truecrypt + encrypted chroot jail
I'm new to this forum and not so new to linux however please forgive me if this subject was already discussed - I could not find any discussion and I fall under a problem I have problem to solve.
I'm trying to mount truecrypt encrypted container and copy my chroot jail into it and run my LAMP there.
However I find it very difficoult to mount truecrypt container.
I'm arch linux user, I tried to do it usual way by modprobing loop first (now I know it's compiled to kernel used in linode)
So after several attempts I issued:
truecrypt --filesystem=ext3 -m=nokernelcrypto /path/to/container /path/to/mount/point
and I get:
Error: mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
dmesg | tail gives:
SQUASHFS error: Can't find a SQUASHFS superblock on loop0
FAT-fs (loop0): invalid media value (0xf5)
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): invalid media value (0xf5)
FAT-fs (loop0): Can't find a valid FAT filesystem
ISOFS: Unable to identify CD-ROM format.
XFS (loop0): bad magic number
XFS (loop0): SB validate failed
GFS2: not a GFS2 filesystem
GFS2: gfs2 mount does not exist
my everything log shows
> device-mapper: table: 253:0: crypt: Error allocating crypto tfm
device-mapper: ioctl: error adding target to table
I have used Arch Linux 2011.08 64bit Disk Image to build the box. After building it I have done full system upgrade.
I'll appreciate any help with it.
5 Replies
dm-crypt, aes, cbc, sha256, blkcipher, aesgeneric, sha512, sha256generic, cryptomgr.
/lib/modules/kernel_version/ was empty
I could write
modprobe foo barr nonexistent whatever
and end up with no error.
I could not even get a list of processes (ps – command not found)
I ran:
comm -23 <(pacman -Qq) <(pacman -Qqm)| pacman -S -
and then reboot.
System is rebuild but truecrypt still does not work…
It looks like there are modules used by truecrypt missing (sha512, aes etc.) (even after full update).
Another cause I can think of is that somehow during truecrypt mapping ioctl sees truecrypt1_1 busy…
I'm out of ideas, I would realy appreciate any help…
zcat /proc/config.gz | less
If the configuration options you need do not have a "y" there, then you will need to use a custom kernel
@Vance:
You cannot modprobe modules into a Linode-provided kernel. Everything that is built into them is built statically. You can see what is built in with the command (run as root)
zcat /proc/config.gz | less
Vance, thanks for that information. I did not realise that's the case…
> If the configuration options you need do not have a "y" there, then you will need to use a
custom kernel
So I have built custom linux according to manual from link provided but after uploading it to inode I'm still unable to get truecrypt working.. I still get:
# truecrypt --slot=1 --filesystem=none /dev/x
Enter password for /dev/xvdc:
Enter keyfile [none]:
Protect hidden volume (if any)? (y=Yes/n=No) [No]:
device-mapper: table: 253:0: crypt: Error allocating crypto tfm
device-mapper: ioctl: error adding target to table
Error: device-mapper: reload ioctl on truecrypt1_1 failed: No such file or directory
Command failed
I'm out of ideas, loosing hope this will work…