Linux Archive

Linux Archive (
-   Debian User (
-   -   Debian-live systems with encrypted live-media device - what do you specify for the live-media boot parameter?‏ (

Steve R 09-16-2012 06:12 PM

Debian-live systems with encrypted live-media device - what do you specify for the live-media boot parameter?‏
Apologies: Forgot to add a subject line.

Hoping someone can help me figure out how to pass the live-media device to the linux kernel from GRUB, if the live-media is itself on a LUKS encrypted device. Details below ...
I*am trying to use Grub 2.00 (with Luks support enabled) to boot a Debian-live system from an encrypted LUKS partition. /boot is also located in the encrypted Partition. I am using grub.cfg like below, and things work fine (With Grub requesting a password for the encrypted file system and parsing grub.cfg, displaying the menu, etc.. The problem arises with the linux command to load the kernel. Loading the Debian-live based OS requires passing a reference to the device hosting the root file system in the /live folder ( via the live-media kernel command-line parameter). I am passing this reference as /dev/disk/by-uuid/<uuid-of-the-decrypted-fs> . The UUID I am using is the one read by blkid when I mounted and decrypted this encrypted partition from another Linux host. However, this does not work and from the GRUB and kernel debugging output on the console, it appears to be because the path to the decrypted fs device is invalid. If I mount and
decrypt the LUKS partition from a running Linux OS, this device is always created with the same UUID, so I expected this to happen when GRUB decrypts the LUKS partition. Turns out not to be the case.
Is there some way I can indicate to live-boot that the live-media is on a LUKS encrypted device and needs to be decrypted first?*

Here is my grub.cfg
menuentry 'FDE Live' {* * * *** * * * set isofile="/ISOs/linux.iso"
* * * * # The UUID for the encrypted LUKS partition as obtained by running blkid* * * * set encryptedfs_uuid="377da6816e9a4c7092ae9016a719d04d "*
* * * * # The UUID for the decrypted
ext4 fs in the LUKS partition* * * * set decryptedfs_uuid="a8604976-269b-4ab1-8ecc-63960f60f008"
* * * * insmod part_msdos* * * * insmod loopback* * * * insmod iso9660* * * * insmod cryptodisk* * * * insmod luks
* * * * echo 'Mounting encrypted disk ...'** * * * cryptomount -u ${encryptedfs_uuid}
* * * * echo 'Searching for the root fs in the decrypted fs...'* * * * set root=(cryptouuid/${encryptedfs_uuid})* * * * search --no-floppy --fs-uuid --set=root ${decryptedfs_uuid}
* * * * echo 'Setting up a loopback device to the CD image'* * * * loopback loop $root/$isofile* * * * set root=loop
* * * * echo 'Loading Linux Kernel ...'* * * * linux */live/vmlinuz boot=live live-media=/dev/disk/by-uuid/${decryptedfs_uuid} fromiso=/dev/disk/by-uuid/${decryptedfs_uuid}$isofile initrd=/live/initrd.img config debug video=640x480 fbcon=scrollback:128
* * * * echo 'Loading initial ramdisk ...'* * * * initrd /live/initrd.img}
The problem is that at the time of loading the kernel, there is no device /dev/disk/by-uuid/${decryptedfs_uuid}
Am just learning things as I go, so please do pardon me if this is a newbie question and I have missed something obvious.

All times are GMT. The time now is 05:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.