty colours
color cyan/blue white/blue
## password ['--md5'] passwd
# If used in the first section of a menu file, disable all interactive editing
# control (menu entry editor and command-line) and entries protected by the
# command 'lock'
# e.g. password topsecret
# password --md5 $1$gLhU0/
# password topsecret
#
# examples
#
# title Windows 95/98/NT/2000
# root (hd0,0)
# makeactive
# chainloader +1
#
# title Linux
# root (hd0,1)
# kernel /vmlinuz root=/dev/hda2 ro
#
#
# Put static boot stanzas before and/or after AUTOMAGIC KERNEL LIST
### BEGIN AUTOMAGIC KERNELS LIST
## lines between the AUTOMAGIC KERNELS LIST markers will be modified
## by the debian update-grub script except for the default options below
## DO NOT UNCOMMENT THEM, Just edit them to your needs
## ## Start Default Options ##
## default kernel options
## default kernel options for automagic boot options
## If you want special options for specific kernels use kopt_x_y_z
## where x.y.z is kernel version. Minor versions can be omitted.
## e.g. kopt=root=/dev/hda1 ro
## kopt_2_
## kopt_2_
# kopt=root=
## Setup crashdump menu entries
## e.g. crashdump=1
# crashdump=0
## default grub root device
## e.g. groot=(hd0,0)
# groot=(hd0,1)
## should update-grub create alternative automagic boot options
## e.g. alternative=true
## alternative=false
# alternative=true
## should update-grub lock alternative automagic boot options
## e.g. lockalternative
## lockalternative
# lockalternative
## additional options to use with the default boot option, but not with the
## alternatives
## e.g. defoptions=vga=791 resume=/dev/hda5
# defoptions=
## should update-grub lock old automagic boot options
## e.g. lockold=false
## lockold=true
# lockold=false
## Xen hypervisor options to use with the default Xen boot option
# xenhopt=
## Xen Linux kernel options to use with the default Xen boot option
# xenkopt=
## altoption boot targets option
## multiple altoptions lines are allowed
## e.g. altoptions=(extra menu suffix) extra boot options
## altoptions=
# altoptions=
## controls how many kernels should be put into the menu.lst
## only counts the first occurence of a kernel, not the
## alternative kernel options
## e.g. howmany=all
## howmany=7
# howmany=all
## should update-grub create memtest86 boot option
## e.g. memtest86=true
## memtest86=false
# memtest86=true
## should update-grub adjust the value of the default booted system
## can be true or false
# updatedefaulten
## ## End Default Options ##
title Ubuntu, kernel 2.6.20-15-generic
root (hd0,1)
kernel /vmlinuz-
initrd /initrd.
quiet
savedefault
title Ubuntu, kernel 2.6.20-15-generic (recovery mode)
root (hd0,1)
kernel /vmlinuz-
initrd /initrd.
title Ubuntu, memtest86+
root (hd0,1)
kernel /memtest86+.bin
quiet
### END DEBIAN AUTOMAGIC KERNELS LIST
# This is a divider, added to separate the menu items below from the Debian
# ones.
title Other operating systems:
root
title Ubuntu, encrypted root
root (hd0,1)
#kernel /vmlinuz-
kernel /vmlinuz-
initrd /initrd.
quiet
savedefault
boot
# This entry automatically added by the Debian installer for a non-linux OS
# on /dev/sda4
title Windows NT/2000/XP
root (hd0,3)
savedefault
makeactive
chainloader +1
Then I ran:
update-initramfs -u all
Finally I rebooted.
I selected the entry for the encrypted root fs in the GRUB menu.
Then it started booting.
When it came to this:
sd 0:0:0:0: Attached scsi disk sda
sr0: scsi3-mmc drive: 24x/24x writer cd/rw ca/form2 cdda tray
Uniform CD-ROM driver Revision 3.20
sd 0:0:0:0: Attached scsi generic sg0 type 0
sr 1:0:0:0: Attached generic sg0 type 5
...it just hangs....
Nothing happens. I press Ctrl+Alt+Del to reboot and boot into the normal unencrypted version of Ubuntu.
I hope you can help me set up the system to start the encrypted version, so that I can wipe sda6 and use it as swap. (2.5GB is not much space for a complete system! :))
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- uptimebox
- Solved:
- Last query:
- Last reply: