Changes between Version 17 and Version 18 of Linux/Ubuntu/HardyRAID5EncryptedLVM


Ignore:
Timestamp:
09/02/09 03:27:04 (9 years ago)
Author:
tj
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Linux/Ubuntu/HardyRAID5EncryptedLVM

    v17 v18  
    11[[PageOutline]] 
     2 
    23= RAID-5 Encrypted with Logical Volume Management = 
    3  
    4  These instructions in this tutorial should apply to Intrepid (and possibly Jaunty) as well as Hardy. Some slight adjustments might be necessary due to changes in various system libraries and tools. The key-script has been updated to work with Intrepid. 
     4  These instructions in this tutorial should apply to Intrepid (and possibly Jaunty) as well as Hardy. Some slight adjustments might be necessary due to changes in various system libraries and tools. The key-script has been updated to work with Intrepid. 
    55 
    66These instructions show how to use the Ubuntu Hardy Desktop Live CD to build and install to a secure encrypted multi-disk RAID system that requires a key-file on an external USB memory stick in order to start. It works around several ''bugs'' in the Ubiquity installer in order to work with ''md'' software RAID arrays (thus avoiding the need to use the alternate text-based installer CD image). In [wiki:Linux/Ubuntu/HardyEncryptedLVM another article there are similar instructions for encrypted non-RAID systems] such as notebooks and laptops that have a single disk drive. 
     
    1515 
    1616Access to the Internet is required to install packages not on the LiveCD. Alternatively, download the .deb packages for [http://packages.ubuntu.com/hardy/mdadm mdadm], [http://packages.ubuntu.com/hardy/cryptsetup cryptsetup] and [http://packages.ubuntu.com/hardy/lvm2 lvm2] and make them available locally on a USB memory stick, CD, or floppy disk (they require about 1MB) and install them using: 
     17 
    1718{{{ 
    1819dpkg -i <package>.deb 
    1920}}} 
    20  
    2121== Organisation == 
    22  
    23 The physical system looks like this:[[BR]] 
    24 [[Image(RAIDencryptedLVM-physical.png)]] 
    25  
    26 The boot files and swap are in RAID-1 (mirrored) arrays that are accessible to GRUB and BIOS:[[BR]] 
    27 [[Image(RAIDencryptedLVM-logical-RAID1.png)]] 
    28  
    29 The operating system and user data are in an encrypted RAID-5 (striped plus parity) array:[[BR]] 
    30 [[Image(RAIDencryptedLVM-logical-RAID5.png)]] 
    31  
     22The physical system looks like this:[[BR]] [[Image(RAIDencryptedLVM-physical.png)]] 
     23 
     24The boot files and swap are in RAID-1 (mirrored) arrays that are accessible to GRUB and BIOS:[[BR]] [[Image(RAIDencryptedLVM-logical-RAID1.png)]] 
     25 
     26The operating system and user data are in an encrypted RAID-5 (striped plus parity) array:[[BR]] [[Image(RAIDencryptedLVM-logical-RAID5.png)]] 
    3227 
    3328== Boot from the Desktop Live CD == 
    34  
    3529There is no operating system or other data on the disks so the Live CD environment is used to prepare the disks prior to installing Hardy. 
    3630 
     
    4034sudo su 
    4135}}} 
    42  
    4336== Randomise the disk surface == 
    44  
    4537By ensuring every sector of the disks is written with random data, a potential attacker will have great difficulty locating encrypted data that they might want to try to decrypt. If the surface of the disk was written with zeros (using if=/dev/zero) or some other predictable values encrypted data would be easy to identify if the disk were to fall into hostile hands. 
    4638 
    4739This is likely to take a long time - '''possibly 24 hours or more''' - even with running one background process for each disk: 
     40 
    4841{{{ 
    4942for dr in a b c d; do DEV="/dev/sd${dr}"; sh -c "dd if=/dev/urandom of=$DEV bs=512"& done 
    5043}}} 
    51  
    5244Check the progress by sending the '''USR1''' signal to the `dd` processes: 
     45 
    5346{{{ 
    5447ps -ef | sed -n 's/[a-z ]*\([0-9]*\).* dd.*/\1/p' | while read PID; do kill -USR1 $PID; done 
    5548}}} 
    56  
    5749== Partition the disks == 
    58  
    5950Each disk is identically partitioned. The RAID-5 array will use the majority of the space. GRUB and BIOS require a ''regular'' disk layout in order to boot the system, so a small partition for /boot is first on the disks. 
    6051 
     
    6253 
    6354We repeat the same partitioning procedure for each disk, creating a 3GB boot/swap partition and put the remainder of the disk in the second partition: 
     55 
    6456{{{ 
    6557for dr in a b c d; do DEV="/dev/sd${dr}"; echo -e "o\nn\np\n1\n\n+3G\nn\np\n2\n\n\nt\n1\nfd\nt\n2\nfd\np\nw\n" | fdisk $DEV; done 
    6658}}} 
    6759'''Note:''' At this point, if fdisk reports the kernel can't re-read the partition tables: 
     60 
    6861{{{ 
    6962WARNING: Re-reading the partition table failed with error 16: Device or resource busy. 
     
    7265}}} 
    7366you will need to restart the system: 
     67 
    7468{{{ 
    7569shutdown -r now 
     
    7872 
    7973== Create the RAID arrays == 
    80  
    8174The RAID arrays will be made up of groups of partitions. 
    8275 
    8376Install the Linux RAID package: 
     77 
    8478{{{ 
    8579apt-get install mdadm 
    8680}}} 
    87  
    8881First the mirror array for /boot, which will use the first partition on two disks on different IDE channels (to avoid master/slave bootlenecks): 
     82 
    8983{{{ 
    9084mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdc1 
    9185mdadm: array /dev/md0 started. 
    9286}}} 
    93  
    9487Now create a mirror array for swap & hibernate: 
     88 
    9589{{{ 
    9690mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdd1 
    9791mdadm: array /dev/md1 started. 
    9892}}} 
    99  
    10093All remaining space (in the second partition) is allocated to the RAID-5 array. Its capacity will be the number of disks in the array minus one, multiplied by the size of the partition: (N - 1) x C : (4 - 1) x 58GB = 174GB. 
     94 
    10195{{{ 
    10296mdadm --create /dev/md2 --level=5 --raid-devices=4 /dev/sda2 /dev/sdb2 /dev/sdc2 /dev/sdd2 
    10397mdadm: array /dev/md2 started. 
    10498}}} 
    105  
    10699Check the array build status: 
     100 
    107101{{{ 
    108102cat /proc/mdstat 
     
    122116unused devices: <none> 
    123117}}} 
    124  
    125118Wait until the arrays are finished building. Press Ctrl+C to interrupt `watch` when all the arrays have finished building: 
     119 
    126120{{{ 
    127121watch -n 30 cat /proc/mdstat 
     
    139133unused devices: <none> 
    140134}}} 
    141  
    142135== Encryption == 
    143  
    144136First, install the cryptography package: 
     137 
    145138{{{ 
    146139apt-get install cryptsetup 
    147140}}} 
    148  
    149141=== Choosing a key-file === 
    150  
    151142The key-file is kept on an external USB memory stick. There are various ways to create and store the key-file. Many guides recommend generating a random key from `/dev/random` but in my opinion anyone that managed to get access to the memory stick could easily locate the key-file because of its totally random contents, unless many 'fake' keys were also on the memory stick. 
    152143 
     
    158149 
    159150Load the kernel module: 
     151 
    160152{{{ 
    161153modprobe dm-crypt 
    162154}}} 
    163  
    164155=== Encrypt the arrays === 
    165  
    166156Now encrypt the RAID-5 array: 
     157 
    167158{{{ 
    168159cryptsetup --hash sha512 --key-size 256 --cipher aes-cbc-essiv:sha256 \ 
     
    176167Command successful 
    177168}}} 
    178  
    179169Open the encrypted device, giving it the name ''md2encrypted'': 
     170 
    180171{{{ 
    181172cryptsetup --key-file /media/casper-rw/home/tj/Media/theme-song.mp3 luksOpen /dev/md2 md2encrypted 
     
    184175}}} 
    185176There will now be a new device: 
     177 
    186178{{{ 
    187179ls -1 /dev/mapper 
     
    189181md2encrypted 
    190182}}} 
    191  
    192183== Configure Logical Volume Management (LVM) == 
    193  
    194184First install the LVM package: 
     185 
    195186{{{ 
    196187apt-get install lvm2 
    197188}}} 
    198  
    199189==== LVM Tools Confuse Megabytes with Mebibytes ==== 
    200  
    201190The LVM tool reports can be confusing because they use the wrong size suffixes (such as MB and GB). The problem is, a gigabyte (GB) is 1,000MB, a megabyte (MB) is 1,000 kilobytes, and a kilobyte (KB) is 1,000 bytes. However, LVM uses binary-based calculations, not the decimal, with KB = 1,024, MB = 1,024KB, and GB = 1,024MB. LVM ''should'' use [http://en.wikipedia.org/wiki/Mebibytes MiB] and [http://en.wikipedia.org/wiki/Gibibyte GiB] suffixes to indicate binary-based measurements. 
    202191 
     
    206195 
    207196==== Determine the Number and Size of Logical Extents in Logical Volumes ==== 
    208  
    209197Logical volume size is defined as the number of ''logical extents'' (LE), the size of which is the same for all logical volumes in a volume group and is the same as the ''physical extent'' (PE) size. Use `vgdisplay` to find out: 
     198 
    210199{{{ 
    211200vgdisplay VGraid5 
     
    232221  VG UUID               V0kRhd-oFLa-hq21-9eCs-kAnm-e1BW-xK7GPT 
    233222}}} 
    234 The '''PE Size''' (physical extent size) for this volume group is 4.00''MB''. The '''Total PE''' (number of extents) is 43,794.  
     223The '''PE Size''' (physical extent size) for this volume group is 4.00''MB''. The '''Total PE''' (number of extents) is 43,794. 
    235224 
    236225So, in fact, the PE Size is 4.00''MiB'' (4.00 x 1024 x 1024 = 4,194,304 bytes), or 4.194304''MB'' (4.194304 x 1000 x 1000 = 4,194,304 bytes). 
    237226 
    238227To make later calculations easier set up some definitions: 
     228 
    239229{{{ 
    240230export GB=1000000000 
     
    243233export MiB=1048576 
    244234}}} 
    245  
    246235=== Encrypted Volume === 
    247  
    248236Create the physical volume and volume group: 
     237 
    249238{{{ 
    250239pvcreate /dev/mapper/md2encrypted 
     
    259248  Volume group "VGraid5" successfully created 
    260249}}} 
    261  
    262250Create the logical volume 'root' using 18GB in the volume group 'VGraid5': 
     251 
    263252{{{ 
    264253export PES_BYTES=$(echo "$(vgdisplay VGraid5 | sed -n 's/.*PE Size *\([0-9\.]*\) .*/\1/p') * $MiB" | bc) 
     
    268257  Logical volume "root" created 
    269258}}} 
    270  
    271259Repeat for `/var/` (10GB) and `/home/` (75% of remaining free space): 
     260 
    272261{{{ 
    273262EXTENTS=$(echo "10 * $GB / $PES_BYTES" | bc); echo $EXTENTS 
     
    280269  Logical volume "home" created 
    281270}}} 
    282  
    283271Using `vgdisplay` you can see this will leave ~34GB of free space. If or when one of the existing logical volumes reaches capacity simply use `lvextend` to allocate more extents from the volume group - no need to shuffle data or partitions around. 
     272 
    284273{{{ 
    285274vgdisplay VGraid5 | grep 'Free  PE' 
    286275  Free  PE / Size       8789 / 34.33 GB 
    287276}}} 
    288  
    289277Check the devices are available: 
     278 
    290279{{{ 
    291280ls -1 /dev/mapper 
     
    296285VGraid5-var 
    297286}}} 
    298  
    299287Now the system has all the devices ready for formatting with file-systems, so installation of the operating system can begin. 
    300288 
    301289== Install Ubuntu == 
    302  
    303290=== Fix a bug in the partition manager scripts === 
    304  
    305291Ubiquity (the Ubunutu Live CD installer) depends on a set of scripts to partition the system disks. These are extremely complicated due to the vast number of permutations of storage device types the user might want to install to. As a result of ancient bugs it doesn't support installing to ''plain'' multiple-disk (md) arrays (/dev/md*), although it ''does'' support LVM devices (/dev/mapper/*) on md arrays. 
    306292 
     
    308294 
    309295There is a quick-and-dirty workaround to allow Ubiquity to see the md arrays. It is a patch that simply comments out a line that ''ignores'' md devices. It is possible it could cause other issues so beware, but from my experience in the scenario described in this article, it was successful. Run this command before starting the installer: 
     296 
    310297{{{ 
    311298sed -i 's,^\([\t ]*grep -v .^/dev/md. |\),#\1,' /lib/partman/init.d/30parted 
    312299}}} 
    313300Check the line has had a # prefixed to comment it out: 
     301 
    314302{{{ 
    315303grep '/dev/md' /lib/partman/init.d/30parted 
    316304#           grep -v '^/dev/md' |  
    317305}}} 
    318  
    319306The md devices also need to be manually formatted (''not'' partitioned though) because Ubiquity can't handle that: 
     307 
    320308{{{ 
    321309mkfs.ext3 -L boot /dev/md0 
     
    324312 
    325313=== Configuring === 
    326  
    327314Run the Ubuntu installer by double-clicking the '''Install''' icon on the Live CD desktop. Select the language, time-zone and keyboard layout. 
    328315 
     
    334321 
    335322The ''device'' list will show amongst others: 
     323 
    336324{{{ 
    337325/dev/md0 
     
    350338  '''Note:''' Because of a [https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/245855 bug in the Desktop Live CD installer] it is not possible to create the swap partition during installation. Therefore the installer will show a dialog with the message: 
    351339 
    352   You have not selected any partitions for use as swap space. Enabling swap space is recommended so that the system can make better use of available physical memory, and so that it behaves better when physical memory is scarce. You may experience installation problems if you do not have enough physical memory. 
    353   If you do not go back to the partitioning menu and assign a swap partition, the installation will continue without swap space. 
     340  You have not selected any partitions for use as swap space. Enabling swap space is recommended so that the system can make better use of available physical memory, and so that it behaves better when physical memory is scarce. You may experience installation problems if you do not have enough physical memory. If you do not go back to the partitioning menu and assign a swap partition, the installation will continue without swap space. 
    354341 
    355342  Press the '''Continue''' button. 
     
    361348Press the '''Advanced...''' button and '''disable''' (un-tick) "Install boot loader". This must be done  manually after the installer has finished. 
    362349 
    363 Finally, when you're happy with all the choices, press the '''Install''' button and wait whilst the installer runs.  
     350Finally, when you're happy with all the choices, press the '''Install''' button and wait whilst the installer runs. 
    364351 
    365352When it finishes '''DO NOT''' restart the system - some additional configuration is required before the system is restarted so it will boot successfully. 
    366353 
    367354=== Post-Installation configuration === 
    368  
    369355Now a series of additional steps is required to ensure the new system can successfully boot. 
    370356 
    371357==== Mount the Target System ==== 
    372358Prepare the installation for access using chroot: 
     359 
    373360{{{ 
    374361mkdir /mnt/target 
     
    380367mount -o bind /dev /mnt/target/dev 
    381368}}} 
    382  
    383369==== Swap ==== 
    384370Format the swap partition and add it to the file-system table so it is started automatically: 
     371 
    385372{{{ 
    386373mkswap /dev/md1 
    387374echo "UUID=$(vol_id --uuid /dev/md1) none swap sw 0 0" >> /mnt/target/etc/fstab 
    388375}}} 
    389  
    390376==== GRUB (boot loader) ==== 
    391377GRUB needs to be installed to both physical disks that make up the /dev/md0 mirror. 
    392378 
    393379Install GRUB: 
     380 
    394381{{{ 
    395382chroot /mnt/target /bin/bash -c "apt-get install grub" 
     
    397384chroot /mnt/target /bin/bash -c "cp /usr/lib/grub/*/{,e2fs_}stage* /boot/grub" 
    398385}}} 
    399  
    400386Write the master boot record (MBR) to sector #0 of both disks. Start GRUB then issue a series of commands to locate and then install the boot loader files: 
     387 
    401388{{{ 
    402389grub 
     
    432419grub> quit 
    433420}}} 
    434  
    435421Write GRUB configuration: 
     422 
    436423{{{ 
    437424chroot /mnt/target /bin/bash -c "update-grub" 
     
    449436Updating /boot/grub/menu.lst ... done 
    450437}}} 
    451  
    452438==== Install mdadm, cryptsetup, and lvm2 ==== 
    453439The installer didn't install the packages needed for the system to understand the disk configuration, so install them manually: 
     440 
    454441{{{ 
    455442chroot /mnt/target /bin/bash -c "apt-get install mdadm cryptsetup lvm2" 
    456443}}} 
    457  
    458444==== Multiple Disk Configuration ==== 
    459445The `mdadm.conf` should have been written automatically when the mdadm package was installed into the chroot environment. Check if the existing file has entries for the three RAID devices: 
     446 
    460447{{{ 
    461448grep md /mnt/target/etc/mdadm/mdadm.conf 
     
    469456 
    470457Otherwise the file can be copied from the Live CD environment: 
     458 
    471459{{{ 
    472460cp /etc/mdadm/mdadm.conf /mnt/target/etc/mdadm/mdadm.conf 
    473461}}} 
    474  
    475462Alternatively, it can be written by `mdadm` itself. 
     463 
    476464{{{ 
    477465mdadm --detail --brief /dev/md* >> /mnt/target/etc/mdadm/mdadm.conf 
    478466}}} 
    479  
    480467==== Encrypted Disk Configuration ==== 
    481468Write the configuration of /dev/mapper/md2encrypted so the system knows how to open it. It will use a shell script that is executed early in the boot process from the initrd image: 
     469 
    482470{{{ 
    483471echo "md2encrypted /dev/disk/by-uuid/$(vol_id --uuid /dev/md2) /home/tj/Media/theme-song.mp3 luks,keyscript=/usr/local/sbin/crypto-usb-key.sh" >> /mnt/target/etc/crypttab 
    484472}}} 
    485  
    486473There are several suitable shell scripts already existing. I chose to modify one written by Wejn and Rodolfo Garcia published at [http://wejn.org/how-to-make-passwordless-cryptsetup.html How to setup passwordless disk encryption in Debian Etch]. It is [http://tjworld.net/raw-attachment/wiki/Linux/Ubuntu/HardyRAID5EncryptedLVM/crypto-usb-key.sh attached to this article] ready for downloading. 
    487474 
     
    499486 * Added comments 
    500487 
    501  '''Note:''' Thanks to feedback from Dave at my-iop I've since fixed a password-reading bug and added more functionality to the script. It should now deal with opening key-files from mounted disks (great if you store key-files for some volumes inside the initial encrypted volume). It simply checks for the existence of the key-file and if it finds it bypasses all the USB functionality and passes the contents of the key-file back to the crypto manager. 
     488  '''Note:''' Thanks to feedback from Dave at my-iop I've since fixed a password-reading bug and added more functionality to the script. It should now deal with opening key-files from mounted disks (great if you store key-files for some volumes inside the initial encrypted volume). It simply checks for the existence of the key-file and if it finds it bypasses all the USB functionality and passes the contents of the key-file back to the crypto manager. 
    502489 
    503490Copy it into the new system (ensure the path and name match that specified in /mnt/target/etc/crypttab): 
     491 
    504492{{{ 
    505493wget http://tjworld.net/raw-attachment/wiki/Linux/Ubuntu/HardyRAID5EncryptedLVM/crypto-usb-key.sh \ 
    506494 -O /mnt/target/usr/local/sbin/crypto-usb-key.sh 
    507495chroot /mnt/target /bin/bash -c "chmod a+x /usr/local/sbin/crypto-usb-key.sh" 
    508 }}}  
    509  
     496}}} 
    510497==== Update Initial RAM Disk (initrd) ==== 
    511  
    512498{{{ 
    513499chroot /mnt/target /bin/bash -c "update-initramfs -u all" 
    514500update-initramfs: Generating /boot/initrd.img-2.6.24-19-generic 
    515501}}} 
    516  
    517502== Restart System and Test == 
    518  
    519503With everything written to the disks it is time to restart: 
     504 
    520505{{{ 
    521506shutdown -r now 
     
    530515 
    531516=== Debugging crypto-usb-key.sh === 
    532  
    533517If that fails you'll need to enable debugging within the script by changing: 
     518 
    534519{{{ 
    535520DEBUG=$FALSE 
    536521}}} 
    537522to 
     523 
    538524{{{ 
    539525DEBUG=$TRUE 
    540526}}} 
    541  
    542527To do this the initial RAM disk image needs updating. That means the encrypted volume must be opened and mounted and the chroot environment recreated from the Live CD. 
    543528 
     
    545530 
    546531Restart the system using the Live CD and open a terminal, then: 
     532 
    547533{{{ 
    548534sudo su 
     
    551537}}} 
    552538The script requires the key-file name be assigned to the environmental variable KEYFILE: 
     539 
    553540{{{ 
    554541KEYFILE="/home/tj/Media/theme-song.mp3" 
     
    556543}}} 
    557544Now make the changes and update the initial RAM disk image: 
     545 
    558546{{{ 
    559547sed -i 's/^\(DEBUG=\)$FALSE/\1$TRUE/' /mnt/target/usr/local/sbin/update-usb-key.sh 
    560548update-initramfs -u all 
    561549}}} 
    562  
    563550You might also want to remove the "splash" option from the kernel command-line in the GRUB configuration (either in the file /boot/grub/menu.lst or by pressing Escape when GRUB is starting after a reboot to edit the menu directly). This will ensure that the large number of debug messages from the script are easily readable on the console, rather than scrolling up too fast in usplash. 
    564551 
     
    568555 
    569556== References == 
    570  
    571 [https://wiki.ubuntu.com/LiveUsbPendrivePersistent Installing Ubuntu on USB pendrive using Linux][[BR]] 
    572 [http://mazeoflies.com/articles/2008/06/09/ubuntu-hard-drive-encryption-with-external-key Ubuntu hard drive encryption with external key][[BR]] 
    573 [https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto Installing Ubuntu 7.04 on an Encrypted LVM Partition For Root, Swap, and Home][[BR]] 
    574 [http://wejn.org/how-to-make-passwordless-cryptsetup.html How to setup passwordless disk encryption in Debian Etch][[BR]] 
    575 [http://linuxgazette.net/140/pfeiffer.html Encrypted Storage with LUKS, RAID and LVM2][[BR]] 
    576 [http://www.gagme.com/greg/linux/raid-lvm.php Managing RAID and LVM with Linux (v0.5)][[BR]] 
    577 [http://www.howtoforge.com/linux_lvm_p6 A Beginner's Guide To LVM - LVM On RAID1][[BR]] 
    578 [http://www.mythtv.org/wiki/index.php/RAID#RAID_0.2B1_.28or_1.2B0.2C_01.2C_10.29 RAID][[BR]] 
     557[https://wiki.ubuntu.com/LiveUsbPendrivePersistent Installing Ubuntu on USB pendrive using Linux][[BR]] [http://mazeoflies.com/articles/2008/06/09/ubuntu-hard-drive-encryption-with-external-key Ubuntu hard drive encryption with external key][[BR]] [https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto Installing Ubuntu 7.04 on an Encrypted LVM Partition For Root, Swap, and Home][[BR]] [http://wejn.org/how-to-make-passwordless-cryptsetup.html How to setup passwordless disk encryption in Debian Etch][[BR]] [http://linuxgazette.net/140/pfeiffer.html Encrypted Storage with LUKS, RAID and LVM2][[BR]] [http://www.gagme.com/greg/linux/raid-lvm.php Managing RAID and LVM with Linux (v0.5)][[BR]] [http://www.howtoforge.com/linux_lvm_p6 A Beginner's Guide To LVM - LVM On RAID1][[BR]] [http://www.mythtv.org/wiki/index.php/RAID#RAID_0.2B1_.28or_1.2B0.2C_01.2C_10.29 RAID] 
    579558 
    580559== Updates == 
    5815604 December 2008 '''crypto-usb-key.sh''': Dropped detection of specific USB devices because Intrepid and kernel 2.6.27 no longer include "usb" in the /sys/block/.../device path. Now the script relies purely on the 'removable' flag in determining which devices to look on for the keyfile. Fixed msg() not printing to console when using Intrepid. Simplified detection of running usplash. 
    582561 
    583  
    584 9 February 2009 '''crypto-usb-key.sh''': Added support for Jaunty, made script work in initrd and after root is mounted, use vol_id for FSTYPE and LABEL if possible, remove reliance on basename. 
     5629 February 2009 '''crypto-usb-key.sh''': Added support for Jaunty, made script work in initrd and after root is mounted, use vol_id for FSTYPE and LABEL if possible, remove reliance on basename, minimise wait for USB device to settle by monitoring dmesg for attache event.