Chapter 22 Exercise 1 encryption

coacharnold

So a ran this on Fedora 33, After putting the loop partition in my fstab and rebooting, my system failed to boot and dropped me into a recovery shell. After quoting out the fstab line, I was fine. I then went through the process again and had the same issue.

not entirely sure what the outcome of this is supposed to be.

been stuck with this for a couple of days

Thanks

Tim
Lake Hiawatha NJ

coop

need more information, in particular:

1) can you mount the encrypted partition when the system is up, not at boot

2) show us /etc/fstab relevant parts

3) Show us what the failure message looks like.

Please note this exercise is *not** designed to work for a loop partition! If you did it for a loop, you have to make sure the filesystem the loop file is mounted on is mounted first for obvious reasons. Generally, mounting an encrypted loop partition at boot sounds like a pain. It makes more sense to mount on demand as needed.

coacharnold

Ok ....thats kind of what I thought. So I can't mount a loop partition on on boot? The only reason I was doing that was to do the exercise without having to make an actual drive partition . here's my fstab with the offending line commented out. But I asume the issue is with the loop partition

UUID=767a9bf0-5c19-4246-bfb3-b4b4798fbb6a / ext2 usrquota,grpquota 0 1
UUID=9570-EA41 /boot/efi vfat umask=0077,shortname=winnt 0 2
UUID=9ba2a77f-5527-4d1a-b8ca-2700a1a93b79 /home ext4 defaults 1 2

/dev/mapper/secret-disk /secret ext4 defaults 1 2

coop

try mounting an unencrypted loop partition first, to make sure the problem is not with your encryption configuration file, /etc/crypttab.

Keep in mind you not only have to have the earlier filesystem mounted, you need to have /etc to be read and /dev/mapper to be set up, which means various kernel modules may have to be loaded, depending on your distribution and kernel version (neither of which you have specified)

This is all possible to make work, but I think it is of little value. If you are going to be prompted for a password during boot you slow things down for a partition which is probably not essential for system start up. If you set it up without a password, what's the point?

But setting up a loop-type file at boot is sensible; I do it every day. For example I have in my /etc/fstab:

/usr/src/KERNELS.sqfs /usr/src/KERNELS squashfs loop 0 0

which is using the squashfs filesystem (compressed, read only) . This uses a 3 GB file to mount 15GB of storage