I just installed a new Debian machine. It has encrypted root on an IDE disk.
For default 2.6.18 kernel the disk is seen as /dev/hda and encrypted
root is /dev/mapper/hda2_crypt.
For the 2.6.23.x kernel with PATA, the disk is seen as /dev/sda, but the
encrypted device doesn't change its name, and is still
/dev/mapper/hda2_crypt.
To start from a crypted partition, one needs to create a initramfs. This
works fine with the default 2.6.18 kernel, but doesn't work at all with
a kernel using PATA.
A command like below:
mkinitramfs -o /boot/initrd.img-2.6.23.12-pata 2.6.23.12-pata
will create a initrd image which tells the kernel to start the system
from a wrong device - conf/conf.d/hooks/cryptroot in the initrd file
will contain:
target=hda2_crypt,source=/dev/hda2,key=none
Obviously, this will fail on a PATA kernel, which should rather look for
a source on /dev/sda2.
Using LABELs doesn't help as well - then, mkinitramfs doesn't create a
conf/conf.d/cryptroot file at all, and booting fails.
There are several problems with
/usr/share/initramfs-tools/hooks/cryptroot and the way it fetches
information from /etc/fstab:
1. When a LABEL is used for /, it creates an initrd which won't boot
from an encrypted device.
2. When a device is used (like /dev/mapper/hda2_crypt) it mistakenly
assumes it will always be on /dev/hda2. For PATA kernels it's simply not
true.
So far, the only way to overcome this for me is to uncompress an initrd
file, edit conf/conf.d/hooks/cryptroot to contain /dev/hda instead of
/dev/sda (or, editing /etc/fstab before running mkinitramfs, and
changing it back).
Are there any more maintainable ways to make a IDE -> PATA conversion,
where root is on an encrypted partition?
--
Tomasz Chmielewski
http://wpkg.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
