Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

  1. #1

    Default I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    OK so as usual I have probably screwed something up but it has been a while.

    I was following this link
    https://doc.opensuse.org/documentati....cryptofs.html

    OK I did not recognise it was for Opensuse leap 15 but it worked when running

    I was doing this section:
    11.1.3 Creating an Encrypted Virtual Disk

    Instead of encrypting an entire disk or partition, you can use YaST to set up a file-based encrypted virtual disk. It will appear as a regular file in the file system, but can be mounted and used like a regular folder. Unlike encrypted partitions, encrypted virtual disks can be created without re-partitioning the hard disk.
    To set up an encrypted virtual disk, you need to create an empty file first (this file is called loop file). In the terminal, switch to the desired directory and run the touch FILE command (where FILE is the desired name, for example: secret). It is also recommended to create an empty directory that will act as a mount point for the encrypted virtual disk. To do this, use the mkdir DIR command (replace DIR with the actual path and directory name, for example: ~/my_docs).
    To set up an encrypted virtual disk, launch YaST, switch to the System section, and start Partitioner. Switch to the Crypt Files section and press Add Crypt File. Enter the path to the created loop file into the Path Name of Loop File field. Enable the Create Loop File option, specify the desired size, and press Next. In the Mount Point field, enter the path to the directory that serves as a mount point (in this example, it is ~/my_docs). Make sure that the Encrypt Device option is enabled and press Next. Provide the desired password and press Finish.
    And I did the above and it worked I had a file area that was encrypted, well I think it was, all signs where good and then I shut the PC down for the night to come back again in the morning.
    Unfortunately the start up now basically hangs waiting for something to happen at:-
    A start job is running for dev-mapper-cr_secret.device (Xmins Y s/no limit)

    I get no prompt for any password that I would assume it is waiting for it just hangs there for hours if I let it!

    So what can I do to get my system back, assistance would be appreciated.

    The operating system was up to date a few days ago when I did this, it would normally just log me in, without password is the any way I can undo what I have done or even get the system booted?

    Cheers

    Adrian

  2. #2

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    I'm pulling this from memory on the single user mode. So, someone may correct me.

    My assumption is it is waiting for a password.

    My mount point in /etc/fstab became:

    Code:
    3vnull@kvm:/etc>  sudo grep secret /etc/fstab /dev/mapper/cr_secret  /home/d3vnull/mnt/secret xfs        loop,nofail           0 0
    d3vnull@kvm:/etc>
    I also had to do a chown because YaST changed ownership.:

    Code:
    d3vnull@kvm:/etc> sudo chown -R d3vnull:users ~/mnt
    interesting thing was following that process and doing a touch ~/mnt/secret/secret and then after the yaST partitioner there was no "secret" file.

    Going back into YaST->System->Partitioner there were no Crypt Files listed.

    Before it boots press 'e' go to the end of the line that starts with linux or linuxefi and add a 1 or a 3.
    F10 or Ctl-X

    Once in single user you will need to remount the file system read/write. Something like:
    Code:
    mount -o remount,rw /
    Edit your /etc/fstab and /etc/crypttab to remove the mount point to your mnt_doc

    Reboot.

    As to why yast failed I'd rather investigate on a 42.3 virtual system, but will try to take a look at it later
    I don’t have anything to hide, but I don’t have anything I want to show you either.

  3. #3

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    Scratch the didn't create a "secret" file. It apparently did when I copied something to the directory.
    I don’t have anything to hide, but I don’t have anything I want to show you either.

  4. #4

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    In my directions change the 1 or 3 to init=/bin/bash at the end of the linux or linuxefi line.
    I don’t have anything to hide, but I don’t have anything I want to show you either.

  5. #5

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    OK sorry but I am failing on the most simple things.

    Here is my Grub file after using 'e' hope I type it correctly!

    setparams 'openSUSE Leap 42.3'
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod ext2
    set root='hd0,msdos2'
    if [ x$feature_platform_search_hint = xy ]; then
    search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi\
    =hd0,msdos2 --hint-baremetal=ahcio,msdos2 --hint='hd0,msdos2' 0cf74f6a-3542-4efc-a\
    eb0-62babbfc1695
    else
    search --no-floppy --fs-uuid --set=root 0cf74f6a-3542-4efc-aeb0-62babbfc1\
    695
    fi
    echo 'Loading Linux 4.4.132-53-default...'
    linux /boot/vmlinuz-4.4.132-53-defauilt root=0cf74f6a-3542-4efc-\
    aeb0-62babbfc1695 resume=/dev/sda1 splash=silent quiet showopts
    echo 'Loading initial ram disk ...'
    initrd /boot/initrd-4.4.1`32-53


    I have tried to type this as seen on the screen but not sure if the editing stands, but I tried 1 and 3 at the end of showopts such as

    showopts 1
    and
    showopts 3

    I still got the long waiting, so sorry I am not following you very well?

    Adrian

    Sorry just seen the amendment trying that now
    Last edited by AdrianH; 31-May-2018 at 15:29. Reason: extra response whilst typing

  6. #6

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    Quote Originally Posted by AdrianH View Post
    OK sorry but I am failing on the most simple things.

    Here is my Grub file after using 'e' hope I type it correctly!

    setparams 'openSUSE Leap 42.3'
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod ext2
    set root='hd0,msdos2'
    if [ x$feature_platform_search_hint = xy ]; then
    search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi\
    =hd0,msdos2 --hint-baremetal=ahcio,msdos2 --hint='hd0,msdos2' 0cf74f6a-3542-4efc-a\
    eb0-62babbfc1695
    else
    search --no-floppy --fs-uuid --set=root 0cf74f6a-3542-4efc-aeb0-62babbfc1\
    695
    fi
    echo 'Loading Linux 4.4.132-53-default...'
    linux /boot/vmlinuz-4.4.132-53-defauilt root=0cf74f6a-3542-4efc-\
    aeb0-62babbfc1695 resume=/dev/sda1 splash=silent quiet showopts
    echo 'Loading initial ram disk ...'
    initrd /boot/initrd-4.4.1`32-53


    I have tried to type this as seen on the screen but not sure if the editing stands, but I tried 1 and 3 at the end of showopts such as

    showopts 1
    and
    showopts 3

    I still got the long waiting, so sorry I am not following you very well?

    Adrian

    Sorry just seen the amendment trying that now
    This line change it to (see what I added on the end):

    Code:
    linux  /boot/vmlinuz-4.4.132-53-defauilt root=0cf74f6a-3542-4efc-\aeb0-62babbfc1695 resume=/dev/sda1 splash=silent quiet showopts init=/bin/bash
    Once you edit the /etc/fstab and /etc/crypttab then reboot (Remember to do the mount remount command first on /).

    Now here is where you went wrong.

    ~/my_doc is your mount point
    If your file is "secret" it cannot be inside ~/my_doc.

    So instead:

    Code:
    touch ~/secret # Or where ever you want your secret file
    mkdir ~/my_doc
    secret is the file you browse to and the complete path (e.g. /home/your_user/my_doc) is the mount point.

    Finally you have to do a chmod your_user;your_group my_doc as root to be able to write to it.

    The system will prompt you for a password.
    Last edited by d3vnull; 31-May-2018 at 15:44. Reason: Added a few tips
    I don’t have anything to hide, but I don’t have anything I want to show you either.

  7. #7

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    OK I got down to the stage where I was in root,

    I did the entry
    Code:
     	 	mount -o remount,rw /
    I then navigated to /home/adrian and with ls could see a directory called locked and inside a file called secret.

    Could you please elaborate for me on the next section how to remove the lines in fstab and crypttab, could I just use vi and add a : or a ; to rem out a line or is it # ?

    Adrian

  8. #8

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    Quote Originally Posted by AdrianH View Post
    OK I got down to the stage where I was in root,

    I did the entry
    Code:
              mount -o remount,rw /
    I then navigated to /home/adrian and with ls could see a directory called locked and inside a file called secret.

    Could you please elaborate for me on the next section how to remove the lines in fstab and crypttab, could I just use vi and add a : or a ; to rem out a line or is it # ?

    Adrian
    Ok do this:

    Code:
    cd /etc
    cp fstab fstab.orig
    cp crypttab crypttab.orig
    vi fstab # scroll to the bottom. last line should be mounting your my_doc, or whatever directory you created. Delete it and save.
    vi crypttab # scroll to the bottom. last line should be mounting your my_doc, or whatever directory you created. Delete it and save.
    Then reboot and you are good.

    Then try again. It does work The secret file just can't be inside the directory you use as a mount point.

    I recommend creating a /home/adrian/mnt directory and then create a directory inside /home/adrian/mnt (e.g. /home/adrian/mnt/my_doc). That way if you need to mount other things in the future you mount them under your /home/adrian/mnt directory.
    I don’t have anything to hide, but I don’t have anything I want to show you either.

  9. #9

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    OK Sir I thank you for your patience, I am working again, I edited the files and rebooted, then I was able to remove the file it self, not sure if I have lost the space or not but that I will check out when I can.

    Partitioner is not showing any crypt files and the disks are sda overall, sda1 for swap and sda2 for / and the sizes match up.

    I will have a play when I next feel brave and I will read your comments as well as the wiki I think I understand that the files should not be within the directory as I am setting the directory to be the mount point for the file.

    It's late and sleep once again calls.

    Thank you.
    Adrian

  10. #10

    Default Re: I followed a Suse wiki to set up an encripted area, now I can not boot up the system.

    Quote Originally Posted by AdrianH View Post
    OK Sir I thank you for your patience, I am working again, I edited the files and rebooted, then I was able to remove the file it self, not sure if I have lost the space or not but that I will check out when I can.

    Partitioner is not showing any crypt files and the disks are sda overall, sda1 for swap and sda2 for / and the sizes match up.

    I will have a play when I next feel brave and I will read your comments as well as the wiki I think I understand that the files should not be within the directory as I am setting the directory to be the mount point for the file.

    It's late and sleep once again calls.

    Thank you.
    Adrian
    happy to help. As long as you removed the secret file you have your space back.
    I don’t have anything to hide, but I don’t have anything I want to show you either.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •