diff options
author | Miroslav Kure <kurem@upcase.inf.upol.cz> | 2006-07-04 20:02:54 +0000 |
---|---|---|
committer | Miroslav Kure <kurem@upcase.inf.upol.cz> | 2006-07-04 20:02:54 +0000 |
commit | 8eab3810da3a17a03b04212208b735b536a51293 (patch) | |
tree | adf06a7a55130a8dedc4b596ee12524d08187f38 /en/boot-new | |
parent | a9531a74121c40c37414d0eee697b7d0eb0b2db0 (diff) | |
download | installation-guide-8eab3810da3a17a03b04212208b735b536a51293.zip |
Added crypto bits to the manual
Diffstat (limited to 'en/boot-new')
-rw-r--r-- | en/boot-new/boot-new.xml | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/en/boot-new/boot-new.xml b/en/boot-new/boot-new.xml index d2452f3d2..faef837d0 100644 --- a/en/boot-new/boot-new.xml +++ b/en/boot-new/boot-new.xml @@ -187,6 +187,153 @@ for more information. </sect2> </sect1> + <sect1 id="mount-encrypted-volumes"> + <title>Mounting encrypted volumes</title> + +<para> + +If you created encrypted volumes during the installation and assigned +them mount points, you will be asked to enter the passphrase for each +of these volumes during the boot. The actual procedure differs +slightly between dm-crypt and loop-AES. + +</para> + + <sect2 id="mount-loop-aes"> + <title>loop-AES</title> + +<para> + +For partitions encrypted via loop-AES you will be shown the following +prompt during the boot: + +<informalexample><screen> +mount: going to use loop device /dev/loop<replaceable>X</replaceable> +Password: +</screen></informalexample> + +In the first line of the prompt, <replaceable>X</replaceable> is the +number of the loop device. You are now probably wondering +<emphasis>for which volume</emphasis> you are actually entering the +passphrase. Does is relate to your <filename>/home</filename>? Or to +<filename>/var</filename>? Of course, if you have just one encrypted +volume, this is easy and you can just enter the passphrase you used +when setting up this volume. If you set up more than one encrypted +volume during the installation, the notes you wrote down as the last +step in <xref linkend="partman-crypto"/> come in handy. If you did not +make a note of the mapping between +<filename>loop<replaceable>X</replaceable></filename> and the mount +points before, you can still find it +in <filename>/etc/fstab</filename> of your new system. + +</para><para> + +No characters (even asterisks) will be shown while entering the +passphrase. Be careful, you have only <emphasis>one try</emphasis>. If +you enter wrong passphrase, an error message will appear and the boot +process will skip that volume and continue to mount the next +filesystem. Please see <xref linkend="crypto-troubleshooting"/> for +further information. + +</para><para> + +After entering all passphrases the boot should continue as usual. + +</para> + </sect2> + + <sect2 id="mount-dm-crypt"> + <title>dm-crypt</title> + +<para condition="FIXME"> + +TODO: write something once it works. + +</para> + </sect2> + + <sect2 id="crypto-troubleshooting"> + <title>Troubleshooting</title> + +<para> + +If some of the encrypted volumes could not be mounted because a wrong +passphrase was entered, you will have to mount them manually after the +boot. There are several cases. + +</para> + +<itemizedlist> +<listitem><para> + +The first case concerns the root partition. When it is not mounted +correctly, the boot process will halt and you will have to reboot the +computer to try again. + +</para></listitem> +<listitem><para> + +The easiest case is for encrypted volumes holding data like +<filename>/home</filename> or <filename>/srv</filename>. You can +simply mount them manually after the boot. For loop-AES this is +one-step operation: + +<informalexample><screen> +<prompt>#</prompt> <userinput>mount <replaceable>/mount_point</replaceable></userinput> +<prompt>Password:</prompt> +</screen></informalexample> + +where <replaceable>/mount_point</replaceable> should be replaced by +the particular directory (e.g. <filename>/home</filename>). The only +difference from an ordinary mount is that you will be asked to enter +the passphrase for this volume. + +</para><para> + +For dm-crypt this is a bit trickier. First you need to register the +volumes with <application>device mapper</application> by running: + +<informalexample><screen> +<prompt>#</prompt> <userinput>/etc/init.d/cryptdisks start</userinput> +</screen></informalexample> + +This will scan all volumes mentioned +in <filename>/etc/crypttab</filename> and will create appropriate +devices under the <filename>/dev</filename> directory after entering +the correct passphrases. (Already registered volumes will be skipped, +so you can repeat this command several times without worrying.) After +successful registration you can simply mount the volumes the usual +way: + +<informalexample><screen> +<prompt>#</prompt> <userinput>mount <replaceable>/mount_point</replaceable></userinput> +</screen></informalexample> + +</para></listitem> +<listitem><para> + +If the volumes holding noncritical system files could not be mounted +(<filename>/usr</filename> or <filename>/var</filename>), the system +should still boot and you should be able to mount the volumes manually +like in the previous case. However, you will also need to (re)start +any services usually running in your default runlevel because it is +very likely that they were not started. The easiest way to achieve +this is by switching to the first runlevel and back by entering + +<informalexample><screen> +<prompt>#</prompt> <userinput>init 1</userinput> +</screen></informalexample> + +at the shell prompt and pressing <keycombo> <keycap>Control</keycap> +<keycap>D</keycap> </keycombo> when asked for the root password. + +</para></listitem> +</itemizedlist> + + </sect2> + </sect1> + + <sect1 id="login"> <title>Log In</title> |