From 1deb0f846988576c00d083419da8c63c13517f27 Mon Sep 17 00:00:00 2001 From: Frans Pop Date: Fri, 15 Sep 2006 10:43:03 +0000 Subject: Not sure how the hell that got deleted... --- en/boot-new/mount-encrypted.xml | 180 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) diff --git a/en/boot-new/mount-encrypted.xml b/en/boot-new/mount-encrypted.xml index e69de29bb..631088ce2 100644 --- a/en/boot-new/mount-encrypted.xml +++ b/en/boot-new/mount-encrypted.xml @@ -0,0 +1,180 @@ + + + + + Mounting encrypted volumes + + + +If you created encrypted volumes during the installation and assigned +them mount points, you will be asked to enter the passphrase for each +of these volumes during the boot. The actual procedure differs +slightly between dm-crypt and loop-AES. + + + + + dm-crypt + + + +For partitions encrypted using dm-crypt you will be shown the following +prompt during the boot: + + +Starting early crypto disks... cryptX(starting) +Enter LUKS passphrase: + + +In the first line of the prompt, X is the +number of the loop device. You are now probably wondering +for which volume you are actually entering the +passphrase. Does it relate to your /home? Or to +/var? Of course, if you have just one encrypted +volume, this is easy and you can just enter the passphrase you used +when setting up this volume. If you set up more than one encrypted +volume during the installation, the notes you wrote down as the last +step in come in handy. If you did not +make a note of the mapping between +cryptX and the mount +points before, you can still find it +in /etc/crypttab +and /etc/fstab of your new system. + + + +The prompt may look somewhat different when an encrypted root file system is +mounted. This depends on which initramfs generator was used to generate the +initrd used to boot the system. The example below is for an initrd generated +using initramfs-tools: + + +Begin: Mounting root file system... ... +Begin: Running /scripts/local-top ... +Enter LUKS passphrase: + + + + +No characters (even asterisks) will be shown while entering the passphrase. +If you enter the wrong passphrase, you have two more tries to correct it. +After the third try the boot process will skip this volume and continue to +mount the next filesystem. Please see +for further information. + + + +After entering all passphrases the boot should continue as usual. + + + + + + loop-AES + + + +For partitions encrypted using loop-AES you will be shown the following +prompt during the boot: + + +Checking loop-encrypted file systems. +Setting up /dev/loopX (/mountpoint) +Password: + + + + +No characters (even asterisks) will be shown while entering the passphrase. +If you enter the wrong passphrase, you have two more tries to correct it. +After the third try the boot process will skip this volume and continue to +mount the next filesystem. Please see +for further information. + + + +After entering all passphrases the boot should continue as usual. + + + + + + Troubleshooting + + + +If some of the encrypted volumes could not be mounted because a wrong +passphrase was entered, you will have to mount them manually after the +boot. There are several cases. + + + + + + +The first case concerns the root partition. When it is not mounted +correctly, the boot process will halt and you will have to reboot the +computer to try again. + + + + +The easiest case is for encrypted volumes holding data like +/home or /srv. You can +simply mount them manually after the boot. For loop-AES this is +one-step operation: + + +# mount /mount_point +Password: + + +where /mount_point should be replaced by +the particular directory (e.g. /home). The only +difference from an ordinary mount is that you will be asked to enter +the passphrase for this volume. + + + +For dm-crypt this is a bit trickier. First you need to register the +volumes with device mapper by running: + + +# /etc/init.d/cryptdisks start + + +This will scan all volumes mentioned +in /etc/crypttab and will create appropriate +devices under the /dev directory after entering +the correct passphrases. (Already registered volumes will be skipped, +so you can repeat this command several times without worrying.) After +successful registration you can simply mount the volumes the usual +way: + + +# mount /mount_point + + + + + +If any volume holding noncritical system files could not be mounted +(/usr or /var), the system +should still boot and you should be able to mount the volumes manually +like in the previous case. However, you will also need to (re)start +any services usually running in your default runlevel because it is +very likely that they were not started. The easiest way to achieve +this is by switching to the first runlevel and back by entering + + +# init 1 + + +at the shell prompt and pressing Control +D when asked for the root password. + + + + + + -- cgit v1.2.3