Encrypted root questions
t+dfbsd at timdarby.net
Sun Dec 19 19:15:43 PST 2010
I've got more info on the messages I'm seeing below. I've determined that the initrd rc script is failing to kill udevd at the end when it is cleaning things up. It issues the kill command but udevd apparently never responds. This might explain why /tmp fails to unmount and also the seg-fault error. I tried editing the rc script to change "kill $UDEVD_PID" to "kill -9" and those messages went away. So what would cause udevd to not respond to SIGTERM?
On Sat, Dec 18, 2010 at 12:27 PM, Tim Darby <t+dfbsd at timdarby.net> wrote:
Chris: agreed, email is not the best way to document things. I've experienced that same frustration trying to track down some important detail that only ever appeared in an email thread.
That said, I have a few more questions. :)I now have encrypted root and encrypted swap set up (thanks, Alex) and I was even able to make it read a keyfile for root on boot from a USB thumb drive, although I found I had to add a mount command to the initrd rc file to make that happen. So, happily, it boots all the way up without me having to enter a passphrase. Referring to the snippet of dmesg below:
- What are all these policies it keeps nagging about and should I care?- Why does umount of /tmp fail? Is that a problem?
- What does the "seg-fault" line mean?Thanks,
TimConfiguring LVM volumes Reading all physical volumes. This may take a while... Activated Volume Groups: Mounting new rootWARNING!!! Possibly insecure memory, missing mlockall()
No policy for mapper/temporary-cryptsetup-160 specified, or policy not founddisk scheduler: set policy of mapper/temporary-cryptsetup-16 to noopNo policy for mapper/temporary-cryptsetup-160 specified, or policy not found
disk scheduler: set policy of mapper/temporary-cryptsetup-16 to noopNo policy for mapper/root0 specified, or policy not founddisk scheduler: set policy of mapper/root to noopHAMMER(ROOT) recovery check seqno=002374c7
HAMMER(ROOT) recovery range 30000000026b5ad0-30000000026b5ad0HAMMER(ROOT) recovery nexto 30000000026b5ad0 endseqno=002374c8HAMMER(ROOT) mounted clean, no recovery neededumount:
unmount of /tmp failed: Device busyMounting devfs on new rootchroot_kernel: set new rootnch/rootvnode to /new_root/etc/rc: WARNING: $udevd_early is not set properly - see rc.conf(5).
Configuring crypto disks.No policy for mapper/temporary-cryptsetup-431 specified, or policy not foundseg-fault ft=0002 ff=000c addr=0 rip=0x401a90 pid=8 p_comm=udevddisk scheduler: set policy of mapper/temporary-cryptsetup-43 to noop
Key slot 0 unlocked.No policy for mapper/swap1 specified, or policy not founddisk scheduler: set policy of mapper/swap to noopLoading configuration files.Loading devfs rules:
On Mon, Dec 13, 2010 at 12:32 PM, Chris Turner <c.turner at 199technologies.org> wrote:
Alex Hornung wrote:
For whatever it's worth, I've added a task to google code-in a few weeks ago to document all this dm stuff, both cryptsetup and lvm, basically.
A bit OT but shouldn't this stuff go in bugs / the wiki and then be
referenced to any "google code-in" or "foo barbaz-quux" to prevent
(from someone who has had to do 'where did that note go' many a time :)
More information about the Users