System encryption :: Luks on lvm or Lvm on Luks?

Hello,
I was reading up about lvm and luks and decided I want to encrypt my system. Until now I have been using truecrypt to encrypt a data partition which get mounted during boot. I recently bought myself a netbook and since then I've been pondering how to make the most use of HD space and keeping it secure should it get stolen.
I have 3 Harddrives in my tower. One of the HDs is my backup drive. The other two are for OSs. What I would like to do is
1) Create an encrypted volume group on HD 1 (has about 650 Gb).
2) Create 2 LVs for /root /home on HD1
3) Rsync /root and /home to the LVs HD2 -> HD1
4) HD2 secure erase
5) create VG on HD2 and add it to VG on HD1
*** My Question ***
While reading up on lvm and luks I came upon this article and I'm not quite sure which one is better suited for my situation. I don't know how easy it is to grow/add to an encrypted vg or lg.
There are two ways of setting up an encrypted disk using LVM:
1. Create the LVM and encrypt every volume separately
2. Set up LVM on top of an encrypted partition
source :: http://www.pindarsign.de/webblog/?p=767
Update : Using badblocks on /dev/sda4 didn't work as intended. It completely wiped /dev/sda. One way of going Windows free.
Luckily enough windows 7 was still able to boot without a partition table (scratches head), so I was able to copy some saved games and the downloads folder.
Last edited by whitethorn (2011-09-19 15:12:12)

Dieter@be wrote:
AFAIK you cannot resize luks/dm_crypt devices, so you lose a lot of the flexibility if you put luks on top. of lvm.
personally i do full disk encryption with luks/dm_crypt, then lvm on top of that.
btw the arch installer supports both scenarios out of the box.
Sounds like what I'm doing right now. I encrypted my first HD then added lvm on top of that. It took a little while to get a seperate boot working and chroot to get all the files setup how I want. At the moment I'm randomizing a 2 Tb harddrive 10 hours 85%. Once it finishes encrypt the drive and add lvm on top. I'm not quite sure if I can grow my /home with the space from the 2nd drive and how to decrypt it during boot

Similar Messages

[Solved] Problem booting root in LVM, which spans two LUKS partitions

Hello,
I recently switched to Arch from OpenSuse, and I'm having a bit of trouble getting my encrypted disks to boot properly. I have two disks, the first is a 4 TB drive set up like this:
MBR partition table
Partition 1 - Windows 7, 200GB
Partition 2 - Linux boot, 200MB
Partition 3 - Luks partition, 1.7TB
Partition 4 - Luks partition, 1.7TB
Within partition 3 and 4 is an LVM volume which spans the two partitions. The reason for that is just that I can't have a 3.4TB partition on an MBR formatted drive (as I understand it). I have the root volume and swap, etc within this LVM. The second hard drive is simply a data drive, also encrypted. My problem is that I don't know how to tell the system to open both of these encrypted partitions at boot, in order to boot the root volume. This worked fine under OpenSuse and I only needed to enter the Luks password once (it is the same for both partitions).
As it is right now, my boot parameters in /etc/default/grub look like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet nomodeset cryptdevice=/dev/sda3:sda3_crypt root=/dev/mapper/vg_arch-root"
Currently the system boots, asks for the password to /dev/sda3, hangs for roughly 20 seconds and then kicks me into a root prompt. I can manually open /dev/sda4 at this point using cryptsetup and the system will continue booting normally... but I would like to have it set up properly, so I don't need to do that. Considering OpenSuse does this out of the box I figured it should be possible under Arch. Any help would be appreciated.
Thanks
Last edited by keitolainen (2015-06-09 21:56:08)

As a quick update in case anyone is reading this, I cleaned up the script a bit and hopefully made it something closer to a "proper" fix.
Rather than editing /usr/lib/initcpio/hooks/encrypt directly, I did the following:
cp /usr/lib/initcpio/hooks/encrypt /etc/initcpio/hooks/
then changed the following section of /etc/initcpio/hooks/encrypt from:
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
sleep 2;
done
fi
to:
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
while true ; do
echo -n "A password is required to access the ${cryptname} volume: "
read -sr password
echo $password | cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}
if [ $? = 0 ] ; then
break
fi
done
echo $password | cryptsetup open --type luks /dev/sda4 sda4_crypt
echo ""
fi
then edited /etc/mkinitcpio.conf and changed:
FILES=""
to:
FILES="/etc/initcpio/hooks/encrypt"
and ran
mkinitcpio
This is working well for me and I think it's a little cleaner than the solution I posted earlier. Sorry for the awkward bash, if anyone has a more elegant solution please let me know.

[SOLVED] Setting up LUKS on top of LVM

Maybe I'm missing a step, but I can't seem to get LUKS set up on my LVM partition.
cgdisk:
1007.0 KiB free space
1 1024.0 KiB BIOS boot partition
2 596.2 GiB Linux LVM
327.5 KiB free space
lsblk:
sda2
|__________vg1-swap (dm-1) 1G lvm
|__________vg1-root (dm-2) 10G lvm
|__________vg1-home (dm-3) 585.2G lvm
Once I boot into the Arch CD, this is the dialog:
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y --use-random luksFormat /dev/sda2
WARNING
========
This will overwrite data on /dev/sda2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Cannot format device /dev/sda2 which is still in use.
Issuing the mount command doesn't show that /dev/sda2 is mounted.
I'm probably making a really obvious mistake, but I can't figure it out.
Last edited by ajrl (2013-05-25 20:41:27)

You are trying to set up Luks on the device you already have an LVM on. I think what you are probably trying to acomplish is haveing LVM on top of Luks. It is in this way that you can have a single Luks container that is decrypted on boot. Otherwise, you will have several Luks containers that all need to be decrypted individually.
Is there anything on the LVM you have set up? I would hope not if you are trying to format it with random data. So if this is the case, then use the LVM tools to remove the LVM on sda2. Then use the Luks tools to create a Luks container on /dev/sda2. So when you do that, you attach the device (decrypt it) and it will put it in /dev/mapper with the name of your choosing. So then you create the LVM on that Luks container (use /dev/mapper/<your conatiner>). Once you have done that, then you can again use the LVM tools, but this time to create logical volumes on the LVM that is now on top of the Luks container.
If indeed you really want to be using Luks on top of LVM, then you will need to be making Luks containers on /dev/mapper/vg1-root, /dev/mapper/vg1-home, etc. Though this will result in multiple containers being created, it is not as bad as it might seem. You can use the /etc/crypttab file to have the system decrypt the rest of the filesystem on its own. There is a caveat though. When you use crypttab, you have to use keyfiles. So if your plan was to be super password happy, then you really want to go the other route. But basically once the rootfs is decrypted, then the system begins to boot, and it can then reference the crypttab to determine where the containers are and where in the decrypted filesystem the keyfiles can be found.
Personally I would go the way of LVM on top of Luks, as I really like the simplicity of having that single partition to decrypt. Also, I personally don't see any added benefit of security when you have them encrypted separately. Once the rootfs is decrypted, the information encessary is right there, plain as day to decrypt the others, so in my mind it is no different than having them all on a single volume group.

System encryption using LUKS and GPG encrypted keys for arch linux

Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)

I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?$${VALUENAME}$=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^$${VALUENAME}.*$$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#$${VALUENAME}.*$$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^$127\.0\.0\.1.*$$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?$\${VALUENAME}$=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^$\${VALUENAME}.*$\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#$\${VALUENAME}.*$\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?$\${VALUENAME}$=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^$\${VALUENAME}.*$\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#$\${VALUENAME}.*$\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*$%wheel\s*ALL=(ALL)\s*ALL.*$$/\1/" /tmp/sudoers.edit
sed -i "s/#\s*$%sudo\s*ALL=(ALL)\s*ALL.*$$/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO

Simplest possible system encryption setup?

I've been trying to install using the System Encryption wiki and having some difficulty. Here's what I'm looking for:
4 partitions: /boot, and encrypted /, /home and /var.
No LVM (to eliminate complication)
No swap
No suspend
A single passphrase during boot
My plan was to use a passphrase for /, and then store keyfiles for /home and /var under that (so they'd be encrypted with the system off).
I got as far as unlocking /, but when I got into executing /etc/crypttab it failed unlocking /var and /home. I generated those keyfiles but when I was in the installer it asked for passphrases for all my partitions, not just for /. Although I generated those keyfiles using /dev/urandom (for some reason /dev/random didn't work) I have a feeling I missed the step whereby /home and /var was encrypted using them.
Can I re-apply the encryption to them somehow? I'm guessing I have to re-do the install.
Also I'm a bit doubtful about how my fstab turned out. If someone without LVM has an fstab and crypttab he can post here that I can look at, I'd appreciate it. Not sure how to post mine since I don't have internet up on the arch system and don't even know how to put stuff on a flash drive (I've been spoiled by Puppy Linux)..
Perhaps I'm missing part of the big picture about how the device mapper works. I will have to poke around the internet to see if I can find an explanation.
The wiki mentioned TRIM being supported after kernel version 3.1 so I guess I'm out of luck on that for a while (it's an ssd).

hmm... honestly I don't know about /var which might be a special case, but what you're trying to do should be doable (without LVM, just LUKS). Certainly is for home. Obviously to decrypt your root you'll need to enter a passphrase on boot, but then you can have on said partition keyfiles to be used to decrypt other partitions.
I do have a setup like that myself, although not for my home (nor /var), but for a backups partition. I don't know how to do it all from the installer, as what I did was to just install Arch, and once that was done I manually added my /backups. But I'm guessing it might be doable.
You'll need to create your keyfiles before running the installer, and during the partition setup it should ask you for (extra) parameters to use with crypsetup, so you can then add something like: --key-file /path/to/home.key
After that, you'll have to set up your crypttab, there are examples but it should be something like this:
luks-home /dev/whatever /path/to/home.key
Of course you need to keep those keyfiles, and make sure to put them somewhere on / (as indicated on crypttab) after the installer is done and before rebooting. (I would also recommend to add another key (a passphrase that is, in addition to the keyfile), just so that in case the keyfile gets lost, corrupted or something, you can still decrypt your partition.)
And just in case you haven't, you should check the great wiki: https://wiki.archlinux.org/index.php/LUKS

[SOLVED] Setting up system encryption... cannot boot!

I have been trying to set up system encryption with an existing Arch install. I have taken the following steps (based on the Wiki article), but for some reason can no longer boot.
Steps:
* Backed everything up
* Overwrote /dev/sda with random data
* Created three partitions on /dev/sda: a boot partition (/dev/sda1), a swap partition (/dev/sda2), and a root partition (/dev/sda3)
* Set up swap on /dev/sda2
* Set up LUKS on /dev/sda3
* Moved my original /boot directory over to /sda1
When I power on, grub does not start. Instead, I see only a flashing underscore. Any ideas?
Thanks in advance for all of the help (and for being one of the best communities out there).
Last edited by jalu (2011-04-15 14:32:53)

jnguyen wrote:As a side note, you probably want to encrypt your swap as well. User data may get swapped out and thus become accessible. There are instructions for this on the LUKS arch wiki page.
Yes, I did set up swap encryption as the LUKS wiki page describes. Thanks for the important note.
JackH79 wrote:Did you go through this?
Not completely. Running grub-install did seem to help though -- right now, the grub shell does appear upon boot. I'll try to work through the whole process and report back as soon as possible.
Otherwise, does it seem that I'm mostly on the right path? This is my first time playing with encryption, so I hope this to be a learning experience more than anything.

[SOLVED] Chrome OS + Arch w/ full system encryption: Is it possible?

I want to dual boot Chrome OS and Arch on a Chromebook. More importantly, I want to run Arch with full system encryption, such as with dm-crypt.
As I understand it, in order to use full disk encryption, /boot must be a non-encrypted partition. If I didn't want to dual boot CrOS, this wouldn't be a problem. If I change the partitioning, it's unlikely that CrOS will boot.
Has anyone successfully dual booted Chrome OS and Arch with full-disk encryption? And, if so, I'd appreciate your guidance. Thanks!!
[edit] yes. Very straightforward, just read the Wiki
Last edited by Watney (2015-05-26 03:21:50)

What is your threat model?
Owe, and no you can not have hidden-volume with dm-crypt.
If you really want to have a secure OS to boot to.
You should make a small partition on your drive.
Put the tails linux OS .iso on it
https://tails.boum.org/
Then configure GRUB2 to boot the .iso file.
https://tails.boum.org/forum/LiveUSB__4 … __feature/
Now get a micro SD card and encrypt that for keeping data on.
Then if you have to destroy the data, you just snap the micro SD card in a few pieces, but if you don't have time to destroy it then it is at least encrypted.
If you are really worried about like the NSA or FBI getting your data... You probaly should not even have the data in the USA at all.
Instead, rent a VPS in like Malaysia, Russia, Hong Kong, bla, bla bla...
Pay for the VPS with BitCoin, Bitcoin you bought on #bitcoin-otc freenode IRC channel, that you connected to though the freenode TOR-HIdden Service IRC server. You will also want to do some bitcoin Tumbling before you use it. To tumble the bitcoin. You could simply transfer the bitcoin to an account on silkroadvb5piz3r.onion then transfer the bitcoin back to you.
.... OWE, and configure your bitcoin client to connect to the bitcoin network through TOR.
Only connect to the VPS through TOR.
Create a TOR-Hidden service to host SSH on the VPS
Then use like sshfs to mount a remote directory on that VPS.
Then create a TrueCrypt volume on that sshfs mounted directory, and keep your data in that.
===========
How far down the rabbit hole do you want to go?
Last edited by hunterthomson (2012-11-13 01:48:12)

Installing Arch encrypted using LVM on top of LUKS

I just installed Arch following this this wiki page and this guide .
While booting, it gets to the point when it asks for the password. Once I provide the password, the whole process halts. No messages, nothing.
# fdisk -l /dev/sda
Disk /dev/sda: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders, total 1953525168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x66c02a9c
Device Boot Start End Blocks Id System
/dev/sda1 1953327285 1953520064 96390 83 Linux
/dev/sda2 1952540100 1953327284 393592+ 83 Linux
/dev/sda3 63 1952540099 976270018+ 83 Linux
Partition table entries are not in disk order
/dev/sda2 contains information unrelated to my arch installation and is not to be mounted by the system
/dev/sda3 is the encrypted partition used as a physical volume and contains my volume group and all my logical volumes.
# pvscan
PV /dev/mapper/abierto VG grupito lvm2 [931.04 GiB / 867.04 GiB free]
Total: 1 [931.04 GiB] / in use: 1 [931.04 GiB] / in no VG: 0 [0 ]
# lvscan
ACTIVE '/dev/grupito/swap' [4.00 GiB] contiguous
ACTIVE '/dev/grupito/casa' [40.00 GiB] inherit
ACTIVE '/dev/grupito/raiz' [20.00 GiB] inherit
mkinitcpio.conf
mkinitcpio.conf wrote:
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES="dm-snapshot ext4"
# BINARIES
# This setting includes, into the CPIO image, and additional
# binaries a given user may wish. This is run first, so may
# be used to override the actual binaries used in a given hook.
# (Existing files are NOT overwritten is already added)
# BINARIES are dependancy parsed, so you may safely ignore libraries
BINARIES=""
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in anyway. This is useful for config files.
# Some users may wish to include modprobe.conf for custom module options,
# like so:
# FILES="/etc/modprobe.conf"
FILES=""
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
# This setup specifies all modules in the MODULES setting above.
# No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
# This setup will autodetect all modules for your system and should
# work as a sane default
# HOOKS="base udev autodetect pata scsi sata filesystems"
# This is identical to the above, except the old ide subsystem is
# used for IDE devices instead of the new pata subsystem.
# HOOKS="base udev autodetect ide scsi sata filesystems"
# This setup will generate a 'full' image which supports most systems.
# No autodetection is done.
# HOOKS="base udev pata scsi sata usb filesystems"
# This setup assembles an pata raid array with an encrypted root FS.
# Note: See 'mkinitcpio -H raid' for more information on raid devices.
# HOOKS="base udev pata raid encrypt filesystems"
# This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev usb lvm2 filesystems"
HOOKS="base udev autodetect pata scsi sata usb encrypt lvm2 filesystems"
# COMPRESSION
# Use this to compress the initramfs image. With kernels earlier than
# 2.6.30, only gzip is supported, which is also the default. Newer kernels
# support gzip, bzip2 and lzma. Kernels 2.6.38 and later support xz
# compression.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""
menu.lst
menu.lst wrote:
# Config file for GRUB - The GNU GRand Unified Bootloader
# /boot/grub/menu.lst
# DEVICE NAME CONVERSIONS
# Linux Grub
# /dev/fd0 (fd0)
# /dev/sda (hd0)
# /dev/sdb2 (hd1,1)
# /dev/sda3 (hd0,2)
# FRAMEBUFFER RESOLUTION SETTINGS
# +-------------------------------------------------+
# | 640x480 800x600 1024x768 1280x1024
# ----+--------------------------------------------
# 256 | 0x301=769 0x303=771 0x305=773 0x307=775
# 32K | 0x310=784 0x313=787 0x316=790 0x319=793
# 64K | 0x311=785 0x314=788 0x317=791 0x31A=794
# 16M | 0x312=786 0x315=789 0x318=792 0x31B=795
# +-------------------------------------------------+
# for more details and different resolutions see
# http://wiki.archlinux.org/index.php/GRU … Resolution
# general configuration:
timeout 5
default 0
color light-blue/black light-cyan/blue
# boot sections follow
# each is implicitly numbered from 0 in the order of appearance below
# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line.
# (0) Arch Linux
title Arch Linux
root (hd0,0)
kernel /vmlinuz26 root=/dev/mapper/grupito-raiz cryptdevice=/dev/sda3:grupito ro
initrd /kernel26.img
# (1) Arch Linux
title Arch Linux Fallback
root (hd0,0)
kernel /vmlinuz26 root=/dev/mapper/grupito-raiz cryptdevice=/dev/sda3:grupito ro
initrd /kernel26-fallback.img
I would appreciate some hint here (where to look and what to try?).
Thanks.

Okay, so I don't understand though how containing fragmentation to a certain partition will lead to a benefit. What you are really trying to avoid are seek times, right? So if /var/log is on the same disk as everything else, you are still going to have those seeks occuring and therefore slowing everything else on that disk down, no? I think that this technique is beneficial if you actually have the fragmented filesystem on a separate disk. But the same disk will have the same problems.
I don't understand the question at the end... "wouldn't be the same, now with /"? What does that mean?
Also, if you want to defragment something, you can simply "cp -a" it from one place to another, or yu can use something like rsync. Linux is really neat in that it has everything as a file. So you can literally just copy all the relevant files from one place to another and have a working bootable system. No magic boot code or anything like that that is hidden from the user.
In reality though, it is not the /var/log that i think is acusing the problems. I was simply explaining to you why your logs show those errors. I think the real problem is having /usr on a separate partition. Though this is somewhat "supported" in Arch Linux, and I have used this in the past, it is not something I feel as though I could count on. So...
Me wrote:Is there a reason why you need to have a separate /usr? It would make your life far simpler if you just integrated it into your rootfs.

[Luks] SWAP hibernation in LVM using LUKS (resolved)

Hi,
I use Luks for encrypt my root, home and swap.
At the boot, the message is
ERROR can't find /dev/mapper/cr-swap wainting 10 seconds..
And after I can enter the passphrase.
Here's the config.
$ lsblk
sdb 8:16 0 149,1G 0 disk
├─sdb1 8:17 0 94,1M 0 part /boot
└─sdb2 8:18 0 149G 0 part
└─root 254:0 0 149G 0 crypt
├─cr-root 254:1 0 15G 0 lvm /
├─cr-home 254:2 0 100G 0 lvm /home
└─cr-swap 254:3 0 3G 0 lvm
I also add
vim /etc/crypttab
cr-swap /dev/mapper/cr-swap dev/urandom swap,cipher=aes-cbc-essiv:sha256
How can I use /dev/mapper/rc-swap to SWAP in order to suspend-to-disk support ?
Thanks in adance.
Last edited by NeanderMarcl (2013-10-06 19:38:31)

-- Logs begin at ven. 2013-10-04 19:47:19 CEST, end at dim. 2013-10-06 20:58:49 CEST. --
oct. 06 20:46:25 stan systemd-journal[177]: Runtime journal is using 544.0K (max 150.6M, leaving 226.0M of free 1.4G, current limit 150.6M).
oct. 06 20:46:25 stan systemd-journal[177]: Runtime journal is using 548.0K (max 150.6M, leaving 226.0M of free 1.4G, current limit 150.6M).
oct. 06 20:46:25 stan kernel: Initializing cgroup subsys cpuset
oct. 06 20:46:25 stan kernel: Initializing cgroup subsys cpu
oct. 06 20:46:25 stan kernel: Initializing cgroup subsys cpuacct
oct. 06 20:46:25 stan kernel: Linux version 3.11.3-1-ARCH (nobody@var-lib-archbuild-extra-x86_64-thomas) (gcc version 4.8.1 20130725 (prerelease) (GCC) ) #1 SMP PREEMPT Wed Oct 2 01:38:48 CEST 2013
oct. 06 20:46:25 stan kernel: Command line: root=/dev/mapper/cr-root cryptdevice=/dev/sdb2:root initrd=/initramfs-linux.img BOOT_IMAGE=/vmlinuz-linux
oct. 06 20:46:25 stan kernel: e820: BIOS-provided physical RAM map:
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009f7ff] usable
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x000000000009f800-0x000000000009ffff] reserved
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x00000000000e6000-0x00000000000fffff] reserved
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000bffaffff] usable
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x00000000bffb0000-0x00000000bffbffff] ACPI data
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x00000000bffc0000-0x00000000bffeffff] ACPI NVS
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x00000000bfff0000-0x00000000bfffffff] reserved
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x00000000fed00000-0x00000000fed003ff] reserved
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
oct. 06 20:46:25 stan kernel: BIOS-e820: [mem 0x00000000ff380000-0x00000000ffffffff] reserved
oct. 06 20:46:25 stan kernel: NX (Execute Disable) protection: active
oct. 06 20:46:25 stan kernel: SMBIOS 2.4 present.
oct. 06 20:46:25 stan kernel: DMI: To Be Filled By O.E.M. To Be Filled By O.E.M./G31M-GS. , BIOS P1.80 05/20/2011
oct. 06 20:46:25 stan kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
oct. 06 20:46:25 stan kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
oct. 06 20:46:25 stan kernel: No AGP bridge found
oct. 06 20:46:25 stan kernel: e820: last_pfn = 0xbffb0 max_arch_pfn = 0x400000000
oct. 06 20:46:25 stan kernel: MTRR default type: uncachable
oct. 06 20:46:25 stan kernel: MTRR fixed ranges enabled:
oct. 06 20:46:25 stan kernel: 00000-9FFFF write-back
oct. 06 20:46:25 stan kernel: A0000-BFFFF uncachable
oct. 06 20:46:25 stan kernel: C0000-CFFFF write-protect
oct. 06 20:46:25 stan kernel: D0000-DFFFF uncachable
oct. 06 20:46:25 stan kernel: E0000-EFFFF write-through
oct. 06 20:46:25 stan kernel: F0000-FFFFF write-protect
oct. 06 20:46:25 stan kernel: MTRR variable ranges enabled:
oct. 06 20:46:25 stan kernel: 0 base 000000000 mask F80000000 write-back
oct. 06 20:46:25 stan kernel: 1 base 080000000 mask FC0000000 write-back
oct. 06 20:46:25 stan kernel: 2 disabled
oct. 06 20:46:25 stan kernel: 3 disabled
oct. 06 20:46:25 stan kernel: 4 disabled
oct. 06 20:46:25 stan kernel: 5 disabled
oct. 06 20:46:25 stan kernel: 6 disabled
oct. 06 20:46:25 stan kernel: 7 disabled
oct. 06 20:46:25 stan kernel: x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
oct. 06 20:46:25 stan kernel: found SMP MP-table at [mem 0x000ff780-0x000ff78f] mapped at [ffff8800000ff780]
oct. 06 20:46:25 stan kernel: Scanning 1 areas for low memory corruption
oct. 06 20:46:25 stan kernel: Base memory trampoline at [ffff880000099000] 99000 size 24576
oct. 06 20:46:25 stan kernel: init_memory_mapping: [mem 0x00000000-0x000fffff]
oct. 06 20:46:25 stan kernel: [mem 0x00000000-0x000fffff] page 4k
oct. 06 20:46:25 stan kernel: BRK [0x01b2d000, 0x01b2dfff] PGTABLE
oct. 06 20:46:25 stan kernel: BRK [0x01b2e000, 0x01b2efff] PGTABLE
oct. 06 20:46:25 stan kernel: BRK [0x01b2f000, 0x01b2ffff] PGTABLE
oct. 06 20:46:25 stan kernel: init_memory_mapping: [mem 0xbfc00000-0xbfdfffff]
oct. 06 20:46:25 stan kernel: [mem 0xbfc00000-0xbfdfffff] page 2M
oct. 06 20:46:25 stan kernel: BRK [0x01b30000, 0x01b30fff] PGTABLE
oct. 06 20:46:25 stan kernel: init_memory_mapping: [mem 0xbc000000-0xbfbfffff]
oct. 06 20:46:25 stan kernel: [mem 0xbc000000-0xbfbfffff] page 2M
oct. 06 20:46:25 stan kernel: init_memory_mapping: [mem 0x80000000-0xbbffffff]
oct. 06 20:46:25 stan kernel: [mem 0x80000000-0xbbffffff] page 2M
oct. 06 20:46:25 stan kernel: init_memory_mapping: [mem 0x00100000-0x7fffffff]
oct. 06 20:46:25 stan kernel: [mem 0x00100000-0x001fffff] page 4k
oct. 06 20:46:25 stan kernel: [mem 0x00200000-0x7fffffff] page 2M
oct. 06 20:46:25 stan kernel: init_memory_mapping: [mem 0xbfe00000-0xbffaffff]
oct. 06 20:46:25 stan kernel: [mem 0xbfe00000-0xbffaffff] page 4k
oct. 06 20:46:25 stan kernel: BRK [0x01b31000, 0x01b31fff] PGTABLE
oct. 06 20:46:25 stan kernel: RAMDISK: [mem 0x7fb1a000-0x7fffefff]
oct. 06 20:46:25 stan kernel: ACPI: RSDP 00000000000fa010 00014 (v00 ACPIAM)
oct. 06 20:46:25 stan kernel: ACPI: RSDT 00000000bffb0000 00040 (v01 052011 RSDT1536 20110520 MSFT 00000097)
oct. 06 20:46:25 stan kernel: ACPI: FACP 00000000bffb0200 00084 (v01 A M I OEMFACP 12000601 MSFT 00000097)
oct. 06 20:46:25 stan kernel: ACPI: DSDT 00000000bffb0440 05641 (v01 AS166 AS166172 00000172 INTL 20051117)
oct. 06 20:46:25 stan kernel: ACPI: FACS 00000000bffc0000 00040
oct. 06 20:46:25 stan kernel: ACPI: APIC 00000000bffb0390 0006C (v01 052011 APIC1536 20110520 MSFT 00000097)
oct. 06 20:46:25 stan kernel: ACPI: MCFG 00000000bffb0400 0003C (v01 052011 OEMMCFG 20110520 MSFT 00000097)
oct. 06 20:46:25 stan kernel: ACPI: OEMB 00000000bffc0040 00071 (v01 052011 OEMB1536 20110520 MSFT 00000097)
oct. 06 20:46:25 stan kernel: ACPI: AAFT 00000000bffb5a90 00027 (v01 052011 OEMAAFT 20110520 MSFT 00000097)
oct. 06 20:46:25 stan kernel: ACPI: GSCI 00000000bffc00c0 02024 (v01 052011 GMCHSCI 20110520 MSFT 00000097)
oct. 06 20:46:25 stan kernel: ACPI: SSDT 00000000bffc2a10 00A7C (v01 DpgPmm CpuPm 00000012 INTL 20051117)
oct. 06 20:46:25 stan kernel: ACPI: Local APIC address 0xfee00000
oct. 06 20:46:25 stan kernel: No NUMA configuration found
oct. 06 20:46:25 stan kernel: Faking a node at [mem 0x0000000000000000-0x00000000bffaffff]
oct. 06 20:46:25 stan kernel: Initmem setup node 0 [mem 0x00000000-0xbffaffff]
oct. 06 20:46:25 stan kernel: NODE_DATA [mem 0xbffab000-0xbffaffff]
oct. 06 20:46:25 stan kernel: [ffffea0000000000-ffffea0002ffffff] PMD -> [ffff8800bc400000-ffff8800bf3fffff] on node 0
oct. 06 20:46:25 stan kernel: Zone ranges:
oct. 06 20:46:25 stan kernel: DMA [mem 0x00001000-0x00ffffff]
oct. 06 20:46:25 stan kernel: DMA32 [mem 0x01000000-0xffffffff]
oct. 06 20:46:25 stan kernel: Normal empty
oct. 06 20:46:25 stan kernel: Movable zone start for each node
oct. 06 20:46:25 stan kernel: Early memory node ranges
oct. 06 20:46:25 stan kernel: node 0: [mem 0x00001000-0x0009efff]
oct. 06 20:46:25 stan kernel: node 0: [mem 0x00100000-0xbffaffff]
oct. 06 20:46:25 stan kernel: On node 0 totalpages: 786254
oct. 06 20:46:25 stan kernel: DMA zone: 64 pages used for memmap
oct. 06 20:46:25 stan kernel: DMA zone: 21 pages reserved
oct. 06 20:46:25 stan kernel: DMA zone: 3998 pages, LIFO batch:0
oct. 06 20:46:25 stan kernel: DMA32 zone: 12223 pages used for memmap
oct. 06 20:46:25 stan kernel: DMA32 zone: 782256 pages, LIFO batch:31
oct. 06 20:46:25 stan kernel: ACPI: PM-Timer IO Port: 0x808
oct. 06 20:46:25 stan kernel: ACPI: Local APIC address 0xfee00000
oct. 06 20:46:25 stan kernel: ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] enabled)
oct. 06 20:46:25 stan kernel: ACPI: LAPIC (acpi_id[0x02] lapic_id[0x01] enabled)
oct. 06 20:46:25 stan kernel: ACPI: LAPIC (acpi_id[0x03] lapic_id[0x82] disabled)
oct. 06 20:46:25 stan kernel: ACPI: LAPIC (acpi_id[0x04] lapic_id[0x83] disabled)
oct. 06 20:46:25 stan kernel: ACPI: IOAPIC (id[0x02] address[0xfec00000] gsi_base[0])
oct. 06 20:46:25 stan kernel: IOAPIC[0]: apic_id 2, version 32, address 0xfec00000, GSI 0-23
oct. 06 20:46:25 stan kernel: ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
oct. 06 20:46:25 stan kernel: ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
oct. 06 20:46:25 stan kernel: ACPI: IRQ0 used by override.
oct. 06 20:46:25 stan kernel: ACPI: IRQ2 used by override.
oct. 06 20:46:25 stan kernel: ACPI: IRQ9 used by override.
oct. 06 20:46:25 stan kernel: Using ACPI (MADT) for SMP configuration information
oct. 06 20:46:25 stan kernel: smpboot: Allowing 4 CPUs, 2 hotplug CPUs
oct. 06 20:46:25 stan kernel: nr_irqs_gsi: 40
oct. 06 20:46:25 stan kernel: PM: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
oct. 06 20:46:25 stan kernel: PM: Registered nosave memory: [mem 0x000a0000-0x000e5fff]
oct. 06 20:46:25 stan kernel: PM: Registered nosave memory: [mem 0x000e6000-0x000fffff]
oct. 06 20:46:25 stan kernel: e820: [mem 0xc0000000-0xfecfffff] available for PCI devices
oct. 06 20:46:25 stan kernel: Booting paravirtualized kernel on bare hardware
oct. 06 20:46:25 stan kernel: setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:4 nr_node_ids:1
oct. 06 20:46:25 stan kernel: PERCPU: Embedded 29 pages/cpu @ffff8800bfa00000 s86528 r8192 d24064 u524288
oct. 06 20:46:25 stan kernel: pcpu-alloc: s86528 r8192 d24064 u524288 alloc=1*2097152
oct. 06 20:46:25 stan kernel: pcpu-alloc: [0] 0 1 2 3
oct. 06 20:46:25 stan kernel: Built 1 zonelists in Node order, mobility grouping on. Total pages: 773946
oct. 06 20:46:25 stan kernel: Policy zone: DMA32
oct. 06 20:46:25 stan kernel: Kernel command line: root=/dev/mapper/cr-root cryptdevice=/dev/sdb2:root initrd=/initramfs-linux.img BOOT_IMAGE=/vmlinuz-linux
oct. 06 20:46:25 stan kernel: PID hash table entries: 4096 (order: 3, 32768 bytes)
oct. 06 20:46:25 stan kernel: Checking aperture...
oct. 06 20:46:25 stan kernel: No AGP bridge found
oct. 06 20:46:25 stan kernel: Calgary: detecting Calgary via BIOS EBDA area
oct. 06 20:46:25 stan kernel: Calgary: Unable to locate Rio Grande table in EBDA - bailing!
oct. 06 20:46:25 stan kernel: Memory: 3078568K/3145016K available (5046K kernel code, 795K rwdata, 1696K rodata, 1140K init, 1284K bss, 66448K reserved)
oct. 06 20:46:25 stan kernel: SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
oct. 06 20:46:25 stan kernel: Preemptible hierarchical RCU implementation.
oct. 06 20:46:25 stan kernel: RCU dyntick-idle grace-period acceleration is enabled.
oct. 06 20:46:25 stan kernel: Dump stacks of tasks blocking RCU-preempt GP.
oct. 06 20:46:25 stan kernel: RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=4.
oct. 06 20:46:25 stan kernel: NR_IRQS:4352 nr_irqs:712 16
oct. 06 20:46:25 stan kernel: Console: colour VGA+ 80x25
oct. 06 20:46:25 stan kernel: console [tty0] enabled
oct. 06 20:46:25 stan kernel: allocated 12582912 bytes of page_cgroup
oct. 06 20:46:25 stan kernel: please try 'cgroup_disable=memory' option if you don't want memory cgroups
oct. 06 20:46:25 stan kernel: tsc: Fast TSC calibration using PIT
oct. 06 20:46:25 stan kernel: tsc: Detected 2193.912 MHz processor
oct. 06 20:46:25 stan kernel: Calibrating delay loop (skipped), value calculated using timer frequency.. 4389.65 BogoMIPS (lpj=7313040)
oct. 06 20:46:25 stan kernel: pid_max: default: 32768 minimum: 301
oct. 06 20:46:25 stan kernel: Security Framework initialized
oct. 06 20:46:25 stan kernel: AppArmor: AppArmor disabled by boot time parameter
oct. 06 20:46:25 stan kernel: Yama: becoming mindful.
oct. 06 20:46:25 stan kernel: Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
oct. 06 20:46:25 stan kernel: Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
oct. 06 20:46:25 stan kernel: Mount-cache hash table entries: 256
oct. 06 20:46:25 stan kernel: Initializing cgroup subsys memory
oct. 06 20:46:25 stan kernel: Initializing cgroup subsys devices
oct. 06 20:46:25 stan kernel: Initializing cgroup subsys freezer
oct. 06 20:46:25 stan kernel: Initializing cgroup subsys net_cls
oct. 06 20:46:25 stan kernel: Initializing cgroup subsys blkio
oct. 06 20:46:25 stan kernel: CPU: Physical Processor ID: 0
oct. 06 20:46:25 stan kernel: CPU: Processor Core ID: 0
oct. 06 20:46:25 stan kernel: mce: CPU supports 6 MCE banks
oct. 06 20:46:25 stan kernel: CPU0: Thermal monitoring enabled (TM2)
oct. 06 20:46:25 stan kernel: Last level iTLB entries: 4KB 128, 2MB 4, 4MB 4
Last level dTLB entries: 4KB 256, 2MB 0, 4MB 32
tlb_flushall_shift: -1
oct. 06 20:46:25 stan kernel: Freeing SMP alternatives memory: 20K (ffffffff819e5000 - ffffffff819ea000)
oct. 06 20:46:25 stan kernel: ACPI: Core revision 20130517
oct. 06 20:46:25 stan kernel: ACPI: All ACPI Tables successfully acquired
oct. 06 20:46:25 stan kernel: ftrace: allocating 20089 entries in 79 pages
oct. 06 20:46:25 stan kernel: ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
oct. 06 20:46:25 stan kernel: smpboot: CPU0: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz (fam: 06, model: 0f, stepping: 0d)
oct. 06 20:46:25 stan kernel: Performance Events: PEBS fmt0+, 4-deep LBR, Core2 events, Intel PMU driver.
oct. 06 20:46:25 stan kernel: perf_event_intel: PEBS disabled due to CPU errata
oct. 06 20:46:25 stan kernel: ... version: 2
oct. 06 20:46:25 stan kernel: ... bit width: 40
oct. 06 20:46:25 stan kernel: ... generic registers: 2
oct. 06 20:46:25 stan kernel: ... value mask: 000000ffffffffff
oct. 06 20:46:25 stan kernel: ... max period: 000000007fffffff
oct. 06 20:46:25 stan kernel: ... fixed-purpose events: 3
oct. 06 20:46:25 stan kernel: ... event mask: 0000000700000003
oct. 06 20:46:25 stan kernel: NMI watchdog: enabled on all CPUs, permanently consumes one hw-PMU counter.
oct. 06 20:46:25 stan kernel: smpboot: Booting Node 0, Processors #1
oct. 06 20:46:25 stan kernel: Brought up 2 CPUs
oct. 06 20:46:25 stan kernel: smpboot: Total of 2 processors activated (8779.30 BogoMIPS)
oct. 06 20:46:25 stan kernel: devtmpfs: initialized
oct. 06 20:46:25 stan kernel: PM: Registering ACPI NVS region [mem 0xbffc0000-0xbffeffff] (196608 bytes)
oct. 06 20:46:25 stan kernel: RTC time: 18:46:18, date: 10/06/13
oct. 06 20:46:25 stan kernel: NET: Registered protocol family 16
oct. 06 20:46:25 stan kernel: ACPI: bus type PCI registered
oct. 06 20:46:25 stan kernel: acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
oct. 06 20:46:25 stan kernel: PCI: MMCONFIG for domain 0000 [bus 00-ff] at [mem 0xe0000000-0xefffffff] (base 0xe0000000)
oct. 06 20:46:25 stan kernel: PCI: not using MMCONFIG
oct. 06 20:46:25 stan kernel: PCI: Using configuration type 1 for base access
oct. 06 20:46:25 stan kernel: bio: create slab <bio-0> at 0
oct. 06 20:46:25 stan kernel: ACPI: Added _OSI(Module Device)
oct. 06 20:46:25 stan kernel: ACPI: Added _OSI(Processor Device)
oct. 06 20:46:25 stan kernel: ACPI: Added _OSI(3.0 _SCP Extensions)
oct. 06 20:46:25 stan kernel: ACPI: Added _OSI(Processor Aggregator Device)
oct. 06 20:46:25 stan kernel: ACPI: EC: Look up EC in DSDT
oct. 06 20:46:25 stan kernel: ACPI: Executed 1 blocks of module-level executable AML code
oct. 06 20:46:25 stan kernel: ACPI: SSDT 00000000bffc20f0 00235 (v01 DpgPmm P001Ist 00000011 INTL 20051117)
oct. 06 20:46:25 stan kernel: ACPI: Dynamic OEM Table Load:
oct. 06 20:46:25 stan kernel: ACPI: SSDT (null) 00235 (v01 DpgPmm P001Ist 00000011 INTL 20051117)
oct. 06 20:46:25 stan kernel: ACPI: SSDT 00000000bffc2580 00235 (v01 DpgPmm P002Ist 00000012 INTL 20051117)
oct. 06 20:46:25 stan kernel: ACPI: Dynamic OEM Table Load:
oct. 06 20:46:25 stan kernel: ACPI: SSDT (null) 00235 (v01 DpgPmm P002Ist 00000012 INTL 20051117)
oct. 06 20:46:25 stan kernel: ACPI: Interpreter enabled
oct. 06 20:46:25 stan kernel: ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S2_] (20130517/hwxface-571)
oct. 06 20:46:25 stan kernel: ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S3_] (20130517/hwxface-571)
oct. 06 20:46:25 stan kernel: ACPI: (supports S0 S1 S4 S5)
oct. 06 20:46:25 stan kernel: ACPI: Using IOAPIC for interrupt routing
oct. 06 20:46:25 stan kernel: PCI: MMCONFIG for domain 0000 [bus 00-ff] at [mem 0xe0000000-0xefffffff] (base 0xe0000000)
oct. 06 20:46:25 stan kernel: PCI: MMCONFIG at [mem 0xe0000000-0xefffffff] reserved in ACPI motherboard resources
oct. 06 20:46:25 stan kernel: PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
oct. 06 20:46:25 stan kernel: ACPI: No dock devices found.
oct. 06 20:46:25 stan kernel: ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
oct. 06 20:46:25 stan kernel: acpi PNP0A08:00: Requesting ACPI _OSC control (0x1d)
oct. 06 20:46:25 stan kernel: acpi PNP0A08:00: ACPI _OSC control (0x1c) granted
oct. 06 20:46:25 stan kernel: PCI host bridge to bus 0000:00
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: root bus resource [bus 00-ff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: root bus resource [io 0x0d00-0xffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: root bus resource [mem 0x000d0000-0x000dffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: root bus resource [mem 0xc0000000-0xdfffffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: root bus resource [mem 0xf0000000-0xffffffff]
oct. 06 20:46:25 stan kernel: pci 0000:00:00.0: [8086:29c0] type 00 class 0x060000
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: [8086:29c1] type 01 class 0x060400
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: PME# supported from D0 D3hot D3cold
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1b.0: [8086:27d8] type 00 class 0x040300
oct. 06 20:46:25 stan kernel: pci 0000:00:1b.0: reg 0x10: [mem 0xf9ffc000-0xf9ffffff 64bit]
oct. 06 20:46:25 stan kernel: pci 0000:00:1b.0: PME# supported from D0 D3hot D3cold
oct. 06 20:46:25 stan kernel: pci 0000:00:1b.0: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: [8086:27d0] type 01 class 0x060400
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: PME# supported from D0 D3hot D3cold
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: [8086:27d2] type 01 class 0x060400
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: PME# supported from D0 D3hot D3cold
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.0: [8086:27c8] type 00 class 0x0c0300
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.0: reg 0x20: [io 0xc480-0xc49f]
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.0: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.1: [8086:27c9] type 00 class 0x0c0300
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.1: reg 0x20: [io 0xc800-0xc81f]
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.1: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.2: [8086:27ca] type 00 class 0x0c0300
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.2: reg 0x20: [io 0xc880-0xc89f]
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.2: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.3: [8086:27cb] type 00 class 0x0c0300
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.3: reg 0x20: [io 0xcc00-0xcc1f]
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.3: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.7: [8086:27cc] type 00 class 0x0c0320
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.7: reg 0x10: [mem 0xf9ffbc00-0xf9ffbfff]
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.7: PME# supported from D0 D3hot D3cold
oct. 06 20:46:25 stan kernel: pci 0000:00:1d.7: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: [8086:244e] type 01 class 0x060401
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: System wakeup disabled by ACPI
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.0: [8086:27b8] type 00 class 0x060100
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.0: Force enabled HPET at 0xfed00000
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.0: address space collision: [io 0x0800-0x087f] conflicts with ACPI CPU throttle [??? 0x00000810-0x00000815 flags 0x80000000]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.0: quirk: [io 0x0480-0x04bf] claimed by ICH6 GPIO
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.0: ICH7 LPC Generic IO decode 1 PIO at 0280 (mask 00ff)
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.0: ICH7 LPC Generic IO decode 2 PIO at 0300 (mask 003f)
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.1: [8086:27df] type 00 class 0x01018a
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.1: reg 0x10: [io 0x0000-0x0007]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.1: reg 0x14: [io 0x0000-0x0003]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.1: reg 0x18: [io 0x08f0-0x08f7]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.1: reg 0x1c: [io 0x08f8-0x08fb]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.1: reg 0x20: [io 0xffa0-0xffaf]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.2: [8086:27c0] type 00 class 0x01018f
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.2: reg 0x10: [io 0xc400-0xc407]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.2: reg 0x14: [io 0xc080-0xc083]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.2: reg 0x18: [io 0xc000-0xc007]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.2: reg 0x1c: [io 0xbc00-0xbc03]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.2: reg 0x20: [io 0xb880-0xb88f]
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.2: PME# supported from D3hot
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.3: [8086:27da] type 00 class 0x0c0500
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.3: reg 0x20: [io 0x0400-0x041f]
oct. 06 20:46:25 stan kernel: pci 0000:04:00.0: [10de:06e0] type 00 class 0x030000
oct. 06 20:46:25 stan kernel: pci 0000:04:00.0: reg 0x10: [mem 0xfd000000-0xfdffffff]
oct. 06 20:46:25 stan kernel: pci 0000:04:00.0: reg 0x14: [mem 0xd0000000-0xdfffffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:04:00.0: reg 0x1c: [mem 0xfa000000-0xfbffffff 64bit]
oct. 06 20:46:25 stan kernel: pci 0000:04:00.0: reg 0x24: [io 0xec00-0xec7f]
oct. 06 20:46:25 stan kernel: pci 0000:04:00.0: reg 0x30: [mem 0xfebe0000-0xfebfffff pref]
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: PCI bridge to [bus 04]
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: bridge window [io 0xe000-0xefff]
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: bridge window [mem 0xfa000000-0xfebfffff]
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: bridge window [mem 0xd0000000-0xdfffffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: PCI bridge to [bus 02]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: bridge window [mem 0xcff00000-0xcfffffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:01:00.0: [10ec:8168] type 00 class 0x020000
oct. 06 20:46:25 stan kernel: pci 0000:01:00.0: reg 0x10: [io 0xd800-0xd8ff]
oct. 06 20:46:25 stan kernel: pci 0000:01:00.0: reg 0x18: [mem 0xcfeff000-0xcfefffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:01:00.0: reg 0x20: [mem 0xcfef8000-0xcfefbfff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:01:00.0: supports D1 D2
oct. 06 20:46:25 stan kernel: pci 0000:01:00.0: PME# supported from D0 D1 D2 D3hot D3cold
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: PCI bridge to [bus 01]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: bridge window [io 0xd000-0xdfff]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: bridge window [mem 0xcfe00000-0xcfefffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: PCI bridge to [bus 03] (subtractive decode)
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: bridge window [io 0x0000-0x0cf7] (subtractive decode)
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: bridge window [io 0x0d00-0xffff] (subtractive decode)
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: bridge window [mem 0x000a0000-0x000bffff] (subtractive decode)
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: bridge window [mem 0x000d0000-0x000dffff] (subtractive decode)
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: bridge window [mem 0xc0000000-0xdfffffff] (subtractive decode)
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: bridge window [mem 0xf0000000-0xffffffff] (subtractive decode)
oct. 06 20:46:25 stan kernel: ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 6 7 10 *11 12 14 15)
oct. 06 20:46:25 stan kernel: ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 6 7 *10 11 12 14 15)
oct. 06 20:46:25 stan kernel: ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 6 7 *10 11 12 14 15)
oct. 06 20:46:25 stan kernel: ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 *5 6 7 10 11 12 14 15)
oct. 06 20:46:25 stan kernel: ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 6 7 10 11 12 14 15) *0, disabled.
oct. 06 20:46:25 stan kernel: ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 6 7 10 11 12 14 15) *0, disabled.
oct. 06 20:46:25 stan kernel: ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 6 7 10 11 12 14 15) *0, disabled.
oct. 06 20:46:25 stan kernel: ACPI: PCI Interrupt Link [LNKH] (IRQs *3 4 5 6 7 10 11 12 14 15)
oct. 06 20:46:25 stan kernel: ACPI: Enabled 2 GPEs in block 00 to 1F
oct. 06 20:46:25 stan kernel: ACPI: \_SB_.PCI0: notify handler is installed
oct. 06 20:46:25 stan kernel: Found 1 acpi root devices
oct. 06 20:46:25 stan kernel: vgaarb: device added: PCI:0000:04:00.0,decodes=io+mem,owns=io+mem,locks=none
oct. 06 20:46:25 stan kernel: vgaarb: loaded
oct. 06 20:46:25 stan kernel: vgaarb: bridge control possible 0000:04:00.0
oct. 06 20:46:25 stan kernel: PCI: Using ACPI for IRQ routing
oct. 06 20:46:25 stan kernel: PCI: pci_cache_line_size set to 64 bytes
oct. 06 20:46:25 stan kernel: e820: reserve RAM buffer [mem 0x0009f800-0x0009ffff]
oct. 06 20:46:25 stan kernel: e820: reserve RAM buffer [mem 0xbffb0000-0xbfffffff]
oct. 06 20:46:25 stan kernel: NetLabel: Initializing
oct. 06 20:46:25 stan kernel: NetLabel: domain hash size = 128
oct. 06 20:46:25 stan kernel: NetLabel: protocols = UNLABELED CIPSOv4
oct. 06 20:46:25 stan kernel: NetLabel: unlabeled traffic allowed by default
oct. 06 20:46:25 stan kernel: hpet clockevent registered
oct. 06 20:46:25 stan kernel: HPET: 3 timers in total, 0 timers will be used for per-cpu timer
oct. 06 20:46:25 stan kernel: hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
oct. 06 20:46:25 stan kernel: hpet0: 3 comparators, 64-bit 14.318180 MHz counter
oct. 06 20:46:25 stan kernel: Switched to clocksource hpet
oct. 06 20:46:25 stan kernel: pnp: PnP ACPI init
oct. 06 20:46:25 stan kernel: ACPI: bus type PNP registered
oct. 06 20:46:25 stan kernel: system 00:00: [mem 0xfed14000-0xfed19fff] has been reserved
oct. 06 20:46:25 stan kernel: system 00:00: Plug and Play ACPI device, IDs PNP0c01 (active)
oct. 06 20:46:25 stan kernel: pnp 00:01: [dma 4]
oct. 06 20:46:25 stan kernel: pnp 00:01: Plug and Play ACPI device, IDs PNP0200 (active)
oct. 06 20:46:25 stan kernel: pnp 00:02: Plug and Play ACPI device, IDs PNP0b00 (active)
oct. 06 20:46:25 stan kernel: pnp 00:03: Plug and Play ACPI device, IDs PNP0800 (active)
oct. 06 20:46:25 stan kernel: pnp 00:04: Plug and Play ACPI device, IDs PNP0c04 (active)
oct. 06 20:46:25 stan kernel: pnp 00:05: [dma 3]
oct. 06 20:46:25 stan kernel: pnp 00:05: Plug and Play ACPI device, IDs PNP0401 (active)
oct. 06 20:46:25 stan kernel: system 00:06: [io 0x04d0-0x04d1] has been reserved
oct. 06 20:46:25 stan kernel: system 00:06: [io 0x0800-0x087f] could not be reserved
oct. 06 20:46:25 stan kernel: system 00:06: [io 0x0480-0x04bf] has been reserved
oct. 06 20:46:25 stan kernel: system 00:06: [io 0x0900-0x090f] has been reserved
oct. 06 20:46:25 stan kernel: system 00:06: [mem 0xfed1c000-0xfed1ffff] has been reserved
oct. 06 20:46:25 stan kernel: system 00:06: [mem 0xfed20000-0xfed8ffff] has been reserved
oct. 06 20:46:25 stan kernel: system 00:06: Plug and Play ACPI device, IDs PNP0c02 (active)
oct. 06 20:46:25 stan kernel: pnp 00:07: Plug and Play ACPI device, IDs INT0800 (active)
oct. 06 20:46:25 stan kernel: system 00:08: [mem 0xffc00000-0xfff7ffff] has been reserved
oct. 06 20:46:25 stan kernel: system 00:08: Plug and Play ACPI device, IDs PNP0c02 (active)
oct. 06 20:46:25 stan kernel: system 00:09: [mem 0xfec00000-0xfec00fff] could not be reserved
oct. 06 20:46:25 stan kernel: system 00:09: [mem 0xfee00000-0xfee00fff] has been reserved
oct. 06 20:46:25 stan kernel: system 00:09: Plug and Play ACPI device, IDs PNP0c02 (active)
oct. 06 20:46:25 stan kernel: pnp 00:0a: Plug and Play ACPI device, IDs PNP0303 PNP030b (active)
oct. 06 20:46:25 stan kernel: pnp 00:0b: [dma 0 disabled]
oct. 06 20:46:25 stan kernel: pnp 00:0b: Plug and Play ACPI device, IDs PNP0501 (active)
oct. 06 20:46:25 stan kernel: system 00:0c: [io 0x0280-0x028f] has been reserved
oct. 06 20:46:25 stan kernel: system 00:0c: [io 0x0290-0x029f] has been reserved
oct. 06 20:46:25 stan kernel: system 00:0c: Plug and Play ACPI device, IDs PNP0c02 (active)
oct. 06 20:46:25 stan kernel: system 00:0d: [mem 0xe0000000-0xefffffff] has been reserved
oct. 06 20:46:25 stan kernel: system 00:0d: Plug and Play ACPI device, IDs PNP0c02 (active)
oct. 06 20:46:25 stan kernel: system 00:0e: [mem 0x00000000-0x0009ffff] could not be reserved
oct. 06 20:46:25 stan kernel: system 00:0e: [mem 0x000c0000-0x000cffff] could not be reserved
oct. 06 20:46:25 stan kernel: system 00:0e: [mem 0x000e0000-0x000fffff] could not be reserved
oct. 06 20:46:25 stan kernel: system 00:0e: [mem 0x00100000-0xbfffffff] could not be reserved
oct. 06 20:46:25 stan kernel: system 00:0e: Plug and Play ACPI device, IDs PNP0c01 (active)
oct. 06 20:46:25 stan kernel: pnp: PnP ACPI: found 15 devices
oct. 06 20:46:25 stan kernel: ACPI: bus type PNP unregistered
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: bridge window [io 0x1000-0x0fff] to [bus 02] add_size 1000
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: bridge window [mem 0x00100000-0x000fffff] to [bus 02] add_size 400000
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: bridge window [mem 0x00100000-0x000fffff] to [bus 01] add_size 400000
oct. 06 20:46:25 stan kernel: pci 0000:00:1f.0: BAR 13: [io 0x0800-0x087f] has bogus alignment
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: res[14]=[mem 0x00100000-0x000fffff] get_res_add_size add_size 400000
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: res[14]=[mem 0x00100000-0x000fffff] get_res_add_size add_size 400000
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: res[13]=[io 0x1000-0x0fff] get_res_add_size add_size 1000
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: BAR 14: assigned [mem 0xc0000000-0xc03fffff]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: BAR 14: assigned [mem 0xc0400000-0xc07fffff]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: BAR 13: assigned [io 0x1000-0x1fff]
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: PCI bridge to [bus 04]
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: bridge window [io 0xe000-0xefff]
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: bridge window [mem 0xfa000000-0xfebfffff]
oct. 06 20:46:25 stan kernel: pci 0000:00:01.0: bridge window [mem 0xd0000000-0xdfffffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: PCI bridge to [bus 02]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: bridge window [io 0x1000-0x1fff]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: bridge window [mem 0xc0000000-0xc03fffff]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: bridge window [mem 0xcff00000-0xcfffffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: PCI bridge to [bus 01]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: bridge window [io 0xd000-0xdfff]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: bridge window [mem 0xc0400000-0xc07fffff]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.1: bridge window [mem 0xcfe00000-0xcfefffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: PCI bridge to [bus 03]
oct. 06 20:46:25 stan kernel: pci 0000:00:1c.0: enabling device (0106 -> 0107)
oct. 06 20:46:25 stan kernel: pci 0000:00:1e.0: setting latency timer to 64
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: resource 5 [io 0x0d00-0xffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: resource 7 [mem 0x000d0000-0x000dffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: resource 8 [mem 0xc0000000-0xdfffffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:00: resource 9 [mem 0xf0000000-0xffffffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:04: resource 0 [io 0xe000-0xefff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:04: resource 1 [mem 0xfa000000-0xfebfffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:04: resource 2 [mem 0xd0000000-0xdfffffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci_bus 0000:02: resource 0 [io 0x1000-0x1fff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:02: resource 1 [mem 0xc0000000-0xc03fffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:02: resource 2 [mem 0xcff00000-0xcfffffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci_bus 0000:01: resource 0 [io 0xd000-0xdfff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:01: resource 1 [mem 0xc0400000-0xc07fffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:01: resource 2 [mem 0xcfe00000-0xcfefffff 64bit pref]
oct. 06 20:46:25 stan kernel: pci_bus 0000:03: resource 4 [io 0x0000-0x0cf7]
oct. 06 20:46:25 stan kernel: pci_bus 0000:03: resource 5 [io 0x0d00-0xffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:03: resource 6 [mem 0x000a0000-0x000bffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:03: resource 7 [mem 0x000d0000-0x000dffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:03: resource 8 [mem 0xc0000000-0xdfffffff]
oct. 06 20:46:25 stan kernel: pci_bus 0000:03: resource 9 [mem 0xf0000000-0xffffffff]
oct. 06 20:46:25 stan kernel: NET: Registered protocol family 2
oct. 06 20:46:25 stan kernel: TCP established hash table entries: 32768 (order: 7, 524288 bytes)
oct. 06 20:46:25 stan kernel: TCP bind hash table entries: 32768 (order: 7, 524288 bytes)
oct. 06 20:46:25 stan kernel: TCP: Hash tables configured (established 32768 bind 32768)
oct. 06 20:46:25 stan kernel: TCP: reno registered
oct. 06 20:46:25 stan kernel: UDP hash table entries: 2048 (order: 4, 65536 bytes)
oct. 06 20:46:25 stan kernel: UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes)
oct. 06 20:46:25 stan kernel: NET: Registered protocol family 1
oct. 06 20:46:25 stan kernel: pci 0000:04:00.0: Boot video device
oct. 06 20:46:25 stan kernel: PCI: CLS 32 bytes, default 64
oct. 06 20:46:25 stan kernel: Unpacking initramfs...
oct. 06 20:46:25 stan kernel: Freeing initrd memory: 5012K (ffff88007fb1a000 - ffff88007ffff000)
oct. 06 20:46:25 stan kernel: Scanning for low memory corruption every 60 seconds
oct. 06 20:46:25 stan kernel: audit: initializing netlink socket (disabled)
oct. 06 20:46:25 stan kernel: type=2000 audit(1381085178.279:1): initialized
oct. 06 20:46:25 stan kernel: HugeTLB registered 2 MB page size, pre-allocated 0 pages
oct. 06 20:46:25 stan kernel: zbud: loaded
oct. 06 20:46:25 stan kernel: VFS: Disk quotas dquot_6.5.2
oct. 06 20:46:25 stan kernel: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
oct. 06 20:46:25 stan kernel: msgmni has been set to 6022
oct. 06 20:46:25 stan kernel: Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
oct. 06 20:46:25 stan kernel: io scheduler noop registered
oct. 06 20:46:25 stan kernel: io scheduler deadline registered
oct. 06 20:46:25 stan kernel: io scheduler cfq registered (default)
oct. 06 20:46:25 stan kernel: pcieport 0000:00:01.0: irq 40 for MSI/MSI-X
oct. 06 20:46:25 stan kernel: pcieport 0000:00:1c.0: irq 41 for MSI/MSI-X
oct. 06 20:46:25 stan kernel: pcieport 0000:00:1c.1: irq 42 for MSI/MSI-X
oct. 06 20:46:25 stan kernel: pcieport 0000:00:01.0: Signaling PME through PCIe PME interrupt
oct. 06 20:46:25 stan kernel: pci 0000:04:00.0: Signaling PME through PCIe PME interrupt
oct. 06 20:46:25 stan kernel: pcie_pme 0000:00:01.0:pcie01: service driver pcie_pme loaded
oct. 06 20:46:25 stan kernel: pcieport 0000:00:1c.0: Signaling PME through PCIe PME interrupt
oct. 06 20:46:25 stan kernel: pcie_pme 0000:00:1c.0:pcie01: service driver pcie_pme loaded
oct. 06 20:46:25 stan kernel: pcieport 0000:00:1c.1: Signaling PME through PCIe PME interrupt
oct. 06 20:46:25 stan kernel: pci 0000:01:00.0: Signaling PME through PCIe PME interrupt
oct. 06 20:46:25 stan kernel: pcie_pme 0000:00:1c.1:pcie01: service driver pcie_pme loaded
oct. 06 20:46:25 stan kernel: pci_hotplug: PCI Hot Plug PCI Core version: 0.5
oct. 06 20:46:25 stan kernel: pciehp: PCI Express Hot Plug Controller Driver version: 0.4
oct. 06 20:46:25 stan kernel: intel_idle: does not run on family 6 model 15
oct. 06 20:46:25 stan kernel: GHES: HEST is not enabled!
oct. 06 20:46:25 stan kernel: Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
oct. 06 20:46:25 stan kernel: 00:0b: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
oct. 06 20:46:25 stan kernel: Linux agpgart interface v0.103
oct. 06 20:46:25 stan kernel: i8042: PNP: PS/2 Controller [PNP0303:PS2K] at 0x60,0x64 irq 1
oct. 06 20:46:25 stan kernel: i8042: PNP: PS/2 appears to have AUX port disabled, if this is incorrect please boot with i8042.nopnp
oct. 06 20:46:25 stan kernel: serio: i8042 KBD port at 0x60,0x64 irq 1
oct. 06 20:46:25 stan kernel: mousedev: PS/2 mouse device common for all mice
oct. 06 20:46:25 stan kernel: rtc_cmos 00:02: RTC can wake from S4
oct. 06 20:46:25 stan kernel: rtc_cmos 00:02: rtc core: registered rtc_cmos as rtc0
oct. 06 20:46:25 stan kernel: rtc_cmos 00:02: alarms up to one month, y3k, 114 bytes nvram, hpet irqs
oct. 06 20:46:25 stan kernel: cpuidle: using governor ladder
oct. 06 20:46:25 stan kernel: cpuidle: using governor menu
oct. 06 20:46:25 stan kernel: drop_monitor: Initializing network drop monitor service
oct. 06 20:46:25 stan kernel: TCP: cubic registered
oct. 06 20:46:25 stan kernel: NET: Registered protocol family 10
oct. 06 20:46:25 stan kernel: NET: Registered protocol family 17
oct. 06 20:46:25 stan kernel: Key type dns_resolver registered
oct. 06 20:46:25 stan kernel: PM: Hibernation image not present or could not be loaded.
oct. 06 20:46:25 stan kernel: registered taskstats version 1
oct. 06 20:46:25 stan kernel: Magic number: 1:620:796
oct. 06 20:46:25 stan kernel: rtc_cmos 00:02: setting system clock to 2013-10-06 18:46:18 UTC (1381085178)
oct. 06 20:46:25 stan kernel: Freeing unused kernel memory: 1140K (ffffffff818c8000 - ffffffff819e5000)
oct. 06 20:46:25 stan kernel: Write protecting the kernel read-only data: 8192k
oct. 06 20:46:25 stan kernel: Freeing unused kernel memory: 1088K (ffff8800014f0000 - ffff880001600000)
oct. 06 20:46:25 stan kernel: Freeing unused kernel memory: 352K (ffff8800017a8000 - ffff880001800000)
oct. 06 20:46:25 stan systemd-udevd[46]: starting version 208
oct. 06 20:46:25 stan kernel: input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
oct. 06 20:46:25 stan kernel: SCSI subsystem initialized
oct. 06 20:46:25 stan kernel: ACPI: bus type USB registered
oct. 06 20:46:25 stan kernel: usbcore: registered new interface driver usbfs
oct. 06 20:46:25 stan kernel: usbcore: registered new interface driver hub
oct. 06 20:46:25 stan kernel: ACPI: bus type ATA registered
oct. 06 20:46:25 stan kernel: usbcore: registered new device driver usb
oct. 06 20:46:25 stan kernel: ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
oct. 06 20:46:25 stan kernel: ehci-pci: EHCI PCI platform driver
oct. 06 20:46:25 stan kernel: ehci-pci 0000:00:1d.7: setting latency timer to 64
oct. 06 20:46:25 stan kernel: ehci-pci 0000:00:1d.7: EHCI Host Controller
oct. 06 20:46:25 stan kernel: ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 1
oct. 06 20:46:25 stan kernel: ehci-pci 0000:00:1d.7: debug port 1
oct. 06 20:46:25 stan kernel: libata version 3.00 loaded.
oct. 06 20:46:25 stan kernel: uhci_hcd: USB Universal Host Controller Interface driver
oct. 06 20:46:25 stan kernel: ehci-pci 0000:00:1d.7: cache line size of 32 is not supported
oct. 06 20:46:25 stan kernel: ehci-pci 0000:00:1d.7: irq 23, io mem 0xf9ffbc00
oct. 06 20:46:25 stan kernel: ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
oct. 06 20:46:25 stan kernel: hub 1-0:1.0: USB hub found
oct. 06 20:46:25 stan kernel: hub 1-0:1.0: 8 ports detected
oct. 06 20:46:25 stan kernel: ata_piix 0000:00:1f.1: version 2.13
oct. 06 20:46:25 stan kernel: ata_piix 0000:00:1f.1: setting latency timer to 64
oct. 06 20:46:25 stan kernel: scsi0 : ata_piix
oct. 06 20:46:25 stan kernel: scsi1 : ata_piix
oct. 06 20:46:25 stan kernel: ata1: PATA max UDMA/100 cmd 0x1f0 ctl 0x3f6 bmdma 0xffa0 irq 14
oct. 06 20:46:25 stan kernel: ata2: PATA max UDMA/100 cmd 0x170 ctl 0x376 bmdma 0xffa8 irq 15
oct. 06 20:46:25 stan kernel: ata_piix 0000:00:1f.2: MAP [
oct. 06 20:46:25 stan kernel: P0 P2 P1 P3 ]
oct. 06 20:46:25 stan kernel: ata_piix 0000:00:1f.2: setting latency timer to 64
oct. 06 20:46:25 stan kernel: scsi2 : ata_piix
oct. 06 20:46:25 stan kernel: scsi3 : ata_piix
oct. 06 20:46:25 stan kernel: ata3: SATA max UDMA/133 cmd 0xc400 ctl 0xc080 bmdma 0xb880 irq 19
oct. 06 20:46:25 stan kernel: ata4: SATA max UDMA/133 cmd 0xc000 ctl 0xbc00 bmdma 0xb888 irq 19
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.0: setting latency timer to 64
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.0: UHCI Host Controller
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 2
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.0: irq 23, io base 0x0000c480
oct. 06 20:46:25 stan kernel: hub 2-0:1.0: USB hub found
oct. 06 20:46:25 stan kernel: hub 2-0:1.0: 2 ports detected
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.1: setting latency timer to 64
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.1: UHCI Host Controller
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 3
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.1: irq 19, io base 0x0000c800
oct. 06 20:46:25 stan kernel: hub 3-0:1.0: USB hub found
oct. 06 20:46:25 stan kernel: hub 3-0:1.0: 2 ports detected
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.2: setting latency timer to 64
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.2: UHCI Host Controller
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 4
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000c880
oct. 06 20:46:25 stan kernel: hub 4-0:1.0: USB hub found
oct. 06 20:46:25 stan kernel: hub 4-0:1.0: 2 ports detected
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.3: setting latency timer to 64
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.3: UHCI Host Controller
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.3: new USB bus registered, assigned bus number 5
oct. 06 20:46:25 stan kernel: uhci_hcd 0000:00:1d.3: irq 16, io base 0x0000cc00
oct. 06 20:46:25 stan kernel: hub 5-0:1.0: USB hub found
oct. 06 20:46:25 stan kernel: hub 5-0:1.0: 2 ports detected
oct. 06 20:46:25 stan kernel: ata3.01: NODEV after polling detection
oct. 06 20:46:25 stan kernel: ata3.00: ATAPI: ATAPI DVD A DH16A6S, YA16, max UDMA/100
oct. 06 20:46:25 stan kernel: ata4.00: ATA-8: Hitachi HDP725016GLA380, GMBOA52A, max UDMA/133
oct. 06 20:46:25 stan kernel: ata4.00: 312581808 sectors, multi 16: LBA48 NCQ (depth 0/32)
oct. 06 20:46:25 stan kernel: ata3.00: configured for UDMA/100
oct. 06 20:46:25 stan kernel: ata4.00: configured for UDMA/133
oct. 06 20:46:25 stan kernel: ata1.01: ATA-6: ST3120022A, 3.06, max UDMA/100
oct. 06 20:46:25 stan kernel: ata1.01: 234441648 sectors, multi 0: LBA48
oct. 06 20:46:25 stan kernel: ata1.01: limited to UDMA/33 due to 40-wire cable
oct. 06 20:46:25 stan kernel: ata1.01: configured for UDMA/33
oct. 06 20:46:25 stan kernel: scsi 0:0:1:0: Direct-Access ATA ST3120022A 3.06 PQ: 0 ANSI: 5
oct. 06 20:46:25 stan kernel: sd 0:0:1:0: [sda] 234441648 512-byte logical blocks: (120 GB/111 GiB)
oct. 06 20:46:25 stan kernel: sd 0:0:1:0: [sda] Write Protect is off
oct. 06 20:46:25 stan kernel: sd 0:0:1:0: [sda] Mode Sense: 00 3a 00 00
oct. 06 20:46:25 stan kernel: sd 0:0:1:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
oct. 06 20:46:25 stan kernel: scsi 2:0:0:0: CD-ROM ATAPI DVD A DH16A6S YA16 PQ: 0 ANSI: 5
oct. 06 20:46:25 stan kernel: scsi 3:0:0:0: Direct-Access ATA Hitachi HDP72501 GMBO PQ: 0 ANSI: 5
oct. 06 20:46:25 stan kernel: sd 3:0:0:0: [sdb] 312581808 512-byte logical blocks: (160 GB/149 GiB)
oct. 06 20:46:25 stan kernel: sd 3:0:0:0: [sdb] Write Protect is off
oct. 06 20:46:25 stan kernel: sd 3:0:0:0: [sdb] Mode Sense: 00 3a 00 00
oct. 06 20:46:25 stan kernel: sd 3:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
oct. 06 20:46:25 stan kernel: sr0: scsi3-mmc drive: 48x/12x writer dvd-ram cd/rw xa/form2 cdda tray
oct. 06 20:46:25 stan kernel: cdrom: Uniform CD-ROM driver Revision: 3.20
oct. 06 20:46:25 stan kernel: sr 2:0:0:0: Attached scsi CD-ROM sr0
oct. 06 20:46:25 stan kernel: sdb: sdb1 sdb2
oct. 06 20:46:25 stan kernel: sd 3:0:0:0: [sdb] Attached SCSI disk
oct. 06 20:46:25 stan kernel: sda: sda1
oct. 06 20:46:25 stan kernel: sd 0:0:1:0: [sda] Attached SCSI disk
oct. 06 20:46:25 stan kernel: device-mapper: uevent: version 1.0.3
oct. 06 20:46:25 stan kernel: device-mapper: ioctl: 4.25.0-ioctl (2013-06-26) initialised: [email protected]
oct. 06 20:46:25 stan kernel: usb 2-2: new low-speed USB device number 2 using uhci_hcd
oct. 06 20:46:25 stan kernel: hidraw: raw HID events driver (C) Jiri Kosina
oct. 06 20:46:25 stan kernel: usbcore: registered new interface driver usbhid
oct. 06 20:46:25 stan kernel: usbhid: USB HID core driver
oct. 06 20:46:25 stan kernel: input: USB Optical Mouse USB Optical Mouse as /devices/pci0000:00/0000:00:1d.0/usb2/2-2/2-2:1.0/input/input1
oct. 06 20:46:25 stan kernel: a4tech 0003:09DA:0006.0001: input,hidraw0: USB HID v1.10 Mouse [USB Optical Mouse USB Optical Mouse] on usb-0000:00:1d.0-2/input0
oct. 06 20:46:25 stan kernel: tsc: Refined TSC clocksource calibration: 2193.925 MHz
oct. 06 20:46:25 stan kernel: Switched to clocksource tsc
oct. 06 20:46:25 stan kernel: sha256_ssse3: Using SSSE3 optimized SHA-256 implementation
oct. 06 20:46:25 stan kernel: bio: create slab <bio-1> at 1
oct. 06 20:46:25 stan kernel: bio: create slab <bio-1> at 1
oct. 06 20:46:25 stan kernel: EXT4-fs (dm-1): mounted filesystem with ordered data mode. Opts: (null)
oct. 06 20:46:25 stan systemd[1]: systemd 208 running in system mode. (+PAM -LIBWRAP -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
oct. 06 20:46:25 stan systemd[1]: Set hostname to <stan>.
oct. 06 20:46:25 stan systemd[1]: Starting Forward Password Requests to Wall Directory Watch.
oct. 06 20:46:25 stan systemd[1]: Started Forward Password Requests to Wall Directory Watch.
oct. 06 20:46:25 stan systemd[1]: Expecting device sys-subsystem-net-devices-enp1s0.device...
oct. 06 20:46:25 stan systemd[1]: Starting Remote File Systems.
oct. 06 20:46:25 stan systemd[1]: Reached target Remote File Systems.
oct. 06 20:46:25 stan systemd[1]: Starting Delayed Shutdown Socket.
oct. 06 20:46:25 stan systemd[1]: Listening on Delayed Shutdown Socket.
oct. 06 20:46:25 stan systemd[1]: Starting /dev/initctl Compatibility Named Pipe.
oct. 06 20:46:25 stan systemd[1]: Listening on /dev/initctl Compatibility Named Pipe.
oct. 06 20:46:25 stan systemd[1]: Starting Device-mapper event daemon FIFOs.
oct. 06 20:46:25 stan systemd[1]: Listening on Device-mapper event daemon FIFOs.
oct. 06 20:46:25 stan systemd[1]: Starting LVM2 metadata daemon socket.
oct. 06 20:46:25 stan systemd[1]: Listening on LVM2 metadata daemon socket.
oct. 06 20:46:25 stan systemd[1]: Starting Dispatch Password Requests to Console Directory Watch.
oct. 06 20:46:25 stan systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
oct. 06 20:46:25 stan systemd[1]: Starting Paths.
oct. 06 20:46:25 stan systemd[1]: Reached target Paths.
oct. 06 20:46:25 stan systemd[1]: Starting Journal Socket.
oct. 06 20:46:25 stan systemd[1]: Listening on Journal Socket.
oct. 06 20:46:25 stan systemd[1]: Mounting POSIX Message Queue File System...
oct. 06 20:46:25 stan systemd[1]: Starting Setup Virtual Console...
oct. 06 20:46:25 stan systemd[1]: Starting Journal Service...
oct. 06 20:46:25 stan systemd[1]: Started Journal Service.
oct. 06 20:46:25 stan systemd-journal[177]: Journal started
oct. 06 20:46:25 stan systemd[1]: Starting Arbitrary Executable File Formats File System Automount Point.
oct. 06 20:46:25 stan systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
oct. 06 20:46:25 stan systemd[1]: Starting Apply Kernel Variables...
oct. 06 20:46:25 stan systemd[1]: Mounting Huge Pages File System...
oct. 06 20:46:25 stan systemd[1]: Starting udev Kernel Socket.
oct. 06 20:46:25 stan systemd[1]: Listening on udev Kernel Socket.
oct. 06 20:46:25 stan systemd[1]: Starting udev Control Socket.
oct. 06 20:46:25 stan systemd[1]: Listening on udev Control Socket.
oct. 06 20:46:25 stan systemd[1]: Starting udev Coldplug all Devices...
oct. 06 20:46:25 stan systemd[1]: Mounting Debug File System...
oct. 06 20:46:25 stan systemd[1]: Started Load Kernel Modules.
oct. 06 20:46:25 stan systemd[1]: Mounted FUSE Control File System.
oct. 06 20:46:25 stan systemd[1]: Starting Create list of required static device nodes for the current kernel...
oct. 06 20:46:25 stan systemd[1]: Starting Encrypted Volumes.
oct. 06 20:46:25 stan systemd[1]: Reached target Encrypted Volumes.
oct. 06 20:46:25 stan systemd[1]: Mounting Configuration File System...
oct. 06 20:46:25 stan systemd[1]: Started Set Up Additional Binary Formats.
oct. 06 20:46:25 stan systemd[1]: Expecting device dev-disk-by\x2duuid-895cfe76\x2d97d7\x2d4e2d\x2d8433\x2d267fe59df5a5.device...
oct. 06 20:46:25 stan systemd[1]: Mounting Temporary Directory...
oct. 06 20:46:25 stan systemd[1]: Starting File System Check on Root Device...
oct. 06 20:46:25 stan systemd[1]: Expecting device dev-disk-by\x2duuid-ad0bf6d6\x2d6faf\x2d448a\x2d88fd\x2d8589f635e86b.device...
oct. 06 20:46:25 stan systemd[1]: Starting Root Slice.
oct. 06 20:46:25 stan systemd[1]: Created slice Root Slice.
oct. 06 20:46:25 stan systemd[1]: Starting User and Session Slice.
oct. 06 20:46:25 stan systemd[1]: Created slice User and Session Slice.
oct. 06 20:46:25 stan systemd[1]: Starting System Slice.
oct. 06 20:46:25 stan systemd[1]: Created slice System Slice.
oct. 06 20:46:25 stan systemd[1]: Starting system-dhcpcd.slice.
oct. 06 20:46:25 stan systemd[1]: Created slice system-dhcpcd.slice.
oct. 06 20:46:25 stan systemd[1]: Starting system-getty.slice.
oct. 06 20:46:25 stan systemd[1]: Created slice system-getty.slice.
oct. 06 20:46:25 stan systemd[1]: Starting Slices.
oct. 06 20:46:25 stan systemd[1]: Reached target Slices.
oct. 06 20:46:25 stan systemd[1]: Expecting device dev-disk-by\x2duuid-64f23708\x2de717\x2d4399\x2da654\x2dc785dffab70b.device...
oct. 06 20:46:25 stan systemd[1]: Mounted POSIX Message Queue File System.
oct. 06 20:46:25 stan systemd[1]: Started Apply Kernel Variables.
oct. 06 20:46:25 stan systemd[1]: Mounted Huge Pages File System.
oct. 06 20:46:25 stan systemd[1]: Mounted Debug File System.
oct. 06 20:46:25 stan systemd[1]: Mounted Configuration File System.
oct. 06 20:46:25 stan systemd[1]: Mounted Temporary Directory.
oct. 06 20:46:26 stan systemd[1]: Started udev Coldplug all Devices.
oct. 06 20:46:26 stan systemd[1]: Started Create list of required static device nodes for the current kernel.
oct. 06 20:46:26 stan systemd[1]: Starting Create static device nodes in /dev...
oct. 06 20:46:26 stan systemd-fsck[193]: [74B blob data]
oct. 06 20:46:26 stan systemd[1]: Started Setup Virtual Console.
oct. 06 20:46:26 stan systemd[1]: Started File System Check on Root Device.
oct. 06 20:46:26 stan systemd[1]: Starting Remount Root and Kernel File Systems...
oct. 06 20:46:26 stan systemd[1]: Started Create static device nodes in /dev.
oct. 06 20:46:26 stan systemd[1]: Starting udev Kernel Device Manager...
oct. 06 20:46:26 stan systemd[1]: Started udev Kernel Device Manager.
oct. 06 20:46:26 stan systemd-udevd[205]: starting version 208
oct. 06 20:46:26 stan systemd[1]: Started Remount Root and Kernel File Systems.
oct. 06 20:46:26 stan systemd[1]: Starting Load/Save Random Seed...
oct. 06 20:46:26 stan systemd[1]: Starting Local File Systems (Pre).
oct. 06 20:46:26 stan systemd[1]: Reached target Local File Systems (Pre).
oct. 06 20:46:26 stan kernel: EXT4-fs (dm-1): re-mounted. Opts: data=ordered
oct. 06 20:46:26 stan systemd[1]: Started Load/Save Random Seed.
oct. 06 20:46:26 stan kernel: input: Power Button as /devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input2
oct. 06 20:46:26 stan kernel: ACPI: Power Button [PWRB]
oct. 06 20:46:26 stan kernel: input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input3
oct. 06 20:46:26 stan kernel: ACPI: Power Button [PWRF]
oct. 06 20:46:26 stan kernel: snd_hda_intel 0000:00:1b.0: irq 43 for MSI/MSI-X
oct. 06 20:46:26 stan kernel: parport_pc 00:05: reported by Plug and Play ACPI
oct. 06 20:46:26 stan kernel: parport0: PC-style at 0x378 (0x778), irq 7 [PCSPP,TRISTATE]
oct. 06 20:46:26 stan kernel: ACPI: Requesting acpi_cpufreq
oct. 06 20:46:27 stan kernel: intel_rng: FWH not detected
oct. 06 20:46:27 stan kernel: input: HDA Intel Line Out as /devices/pci0000:00/0000:00:1b.0/sound/card0/input4
oct. 06 20:46:27 stan kernel: input: HDA Intel Line as /devices/pci0000:00/0000:00:1b.0/sound/card0/input5
oct. 06 20:46:27 stan kernel: input: HDA Intel Rear Mic as /devices/pci0000:00/0000:00:1b.0/sound/card0/input6
oct. 06 20:46:27 stan kernel: shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
oct. 06 20:46:27 stan kernel: ACPI Warning: 0x0000000000000828-0x000000000000082f SystemIO conflicts with Region \PMRG 1 (20130517/utaddress-251)
oct. 06 20:46:27 stan kernel: ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
oct. 06 20:46:27 stan kernel: ACPI Warning: 0x0000000000000480-0x00000000000004af SystemIO conflicts with Region \GPR2 1 (20130517/utaddress-251)
oct. 06 20:46:27 stan kernel: ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
oct. 06 20:46:27 stan kernel: lpc_ich: Resource conflict(s) found affecting gpio_ich
oct. 06 20:46:27 stan kernel: i801_smbus 0000:00:1f.3: SMBus using PCI Interrupt
oct. 06 20:46:27 stan kernel: leds_ss4200: no LED devices found
oct. 06 20:46:27 stan kernel: microcode: CPU0 sig=0x6fd, pf=0x1, revision=0xa3
oct. 06 20:46:27 stan kernel: input: PC Speaker as /devices/platform/pcspkr/input/input7
oct. 06 20:46:27 stan kernel: ppdev: user-space parallel port driver
oct. 06 20:46:27 stan systemd[1]: Starting Sound Card.
oct. 06 20:46:27 stan systemd[1]: Reached target Sound Card.
oct. 06 20:46:27 stan kernel: iTCO_vendor_support: vendor-support=0
oct. 06 20:46:27 stan kernel: iTCO_wdt: Intel TCO WatchDog Timer Driver v1.10
oct. 06 20:46:27 stan kernel: iTCO_wdt: Found a ICH7 or ICH7R TCO device (Version=2, TCOBASE=0x0860)
oct. 06 20:46:27 stan kernel: iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)
oct. 06 20:46:27 stan kernel: microcode: CPU1 sig=0x6fd, pf=0x1, revision=0xa3
oct. 06 20:46:27 stan kernel: microcode: Microcode Update Driver: v2.00 <[email protected]>, Peter Oruba
oct. 06 20:46:27 stan kernel: coretemp coretemp.0: Using relative temperature scale!
oct. 06 20:46:27 stan kernel: coretemp coretemp.0: Using relative temperature scale!
oct. 06 20:46:27 stan kernel: [drm] Initialized drm 1.1.0 20060810
oct. 06 20:46:27 stan kernel: wmi: Mapper loaded
oct. 06 20:46:27 stan kernel: nouveau [ DEVICE][0000:04:00.0] BOOT0 : 0x298000a2
oct. 06 20:46:27 stan kernel: nouveau [ DEVICE][0000:04:00.0] Chipset: G98 (NV98)
oct. 06 20:46:27 stan kernel: nouveau [ DEVICE][0000:04:00.0] Family : NV50
oct. 06 20:46:27 stan kernel: nouveau [ VBIOS][0000:04:00.0] checking PRAMIN for image...
oct. 06 20:46:27 stan kernel: nouveau [ VBIOS][0000:04:00.0] ... appears to be valid
oct. 06 20:46:27 stan kernel: nouveau [ VBIOS][0000:04:00.0] using image from PRAMIN
oct. 06 20:46:27 stan kernel: nouveau [ VBIOS][0000:04:00.0] BIT signature found
oct. 06 20:46:27 stan kernel: nouveau [ VBIOS][0000:04:00.0] version 62.98.29.00.35
oct. 06 20:46:27 stan kernel: nouveau [ PFB][0000:04:00.0] RAM type: DDR2
oct. 06 20:46:27 stan kernel: nouveau [ PFB][0000:04:00.0] RAM size: 256 MiB
oct. 06 20:46:27 stan kernel: nouveau [ PFB][0000:04:00.0] ZCOMP: 960 tags
oct. 06 20:46:27 stan kernel: nouveau [ PTHERM][0000:04:00.0] FAN control: none / external
oct. 06 20:46:27 stan kernel: nouveau [ PTHERM][0000:04:00.0] fan management: disabled
oct. 06 20:46:27 stan kernel: nouveau [ PTHERM][0000:04:00.0] internal sensor: yes
oct. 06 20:46:27 stan kernel: [TTM] Zone kernel: Available graphics memory: 1543090 kiB
oct. 06 20:46:27 stan kernel: [TTM] Initializing pool allocator
oct. 06 20:46:27 stan kernel: [TTM] Initializing DMA pool allocator
oct. 06 20:46:27 stan kernel: nouveau [ DRM] VRAM: 256 MiB
oct. 06 20:46:27 stan kernel: nouveau [ DRM] GART: 1048576 MiB
oct. 06 20:46:27 stan kernel: nouveau [ DRM] TMDS table version 2.0
oct. 06 20:46:27 stan kernel: nouveau [ DRM] DCB version 4.0
oct. 06 20:46:27 stan kernel: nouveau [ DRM] DCB outp 00: 04000310 00000028
oct. 06 20:46:27 stan kernel: nouveau [ DRM] DCB outp 01: 01011302 00000030
oct. 06 20:46:27 stan kernel: nouveau [ DRM] DCB outp 02: 02011300 00000028
oct. 06 20:46:27 stan kernel: nouveau [ DRM] DCB outp 03: 02022322 00020010
oct. 06 20:46:27 stan kernel: nouveau [ DRM] DCB conn 00: 00000000
oct. 06 20:46:27 stan kernel: nouveau [ DRM] DCB conn 01: 00001130
oct. 06 20:46:27 stan kernel: nouveau [ DRM] DCB conn 02: 00002261
oct. 06 20:46:27 stan kernel: [drm] Supports vblank timestamp caching Rev 1 (10.10.2010).
oct. 06 20:46:27 stan kernel: [drm] No driver support for vblank timestamp query.
oct. 06 20:46:27 stan kernel: nouveau [ DRM] 1 available performance level(s)
oct. 06 20:46:27 stan kernel: nouveau [ DRM] 3: core 540MHz shader 1300MHz memory 510MHz fanspeed 100%
oct. 06 20:46:27 stan kernel: nouveau [ DRM] c: core 540MHz shader 1300MHz memory 499MHz
oct. 06 20:46:27 stan kernel: nouveau [ DRM] MM: using M2MF for buffer copies
oct. 06 20:46:27 stan kernel: gpio_ich: GPIO from 206 to 255 on gpio_ich
oct. 06 20:46:27 stan kernel: nouveau [ DRM] allocated 1360x768 fb: 0x60000, bo ffff8800bb3fb400
oct. 06 20:46:27 stan kernel: fbcon: nouveaufb (fb0) is primary device
oct. 06 20:46:28 stan kernel: r8169 Gigabit Ethernet driver 2.3LK-NAPI loaded
oct. 06 20:46:28 stan kernel: r8169 0000:01:00.0: irq 44 for MSI/MSI-X
oct. 06 20:46:28 stan kernel: r8169 0000:01:00.0 eth0: RTL8168d/8111d at 0xffffc90011d26000, XID 081000c0 IRQ 44
oct. 06 20:46:28 stan kernel: r8169 0000:01:00.0 eth0: jumbo features [frames: 9200 bytes, tx checksumming: ko]
oct. 06 20:46:28 stan kernel: Console: switching to colour frame buffer device 170x48
oct. 06 20:46:28 stan kernel: nouveau 0000:04:00.0: fb0: nouveaufb frame buffer device
oct. 06 20:46:28 stan kernel: nouveau 0000:04:00.0: registered panic notifier
oct. 06 20:46:28 stan kernel: [drm] Initialized nouveau 1.1.1 20120801 for 0000:04:00.0 on minor 0
oct. 06 20:46:28 stan systemd[1]: Starting LVM2 metadata daemon...
oct. 06 20:46:28 stan systemd[1]: Started LVM2 metadata daemon.
oct. 06 20:46:28 stan systemd[1]: Found device /dev/disk/by-uuid/895cfe76-97d7-4e2d-8433-267fe59df5a5.
oct. 06 20:46:28 stan systemd[1]: Activating swap /dev/disk/by-uuid/895cfe76-97d7-4e2d-8433-267fe59df5a5...
oct. 06 20:46:28 stan swapon[238]: [137B blob data]
oct. 06 20:46:28 stan systemd[1]: Found device Motherboard (one of many).
oct. 06 20:46:28 stan systemd-udevd[211]: renamed network interface eth0 to enp1s0
oct. 06 20:46:28 stan systemd[1]: Found device Hitachi_HDP725016GLA380.
oct. 06 20:46:28 stan systemd[1]: Starting File System Check on /dev/disk/by-uuid/64f23708-e717-4399-a654-c785dffab70b...
oct. 06 20:46:28 stan systemd[1]: Activated swap /dev/disk/by-uuid/895cfe76-97d7-4e2d-8433-267fe59df5a5.
oct. 06 20:46:28 stan systemd[1]: Starting Swap.
oct. 06 20:46:28 stan systemd[1]: Reached target Swap.
oct. 06 20:46:28 stan kernel: Adding 3145724k swap on /dev/mapper/cr-swap. Priority:-1 extents:1 across:3145724k FS
oct. 06 20:46:28 stan systemd-fsck[241]: [38B blob data]
oct. 06 20:46:29 stan systemd[1]: Found device /dev/disk/by-uuid/ad0bf6d6-6faf-448a-88fd-8589f635e86b.
oct. 06 20:46:29 stan systemd[1]: Starting File System Check on /dev/disk/by-uuid/ad0bf6d6-6faf-448a-88fd-8589f635e86b...
oct. 06 20:46:29 stan systemd-fsck[245]: [48B blob data]
oct. 06 20:46:29 stan systemd-fsck[241]: [57B blob data]
oct. 06 20:46:29 stan systemd[1]: Started File System Check on /dev/disk/by-uuid/64f23708-e717-4399-a654-c785dffab70b.
oct. 06 20:46:29 stan systemd[1]: Mounting /boot...
oct. 06 20:46:30 stan systemd[1]: Mounted /boot.
oct. 06 20:46:30 stan kernel: EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: data=ordered
oct. 06 20:46:30 stan systemd-fsck[245]: /dev/mapper/cr-home: Lors de l'effacement de l'i-noeud orphelin 1572908 (uid=1000, gid=100, mode=0100755, taille=1079)
oct. 06 20:46:30 stan systemd-fsck[245]: [75B blob data]
oct. 06 20:46:31 stan systemd[1]: Started File System Check on /dev/disk/by-uuid/ad0bf6d6-6faf-448a-88fd-8589f635e86b.
oct. 06 20:46:31 stan systemd[1]: Mounting /home...
oct. 06 20:46:31 stan systemd[1]: Mounted /home.
oct. 06 20:46:31 stan systemd[1]: Starting Local File Systems.
oct. 06 20:46:31 stan systemd[1]: Reached target Local File Systems.
oct. 06 20:46:31 stan systemd[1]: Starting Recreate Volatile Files and Directories...
oct. 06 20:46:31 stan kernel: EXT4-fs (dm-2): mounted filesystem with ordered data mode. Opts: data=ordered
oct. 06 20:46:31 stan systemd[1]: Starting Trigger Flushing of Journal to Persistent Storage...
oct. 06 20:46:31 stan systemd[1]: Started Recreate Volatile Files and Directories.
oct. 06 20:46:31 stan systemd[1]: Starting Update UTMP about System Reboot/Shutdown...
oct. 06 20:46:31 stan systemd[1]: Started Update UTMP about System Reboot/Shutdown.
oct. 06 20:46:31 stan systemd[1]: Starting System Initialization.
oct. 06 20:46:31 stan systemd[1]: Reached target System Initialization.
oct. 06 20:46:31 stan systemd[1]: Starting ACPID Listen Socket.
oct. 06 20:46:31 stan systemd[1]: Listening on ACPID Listen Socket.
oct. 06 20:46:31 stan systemd[1]: Starting D-Bus System Message Bus Socket.
oct. 06 20:46:31 stan systemd[1]: Listening on D-Bus System Message Bus Socket.
oct. 06 20:46:31 stan systemd[1]: Starting Sockets.
oct. 06 20:46:31 stan systemd[1]: Reached target Sockets.
oct. 06 20:46:31 stan systemd[1]: Starting Daily Cleanup of Temporary Directories.
oct. 06 20:46:31 stan systemd[1]: Started Daily Cleanup of Temporary Directories.
oct. 06 20:46:31 stan systemd[1]: Starting Timers.
oct. 06 20:46:31 stan systemd[1]: Reached target Timers.
oct. 06 20:46:31 stan systemd[1]: Started Manage Sound Card State (restore and store).
oct. 06 20:46:31 stan systemd[1]: Starting Restore Sound Card State...
oct. 06 20:46:31 stan systemd[1]: Starting Basic System.
oct. 06 20:46:31 stan systemd[1]: Reached target Basic System.
oct. 06 20:46:31 stan systemd[1]: Starting dhcpcd on enp1s0...
oct. 06 20:46:31 stan systemd[1]: Started SSH Key Generation.
oct. 06 20:46:31 stan systemd[1]: Starting Login Service...
oct. 06 20:46:31 stan systemd[1]: Starting ACPI event daemon...
oct. 06 20:46:31 stan systemd[1]: Started ACPI event daemon.
oct. 06 20:46:31 stan systemd[1]: Starting D-Bus System Message Bus...
oct. 06 20:46:31 stan systemd[1]: Started D-Bus System Message Bus.
oct. 06 20:46:31 stan systemd[1]: Started Restore Sound Card State.
oct. 06 20:46:32 stan systemd-journal[177]: Permanent journal is using 324.2M (max 1.4G, leaving 2.1G of free 11.9G, current limit 1.4G).
oct. 06 20:46:31 stan acpid[272]: starting up with netlink and the input layer
oct. 06 20:46:31 stan acpid[272]: 1 rule loaded
oct. 06 20:46:31 stan acpid[272]: waiting for events: event logging is off
oct. 06 20:46:31 stan dhcpcd[269]: version 6.0.5 starting
oct. 06 20:46:33 stan dhcpcd[269]: enp1s0: waiting for carrier
oct. 06 20:46:33 stan dhcpcd[269]: enp1s0: carrier acquired
oct. 06 20:46:33 stan dhcpcd[269]: enp1s0: soliciting an IPv6 router
oct. 06 20:46:33 stan dhcpcd[269]: enp1s0: rebinding lease of 192.168.0.12
oct. 06 20:46:31 stan systemd[1]: Started Trigger Flushing of Journal to Persistent Storage.
oct. 06 20:46:31 stan systemd[1]: Starting Permit User Sessions...
oct. 06 20:46:31 stan systemd[1]: Started Permit User Sessions.
oct. 06 20:46:31 stan systemd[1]:

System Encryption with LUKS

I'm trying to encrypt my /root partition, however I keep getting an odd error message and I can't seem to figure out why. I'll enter:
# cryptsetup -c aes-plain -y -s 256 luksFormat /dev/sda2
And I'll get a message telling me:
Command failed: Failed to setup dm-crypt key mapping.
Check kernal for support for the aes-plain cipher spec and verify that /dev/sda2 contains at least 258 sectors
Kernal version is 2.6.30. Anyone know how to fix this?

modprobe dm-mod
https://wiki.archlinux.org/index.php/Sy … nd_mapping

System encryption

These days im trying to figure out a way to encrypt my system. To be true i prefer to encrypt the whole system. So i tried to find the ways.
Till now 2 ways found interested
1) LUKS and dm-crypt
and
2) to run my linux in a VM and encrypt that VM. Searched in google and found openVZ (runing in CentOS). But i don't know if it is working with arch linux. (does anyone know?)
I think that the second solution is more secure.
If anyone has an idea on this method (2nd) his idea is welcomed.
Thank you.

hunterthomson wrote:
Cygnet_Committee wrote:Not to hijack this thread or anything, but I just did a fresh install using LVM on LUKS like on the wiki and I did not encrypt my /dev/sdaX boot partition... should I have?
No, you can not encrypt your /boot partition.
GRUB, nor any other Linux boot loader I know of, can decrypt anything. So, everything in /boot can not be encrypted. That is why I put /boot on a USB stick. I also installed GRUB on the USB stick. Then I added the "noauto" mount flag to the /boot line in /etc/fstab This way you can pull out the USB stick after boot up and you are at the Log-In screen. The idea is that the USB stick can be on your keychain all the time, so you know it is secure.
The best way to go if you have an Optical drive is to create a GRUB boot CD :-D
https://bbs.archlinux.org/viewtopic.php?id=144100
NOTE: I never did get around to writing a wiki page for it....
Thanks, I'll give the usb boot a try one of these days.

Encrypt $HOME on SSD (eCryptfs vs. LUKS)

Hi,
I'm planning to upgrade my system with a SSD in a few weeks and I'm thinking about the best way (for me) how to encrypt it.
As far as the Wiki says, TRIM is still not supported by device-mapper (Any updates on that? Couldn't find more up to date information about it).
So I'm thinking about using ecryptfs instead of dm-crypt. Since it seems to encrypt each file individually, TRIM should be working with it - is this correct?
As a downside, everyone would be able to retrieve the number of files existing in my $HOME and their size. Is there any other downside i havn't considered?
Let me know what you think, thank you in advance
VR

a slightly OT question: how do you mount all partitions the best way on a ssd-only laptop anyway?
Can you trim (discard) swap space? If you leave /boot on extra ext2 partition, does is just not matter if you trim that portion?
If dev-mapper supports trim at one point, who is trimming then? The filesystem (btrfs,ext4) or dev-mapper? Would dev-mapper trim a partition if then formated with i.E. reiserfs?
Last edited by satchmosgroove (2011-03-11 19:24:01)

File System Encryption

Hi, I was wondering if anyone has encrypted an entire filesystem (on Solaris or Linux) and if so, what tools you used to do it? Thanks in advance for any input you may provide.

Hi,
The forum supports .Net Framework Setup. Your issue isn't related to the forum.
I suggest you post your issue to the asp.net forum.
I will move the thread to off-topic forum. Thanks for your understanding.
Regards.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Best way to securely backup LVM on LUKS encrypted system

I'm upgrading harddisks and would like to backup my system to external storage and restore it on the new disk
This is the high level plan:
1. use ecryptfs to create an encrypted directory on a mounted external stroage device
2. mount ecryptfs directory
3. use rsync to make a backup into the ecryptfs directory
4. swap harddisks
5. use an arch live usb to encrypt and partition new disk (LVM on LUKS)
6. mount external storage and mount encrypted ecryptfs on the storage
7. restore system with rsync
Is this the way to do it?
After reading a little on ecryptfs, it seems like the passphrase and keys I create work only for the current kernel using ecryptfs (adds to the kernel key ring). So my understanding is that if I try to decrypt and mount the ecryptfs using a live arch usb, I won't be able to.
Any clarification of the process would be of great help! Thank you

clfarron4 wrote:Any particular reason you're planning to use eCryptfs for the backup and LUKS for the actual system when you could use LUKS for both?
No particular reason for ecryptfs. I believe my two options are ecryptfs and encfs as described in the disk encryption comparison table: https://wiki.archlinux.org/index.php/Di … ison_table
clfarron4 wrote:
trillian wrote:After reading a little on ecryptfs, it seems like the passphrase and keys I create work only for the current kernel using ecryptfs (adds to the kernel key ring). So my understanding is that if I try to decrypt and mount the ecryptfs using a live arch usb, I won't be able to.
I'm not sure whether this is how it works. Could you show us the documentation which led you to this conclusion please?
I'm also not very familiar with keyrings and how the kernel manages it, or whether it's possible to do what I want with ecryptfs.
http://manpages.ubuntu.com/manpages/uto … ase.1.html

System hangs mounting encrypted lvm, doesn't wait for password

I have a system with two hard drives, each that has a separate encrypted lvm. The drive with my / parition mounts fine, using the grub command line cryptdevice paramater.
But the second encrypted partition on the second hard drive, defined in crypttab, causes the system to hang during boot. I get a message: "a start job is running for cryptography setup" and a little moving asterick while the system waits. At the same time there is a second similar message with moving asterick: "a start job is running for" and the name of the lvm device to be started. And if I define all the volumes on the lvm to be mounted in fstab, I get yet more "a start job is running" messages and hangs for them, all simultaneously.
It seems like the system is not stopping and waiting for the password, before trying to start the lvm and then hanging. I've found that I actually can type in the password while the system is stuck like this (though the screen doesn't really register that I'm typing a password) and then the system will continue and start the lvm and mount volumes properly as defined in fstab.
I don't really know much about how all this stuff works, but gather from reading around that perhaps systemd is not waiting for the password, before tying to automatically start the lvm? And tha'ts causing the hang. (I have LMDE installed with a separate /boot parition on the same number 1 drive and it boots as expected, I'm assuming this is because it's not using systemd.)
The only post that I could find that remotely seemed similar to my problem is this: https://bbs.archlinux.org/viewtopic.php?id=153811
But I don't really follow what's being said in that thread or the solution, regard the .service file. Where is is? What would I edit in it? Is that what I want to do?
Thanks to anyone for any help on this.

Well I just figured out that I put the wrong UUID in /etc/fstab. /dev/sdb1 (the disk being unlocked) != /dev/mapper/crypt2 (the unlocked partition). Now everything works as it should.
Last edited by houron102 (2012-09-14 01:19:47)

System encryption :: Luks on lvm or Lvm on Luks?

Similar Messages

Maybe you are looking for