Having configured encrypted root file system for Ubuntu Dapper on my laptop (see Encrypted Root and Swap with LUKS) I find myself hesitating to upgrade to Edgy.
I’ve heard some random breakage happening with scratchbox and the 770 flasher, but what’s more intimidating is that quick googling reveals bugs such as Upstart doesn’t activate luks volumes in cryptsetup. The first two are simple enough tweaks, but losing access to root partition is less fun.
Has anyone successfully upgraded from Dapper with root file system encryption to Edgy? Any tricks one should know?
View Tommi Komulainen's profile
3 comments ↓
Tommi,
I did. You will have some problems with cryptsetup, but you can work around them. Some tips:
– remove initramfs-cryptsetup (or something like that). This package was required from a third part before. Now initramfs support is in edgy by default.
– make sure you have the “options” field (the forth column) in your /etc/crypttab file. If you don’t have this set, script will use its defaults, which are far from cryptsetup defaults. Mine looks like:
root /dev/hda3 none cipher=aes-cbc-plain,hash=ripemd160
– if you don’t have cryptsetup over lvm, remove the file /usr/share/initramfs-tools/scripts/local-top/lvm, otherwise your system will try to find a LVM volume for about 400 seconds!
– edit /usr/share/initramfs-tools/scripts/local-top/cryptroot and go to line 163 (inside a loop commented as “Loop until we have a satisfactory password”) and remove the lines that ask for a password. They don’t work. Replace them with a single line using the variable: $cryptcreate. Failing to do this will show your password while you type.
Final note: if you use splashscreen, it will just stop on the graphical screen, you need to go to first virtual terminal in order to type your password.
Ah, another weird thing is that now it replaces my root= kernel cmdline with device’s uuid, this fails for me and I have to replace with /dev/hdx. But I use my own kernel, maybe that’s the “problem”.
It’s far from perfect, but it works.
I have Edgy here. Scratchbox seems to work fine — at least the ARM target, I haven’t tried any GUI stuff lately.
I’ve heard that the flasher doesn’t work out of the box, but there are at least two workarounds:
1. http://maemo.org/pipermail/maemo-developers/2006-November/006051.html
2. http://maemo.org/pipermail/maemo-developers/2006-November/006083.html
I haven’t got encrypted root, but the kernel is pretty troubling for me; I’m getting random hangs in the vsyscall hook for gettimeofday(), which gets called a bit.