Encrypted root questions
t+dfbsd at timdarby.net
Sat Dec 18 11:33:01 PST 2010
That said, I have a few more questions. :)I now have encrypted root and encrypted swap set up (thanks, Alex) and I was even able to make it read a keyfile for root on boot from a USB thumb drive, although I found I had to add a mount command to the initrd rc file to make that happen. So, happily, it boots all the way up without me having to enter a passphrase. Referring to the snippet of dmesg below:
- What are all these policies it keeps nagging about and should I care?- Why does umount of /tmp fail? Is that a problem?
- What does the "seg-fault" line mean?Thanks,
TimConfiguring LVM volumes Reading all physical volumes. This may take a while... Activated Volume Groups: Mounting new rootWARNING!!! Possibly insecure memory, missing mlockall()
No policy for mapper/temporary-cryptsetup-160 specified, or policy not founddisk scheduler: set policy of mapper/temporary-cryptsetup-16 to noopNo policy for mapper/temporary-cryptsetup-160 specified, or policy not found
disk scheduler: set policy of mapper/temporary-cryptsetup-16 to noopNo policy for mapper/root0 specified, or policy not founddisk scheduler: set policy of mapper/root to noopHAMMER(ROOT) recovery check seqno=002374c7
HAMMER(ROOT) recovery range 30000000026b5ad0-30000000026b5ad0HAMMER(ROOT) recovery nexto 30000000026b5ad0 endseqno=002374c8HAMMER(ROOT) mounted clean, no recovery neededumount:
unmount of /tmp failed: Device busyMounting devfs on new rootchroot_kernel: set new rootnch/rootvnode to /new_root/etc/rc: WARNING: $udevd_early is not set properly - see rc.conf(5).
Configuring crypto disks.No policy for mapper/temporary-cryptsetup-431 specified, or policy not foundseg-fault ft=0002 ff=000c addr=0 rip=0x401a90 pid=8 p_comm=udevddisk scheduler: set policy of mapper/temporary-cryptsetup-43 to noop
Key slot 0 unlocked.No policy for mapper/swap1 specified, or policy not founddisk scheduler: set policy of mapper/swap to noopLoading configuration files.Loading devfs rules:
On Mon, Dec 13, 2010 at 12:32 PM, Chris Turner <c.turner at 199technologies.org> wrote:
Alex Hornung wrote:
For whatever it's worth, I've added a task to google code-in a few weeks ago to document all this dm stuff, both cryptsetup and lvm, basically.
A bit OT but shouldn't this stuff go in bugs / the wiki and then be
referenced to any "google code-in" or "foo barbaz-quux" to prevent
(from someone who has had to do 'where did that note go' many a time :)
More information about the Users