Comments (15)
Greetings,
Not sure if you did build attempt on master branch or next-4.x. I believe what is in next-4.x works. If not report back.
from cryptmypi.
Hello,
Sorry for the delay in response. Yes, I made sure I was pulling next-4.x. The LUKS volume is also able to be unlocked if I plug the SD card into another machine.
from cryptmypi.
Greetings,
Which raspberry pi are you using? I just spun up a fresh test sd card of pios-encrypted-basic from next-4.x, tested with hardware Pi 3B. All just worked for me.
from cryptmypi.
I tried on a 4 but will try a 3B next
from cryptmypi.
Greetings,
What branch are you using? And please know I updated the master branch with a merge from next-4.x on 12/24/2022. I tested most of the images in the next-4.x branch before the merge.
from cryptmypi.
Just pulled the latest from Master and seem to be having the same issue on boot; using pios-encrypted-basic this seems to be the only thing of note in the script output:
- Calling 7000-stage2-initramfs.hook ...
Attempting to build new initramfs ... (CHROOT is /mnt/cryptmypi)
Creating symbolic links from current physical device to crypttab device (if not using sd card mmcblk0p)
Using kernel ''
Building new initramfs ...
W: missing /lib/modules/5.15.0-57-generic
W: Ensure all necessary drivers are built into the linux image!
depmod: ERROR: could not open directory /lib/modules/5.15.0-57-generic: No such file or directory
depmod: FATAL: could not search modules: No such file or directory
cat: /var/tmp/mkinitramfs_FshBnZ/lib/modules/5.15.0-57-generic/modules.builtin: No such file or directory
find: ‘/var/tmp/mkinitramfs_FshBnZ/lib/modules/5.15.0-57-generic/kernel’: No such file or directory
W: Can't find modules.builtin.modinfo (for locating built-in drivers' firmware, supported in Linux >=5.2)
Adding binary-link /usr/sbin/modprobe
Adding binary /usr/bin/kmod
from cryptmypi.
Going through some other images and it seems ubuntu-encrypted-basic sort of worked? I got "cryptsetup: crypt: set up successfully" and the spinning circle for a while but then it dumped me into initramfs
from cryptmypi.
Attempting roughly the same setup, except chose kali-encrypted w/ dropbear. The image was built on 22.04.
End result is kali/Pi4 boots, it can get dhcp and drop bear starts, but presented with the same thing as the initial posts indicates over and over when presenting the password. I can see the same notification on the hdmi port within the boot sequence right prior to it looking for dhcp.
Is it somehow an issue with the image being built on 22.04 as opposed to building it on Kali? Suppose I should see. I do notice this on the machine that built the image, with the concerning part being the seg fault.
`Adding script /usr/share/cryptsetup/initramfs/bin/cryptroot-unlock
Calling hook zz-cryptsetup
Adding config /etc/initramfs-tools/unlock.sh
/usr/share/initramfs-tools/scripts/local-block/ORDER ignored: not executable
/usr/share/initramfs-tools/scripts/panic/ORDER ignored: not executable
/usr/share/initramfs-tools/scripts/local-top/ORDER ignored: not executable
/usr/share/initramfs-tools/scripts/init-top/ORDER ignored: not executable
/usr/share/initramfs-tools/scripts/local-premount/ORDER ignored: not executable
/usr/share/initramfs-tools/scripts/init-bottom/ORDER ignored: not executable
/usr/share/initramfs-tools/scripts/init-premount/ORDER ignored: not executable
/usr/share/initramfs-tools/scripts/local-bottom/ORDER ignored: not executable
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
Building cpio /boot/initramfs.gz initramfs
Cleaning up symbolic links
... 7000-stage2-initramfs.hook completed!
- Calling 7400-stage2-otherscript.hook ...
Other script _STAGE2_OTHERSCRIPT is not set on config: Setting default value stage2-otherscript.sh
Checking if stage2 other script /home/dragon/Github/cryptmypi/examples/kali-encrypted-basic-dropbear//stage2-otherscript.sh exists ...
/home/dragon/Github/cryptmypi/examples/kali-encrypted-basic-dropbear//stage2-otherscript.sh found!
Script execution
Disable autoresize
Removed "/etc/systemd/system/basic.target.wants/rpi-resizerootfs.service".
Failed to disable unit, unit rpiwiggle.service does not exist.
Adjusting root= in /boot/cmdline.txt
Old crypt ROOT is root=PARTUUID=59536845-02
New crypt ROOT is root=/dev/mapper/crypt
Replacing UUID to encrypted path in /etc/fstab
Old fstab UUID is UUID=1566e8b7-578d-4af4-b0f7-666f88e40735
New crypt path in fstab is /dev/mapper/crypt
Set a label for system check on /dev/sda1
End of Script execution
... 7400-stage2-otherscript.hook completed!
-
Calling 7500-stage2-chroot-final.hook ...
Attempting to remove /etc/initramfs-tools/hooks/zz-cryptsetup hook ...
... attempted hook removal complete!
... 7500-stage2-chroot-final.hook completed! -
Calling 7600-stage2-teardown-chroot.hook ...
Tearing down RPi chroot mount structure at '/mnt/cryptmypi'.
Unmounting binds
... 7600-stage2-teardown-chroot.hook completed! -
Calling 7700-stage2-teardown-mounts.hook ...
Attempting to unmount /dev/sda1 ... -
Unmounted /dev/sda1
Attempting to unmount /mnt/cryptmypi ...
-
Unmounted /mnt/cryptmypi
... 7700-stage2-teardown-mounts.hook completed!
-
Calling 7800-stage2-teardown-luks-close.hook ...
Attempting to close open LUKS /dev/sda2 ...
Command successful. -
LUKS closed.
... 7800-stage2-teardown-luks-close.hook completed!
-
Calling 7900-stage2-teardown-cleanup.hook ...
... 7900-stage2-teardown-cleanup.hook completed!
Goodbye from cryptmypi (4.11-beta).
`
from cryptmypi.
Greetings,
So as of recently, I have had only time to test builds from Kali host vm. So it could be something with ubuntu, not sure. I can get dev environment setup soonish to test again that builds are working from Kali host. Can you share a diff of your kali-encrypted-basic-dropbear/cryptmypi.conf against the one in the master ver 4.11-beta? Please drop any passwords or sensitive info.
from cryptmypi.
I’ll try the diff tonight. I started with next-4 branch before moving to master. Same result in each case, plan to try with kali in a VM tonight. I recall the only change I made to the conf file was to change the luks password and uncomment the line to make the image lighter. I just blew away the conf when doing the git checkout of master and redid the same changes.
from cryptmypi.
Greetings,
It is a good test to try building on a Kali VM. Also if using Rpi4 target please read https://github.com/unixabg/cryptmypi/blob/master/examples/kali-encrypted-basic-dropbear/cryptmypi.conf#L16-L23 and adjust accordingly. I have seen where Rpi3 image will not work on Rpi4 and vice versa for some of the examples. Thank you for being willing to help in testing this issue.
from cryptmypi.
Good catch so maybe for the kernel filter I need to just change it to l+ instead of v8+? If so I’ll make the change and rebuild the image one more time with 22.04
from cryptmypi.
Good catch so maybe for the kernel filter I need to just change it to l+ instead of v8+? If so I’ll make the change and rebuild the image one more time with 22.04
from cryptmypi.
Following up, making that one change to the conf file for the pi4 results in everything working perfectly even if the image is built by 22.04. Problem, a least for me, is resolved. Thank you!
from cryptmypi.
Greetings,
Thank you for testing and reporting back. I think for now I am going to close this since I can not reproduce the error with a correctly configured conf file to the corresponding hardware platform.
from cryptmypi.
Related Issues (20)
- failed to connect to non-global ctrl_ifname HOT 4
- Fail to build - examples/debian-encrypted-basic-dropbear HOT 5
- AES-cbc vs AES-xts performance on the RPi HOT 2
- apt update fails on debian HOT 6
- Partition should not be hardcoded
- Improvement on the sys-ssh-jump service HOT 1
- Cant unlock the disk HOT 15
- Dropbear SSH Server fails on current Kali Builds HOT 2
- dropbear remote unlock with _NEWLUKSUUID="yes" => Device /dev/disk/by-uuid/XXX...XXXX doesn't exist or access denied HOT 6
- [Question] Unlock and operate without connectivity - interactive session offline HOT 4
- Wifi unlock through hostapd
- trying to get this to work for me ;) HOT 5
- rpi4 secure boot + rootFS decryption via OTP registers possible? HOT 1
- PiOS @ Pi4, after upgrade: only ~5 seconds to unlock HOT 5
- Is this project alive? HOT 3
- when running cryptmypi on a Kali VM under vmware fusion an IO error is returned from LUKS->sdb
- Unable to unlock Kali dropbear HOT 2
- Hardcoded __DEBIAN_KERNEL in stage2-otherscript.sh and missing unlock.sh HOT 3
- /etc/unlock.sh missing after rebuilding initramfs on RaspberryPi
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cryptmypi.