Encrypted pup_save for Puppy 212

Under development: PCMCIA, wireless, etc.
Message
Author
User avatar
Gn2
Posts: 943
Joined: Mon 16 Oct 2006, 05:33
Location: virtual - Veni vidi, nihil est adpulerit

#61 Post by Gn2 »

Why are you doing this?
Several questions were posted - they were answered.

How Puppy variances apply : Bash - boot processes - creating initiate ram images.

It wil be noted - no non- relevant links were supplied.
> I forgot to mention that Barry will have to add this
> There is a limit to how much we can talk Barry into adding.
> We'll have to wait for Barry to say something
> Maybe Barry should just throw the origninal method into the next beta
> The thing is, I'm hoping to get this encryption into
> I don't think Barry will have any issue with small script changes with initrd.gz, the standard Puppy

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#62 Post by PaulBx1 »

John, you might be interested in this code fragment in that tutorial I last mentioned, the one that seems most relevant to the Puppy boot process:

Code: Select all

 
#!/bin/sh
...
while [ -n "${maps}" ]; do
    local remaining=

    findKey

    if [ ! -e "${key}" ]; then
        # boot up will halt here until a key is typed in
        read -s -p "LUKS passphrase for ${maps}: " passwd
        echo
        echo -n "${passwd}" > "${key}"
    fi

    echo -n "creating maps in /dev/mapper/.." 
    for map in ${maps} ; do
        dev=$(subst 's|^[^/].*|/dev/&|' "${map}")
        map=$(basename "${dev}")
        if ! silent /bin/cryptsetup -q --key-file="${key}" luksOpen "${dev}" "${map}"; then
	    echo -n "[${map}]."
            remaining="${remaining} ${map}"
	else
	    echo -n "${map}."
        fi
    done
    echo "done."
    rm -f "${key}"
    maps="${remaining}"
  done
http://www.loria.fr/~gustedt/early/initscript

He also made this interesting comment:
Now you should be asked a passphrase and the device should be mapped. If something goes wrong here, maybe you have the wrong cryptsetup or you forgot to add the `-s' option for read in the busybox shell executable.
http://www.loria.fr/~gustedt/early/

read -s works when I try it from the command line... of course that is "read" from a booted-up puppy. Who knows how it works from initrd. The busybox from the two places is different, of course.

BTW, I nagged Barry that our busybox is quite old (1.0.1 vs the current 1.3.0, with many bugfixes). Also older than the one this fellow used, 1.1.3. Maybe I mentioned that already. I suppose another line of attack would be to build the latest busybox and stick it in the initrd, just to see if that fixes anything (don't bother cutting it down). Sounds like work though.

John Doe
Posts: 1681
Joined: Mon 01 Aug 2005, 04:46
Location: Michigan, US

#63 Post by John Doe »

Thanks for the links Gn2. There was some really good info in there.

John Doe
Posts: 1681
Joined: Mon 01 Aug 2005, 04:46
Location: Michigan, US

#64 Post by John Doe »

PaulBx1 wrote:BTW, I nagged Barry that our busybox is quite old (1.0.1 vs the current 1.3.0, with many bugfixes). Also older than the one this fellow used, 1.1.3. Maybe I mentioned that already. I suppose another line of attack would be to build the latest busybox and stick it in the initrd, just to see if that fixes anything (don't bother cutting it down). Sounds like work though.
Don't nag him too much. I'm sure he'd like to, as he could slim down initrd.gz even more. Puppy's init has some problems with the newer busybox. I've been sitting here compiling and testing for the last 10 hours. btw, I'd recommend shooting for 1.2.2.1 as an upgrade target. 1.3.0 has about 10 patches already.

I've started narrowing the problem (with puppy and busybox specifically) down. Right after "Looking for Puppy in.." it dies. /tmp/bootinit.log says there is an operand error.

I don't think ash likes this 'NOT' like this now:
if [ ! "`echo "$TESTPARTS" | grep "iso9660"`" = "" ];then

I think bottom like is this LUKS booting idea has got to wait until Busybox is upgraded.

This could take a while :?

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#65 Post by PaulBx1 »

So John, where does that statement come from? Can it be dismantled and simplified to the point it starts working again?

What is "TESTPARTS"? I want to try that statement at the command line.

mlamelas
Posts: 42
Joined: Wed 04 Oct 2006, 12:53
Location: Madrid, Spain
Contact:

Will this work for 2.15?

#66 Post by mlamelas »

Hi everyone,

Will this process for encrypting the pup_save work for 2.15? I assume the initrd is different for each version, or no? How about the encryption script?

Many thanks,

Mel

User avatar
RobertB
Posts: 145
Joined: Tue 03 Jan 2006, 01:06
Location: Big D
Contact:

Re: Will this work for 2.15?

#67 Post by RobertB »

mlamelas wrote:Hi everyone,

Will this process for encrypting the pup_save work for 2.15? I assume the initrd is different for each version, or no? How about the encryption script?

Many thanks,

Mel
According to Pizzasgood in this thread, encryption was dropped from 2.15, so I don't think it will work -- at least, that's how I understand it. However, Barry "Mr. Puppy" K himself replied in the thread to say that encryption will be available in 2.16, which is Coming Soon.

(And if I misunderstood anything, someone please correct me!)

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#68 Post by Pizzasgood »

You can add it by hand, 2.15 just doesn't include it by default like it was originally going to. Just follow the same procedure you'd use for 2.14.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

mlamelas
Posts: 42
Joined: Wed 04 Oct 2006, 12:53
Location: Madrid, Spain
Contact:

How to add by hand and does it affect truecrypt compile

#69 Post by mlamelas »

Hi Pizzasgood and other posters,

Thanks for your help. I am a relatively new comer to Puppy and Linux in general. When you say add encryption by hand to 2.15, what are the steps? Is there a library that needs to be added, or some source code that needs to be compiled, and if so, which?

There is another thread about compiling truecrypt where I have posted a question, but let me ask a question here since it may relate to encryption in general.

I followed the instructions in the other thread for compiling truecrypt, using Puppy 2.15 and Truecrypt 4.3. I got an error message about inserting the dm and truecrypt modules when I tried to mount a tc volume.

Another user who was successful in compiling Truecrypt 4.2a under Puppy 2.12 uploaded the four ko files from his compile. I copied them to the appropriate folders in 2.15, did a depmod -a, and truecrypt was able to mount a volume. With a glitch because the names show up in 8.3 format, but it did work.

My question then is whether the inability to compile Truecrypt 4.3 under Puppy 2.15 is related to the version of Truecrypt (4.3 v. 4.2a), or to the fact that encryption was taken out of Puppy2.15? Would taking out whatever was taken out of Puppy 2.15 affect the ability to compile Truecrypt?

Many thanks,

Mel

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#70 Post by kirk »

The 2.14 encryption stuff is here:

http://www.puppyos.net/forum/?1172086471

It uses cryptoloop with AES 128 for encryption. TrueCrypt would be a whole other adventure.

Or just wait for 2.16, It won't be long.

mlamelas
Posts: 42
Joined: Wed 04 Oct 2006, 12:53
Location: Madrid, Spain
Contact:

The initrd.gz file appears to be version specific

#71 Post by mlamelas »

Hi Kirk,

Thanks for the info. I downloaded the initrd.gz file and copied it to my drive, replacing the default initrd.gz file that came with 2.15, but the system would not boot. It said that it could not find puppy in idehd and dropped to the shell. If I rename the pup_215.sfs to pup_214.sfs then it loads fine, but then you end up with a version conflict with the rest of the sfs files (zdrv, web_215).

I will wait for 2.16, but if encrypting the pupsave file is going to require a different initrd.gz file than the default, someone would have to create one for each new version of puppy. That may not be an optimal solution.

With respect to truecrypt, it has been compiled successfully with versions prior to 2.15, so I am wondering whether part of the kernel code that deals with encryption that was removed in 2.15 is creating my problem with the compile.

For now, I am using the ko files from the prior version compiles and that works. As long as the module doesn't change from 2.6.18.1 that will probably solve my problem with truecrypt.

For now, I will create a truecrypt volume inside of puppy for my stored passwords files, and as a second layer set up some kind of log in process to protect against loss or theft of the puppy pen drive.

Best regards,

Mel

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#72 Post by kirk »

but if encrypting the pupsave file is going to require a different initrd.gz file than the default, someone would have to create one for each new version of puppy. That may not be an optimal solution.
Starting with 2.16 Barry has made it part of the standard puppy.

mlamelas
Posts: 42
Joined: Wed 04 Oct 2006, 12:53
Location: Madrid, Spain
Contact:

#73 Post by mlamelas »

I was hoping that was the answer. I have downloaded the 2.16 beta.

Post Reply