Hi,
On my USB drive, I have encrypted the entire disk as a single LUKS encrypted
partition. I have the grub files on this partition with an ISO image for a
Debian-live based distribution. I compiled Grub 2.00 with the necessary crypto
modules and left a larger embedding zone before the first LUKS partition to
accommodate the larger second-stage bootloader (my core.img is about 44K). When
I boot off this USB drive, GRUB asks me the password initially for the
encrypted drive and then gets to the point where it brings up the menu, but I
couldn't get it to load the kernel since I need to pass the kernel the system
device for the ISO image (the live-media and fromiso boot parameters below) and
I notice that the devices are not available at the time of loading the kernel
(or later, for that matter). Can somebody help me figure out what I am doing
wrong? Would be much obliged, since I have been spending some time trying to
figure this out.
Here is my grub.cfg
menuentry 'FDE Live' { set isofile="/ISOs/linux.iso"
# The UUID for the encrypted LUKS partition as obtained by running
blkid set encryptedfs_uuid="377da6816e9a4c7092ae9016a719d04d"
# The UUID for the decrypted ext4 fs in the LUKS partition set
decryptedfs_uuid="a8604976-269b-4ab1-8ecc-63960f60f008"
insmod part_msdos insmod loopback insmod iso9660
insmod cryptodisk insmod luks
echo 'Mounting encrypted disk ...' cryptomount -u
${encryptedfs_uuid}
echo 'Searching for the root fs in the decrypted fs...' set
root=(cryptouuid/${encryptedfs_uuid}) search --no-floppy --fs-uuid
--set=root ${decryptedfs_uuid}
echo 'Setting up a loopback device to the CD image' loopback
loop $root/$isofile set root=loop
echo 'Loading Linux Kernel ...' linux /live/vmlinuz boot=live
live-media=/dev/disk/by-uuid/${decryptedfs_uuid}
fromiso=/dev/disk/by-uuid/${decryptedfs_uuid}$isofile initrd=/live/initrd.img
config debug video=640x480 fbcon=scrollback:128
echo 'Loading initial ramdisk ...' initrd /live/initrd.img}
>From the debugging output on the console, I see that
>/dev/disk/by-uuid/a8604976-269b-4ab1-8ecc-63960f60f008 (the decryptedfs_uuid)
>does not exist at the time the linux kernel is being loaded. I can access this
>folder from the grub command line using the Grub drive
>(cyrptuuid/377da6816e9a4c7092ae9016a719d04d)/ISOs/linux.iso, but I need to be
>able to reference this in a way the linux kernel would understand.
Once again, thanks for any help. Pardon any newbie mistakes I may be making.
It's a learning experience for me and I am hoping this would be a good exercise
in understanding how it all works.
Thanks,Steve _______________________________________________
Help-grub mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-grub
