Nyob zoo hnub thiab hmo sawv daws! Cov ntawv tshaj tawm no yuav muaj txiaj ntsig zoo rau cov neeg siv LUKS cov ntaub ntawv encryption thiab xav decrypt disks hauv Linux (Debian, Ubuntu) ntawm theem ntawm decrypting lub hauv paus muab faib. Thiab kuv nrhiav tsis tau cov ntaub ntawv li no hauv Internet.
Tsis ntev los no, nrog kev nce ntawm cov disks hauv cov rhawv, kuv tau khiav mus rau qhov teeb meem ntawm decrypting disks siv ntau tshaj li qhov paub zoo los ntawm /etc/crypttab. Tus kheej, kuv hais txog qee qhov teeb meem nrog kev siv cov qauv no, uas yog cov ntaub ntawv tau nyeem tsuas yog tom qab thauj khoom (mount) lub hauv paus muab faib, uas cuam tshuam tsis zoo rau ZFS ntshuam, tshwj xeeb yog tias lawv tau tsim los ntawm kev faib tawm ntawm * _crypt ntaus ntawv, lossis mdadm raids tsim los ntawm cov partitions thiab. Peb txhua tus paub tias koj tuaj yeem siv sib cais ntawm LUKS ntim, txoj cai? Thiab kuj yog qhov teeb meem ntawm qhov pib thaum ntxov ntawm lwm cov kev pabcuam, thaum tsis muaj arrays tseem, tab sis siv Kuv twb xav tau ib yam dab tsi (Kuv ua haujlwm nrog pawg Proxmox VE 5.x thiab ZFS dhau iSCSI).
Ib me ntsis txog ZFSoverISCSIiSCSI ua haujlwm rau kuv los ntawm LIO, thiab qhov tseeb, thaum lub hom phiaj iscsi pib thiab tsis pom ZVOL pab kiag li lawm, nws tsuas yog tshem tawm lawv los ntawm kev teeb tsa, uas tiv thaiv cov qhua los ntawm booting. Li no, txawm tias rov qab kho cov ntaub ntawv json, lossis manually ntxiv cov khoom siv nrog cov cim rau txhua VM, uas yooj yim txaus ntshai thaum muaj ntau lub tshuab xws li thiab txhua qhov teeb tsa muaj ntau dua 1 disk.
Thiab lo lus nug thib ob uas kuv yuav xav txog yog yuav ua li cas decryption (qhov no yog lub ntsiab lus tseem ceeb ntawm tsab xov xwm). Thiab peb mam li tham txog qhov no hauv qab no, mus rau hauv qab txiav!
Feem ntau, hauv Is Taws Nem, cov ntaub ntawv tseem ceeb yog siv (tus kheej-ntxiv rau qhov ua ntej qhov no los ntawm kev hais kom ua - cryptsetup luksAddKey), lossis tsis tshua muaj kev zam (hauv Lavxias-lus Internet muaj cov ntaub ntawv tsawg heev) - tsab ntawv decrypt_derived nyob rau hauv /lib/cryptsetup/script/ (ntawm chav kawm, muaj lwm txoj kev, tab sis kuv siv ob, uas tsim lub hauv paus ntawm tsab xov xwm). Kuv kuj tau mob siab rau tag nrho kev tswj hwm tus kheej suav nrog tom qab reboots, yam tsis muaj cov lus txib ntxiv hauv lub console, kom txhua yam yuav "khiav" rau kuv ib zaug. Yog li ntawd, vim li cas tos? β
Cia peb pib!
Cia peb xav tias ib qho system, zoo li Debian, ntsia rau ntawm sda3_crypt crypto muab faib thiab lub kaum os disks npaj tau encrypted thiab tsim rau koj lub siab cov ntsiab lus. Peb muaj tus lej passphrase (passphrase) txhawm rau qhib sda3_crypt, thiab nws yog los ntawm qhov kev faib tawm no uas peb yuav tshem tawm "hash" los ntawm lo lus zais ntawm lub kaw lus khiav (decrypted) thiab ntxiv rau qhov seem ntawm cov disks. Txhua yam yog theem pib, hauv console peb ua:
/lib/cryptsetup/scripts/decrypt_derived sda3_crypt | cryptsetup luksFormat /dev/sdXqhov twg X yog peb cov disks, partitions, thiab lwm yam.
Tom qab encrypting cov disks nrog "hash" los ntawm peb cov lus hla, koj yuav tsum paub txog UUID lossis ID - nyob ntawm seb leej twg siv rau dab tsi thiab dab tsi. Peb muab cov ntaub ntawv los ntawm /dev/disk/by-uuid thiab by-id feem.
Cov kauj ruam tom ntej yog npaj cov ntaub ntawv thiab cov ntawv sau me me rau cov haujlwm uas peb xav tau ua haujlwm, cia peb ua:
cp -p /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/
cp -p /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/ntxiv
touch /etc/initramfs-tools/hooks/decrypt && chmod +x /etc/initramfs-tools/hooks/decryptCov ntsiab lus ntawm ../decrypt
#!/bin/sh
cp -p /lib/cryptsetup/scripts/decrypt_derived "$DESTDIR/bin/decrypt_derived"ntxiv
touch /etc/initramfs-tools/hooks/partcopy && chmod +x /etc/initramfs-tools/hooks/partcopyCov ntsiab lus ntawm ../partcopy
#!/bin/sh
cp -p /sbin/partprobe "$DESTDIR/bin/partprobe"
cp -p /lib/x86_64-linux-gnu/libparted.so.2 "$DESTDIR/lib/x86_64-linux-gnu/libparted.so.2"
cp -p /lib/x86_64-linux-gnu/libreadline.so.7 "$DESTDIR/lib/x86_64-linux-gnu/libreadline.so.7"me ntsis ntxiv
touch /etc/initramfs-tools/scripts/local-bottom/partprobe && chmod +x /etc/initramfs-tools/scripts/local-bottom/partprobeCov ntsiab lus ../partprobe
#!/bin/sh
$DESTDIR/bin/partprobethiab kawg, ua ntej hloov tshiab-initramfs, koj yuav tsum hloov kho /etc/initramfs-tools/scripts/local-top/cryptroot cov ntaub ntawv, pib ntawm kab ~ 360, code snippet hauv qab no
Thawj
# decrease $count by 1, apparently last try was successful.
count=$(( $count - 1 ))
message "cryptsetup ($crypttarget): set up successfully"
break
thiab coj nws mus rau daim ntawv no
Hloov kho
# decrease $count by 1, apparently last try was successful.
count=$(( $count - 1 ))
/bin/decrypt_derived $crypttarget | cryptsetup luksOpen /dev/disk/by-uuid/ *CRYPT_MAP*
/bin/decrypt_derived $crypttarget | cryptsetup luksOpen /dev/disk/by-id/ *CRYPT_MAP*
message "cryptsetup ($crypttarget): set up successfully"
breakNco ntsoov tias UUID lossis ID tuaj yeem siv tau ntawm no. Qhov tseem ceeb tshaj plaws yog cov tsav tsheb tsim nyog rau HDD / SSD cov khoom siv ntxiv rau /etc/initramfs-tools/modules. Koj tuaj yeem nrhiav seb tus tsav tsheb twg raug siv nrog cov lus txib udevadm info -a -n /dev/sdX | egreg 'saib|DRIVER'.
Tam sim no uas peb ua tiav thiab tag nrho cov ntaub ntawv nyob rau hauv qhov chaw, khiav update-initramfs -u -k tag nrho -v, hauv log yuav tsum tsis yog kev ua yuam kev ntawm peb cov ntawv sau. Peb rov pib dua, nkag mus rau cov lus hla thiab tos me ntsis, nyob ntawm seb muaj pes tsawg tus disks. Tom ntej no, lub kaw lus yuav pib thiab nyob rau theem kawg ntawm kev tso tawm, uas yog tom qab "mounting" lub hauv paus muab faib, partprobe hais kom ua - nws yuav pom thiab khaws tag nrho cov tsim partitions ntawm LUKS pab kiag li lawm thiab tej arrays, yog ZFS los yog mdadm, yuav sib sau tsis muaj teeb meem! Thiab tag nrho cov no ua ntej loading cov kev pabcuam tseem ceeb thiab cov kev pabcuam uas xav tau cov disks / arrays.
hloov tshiab1: Ua li cas , txoj kev no tsuas yog ua haujlwm rau LUKS1.
Tau qhov twg los: www.hab.com