As I can't have a persistent crypted container file for my config + own files on the disk I want with Knoppix 7, waiting I'd like to manage with my old Knoppix.img file


I tried to use 'sudo mount -t ext2 -o loop,encryption=AES256 /media/sdc1/knoppix.img ./Desktop/knoppix' as I do on a lot of different Linux distrib, but on Knoppix 7 it doesn't work: I get a message about wrong fs or other trouble (while I am sure the knoppix.img is ok). Of course I did first 'sudo modprobe cryptoloop'.


any idea? (again I looked for the solution here and in the FAQ without succes)
thanks!


PS I modify very little the Knoppix/Linux/programs files, so I plan a script that will copy from my crypted container all the needed files. I did the script test already, it works well and it's very fast, so - except I don't know how to put it in the crypted container - it may be an issue for me.

Hi user89,
you are in wrog: your knoppix.img is not a crypted container.
You have to create a new aes crypted container to put your personal data in it
After that, you can mount this data store using a simple script when you need.

but I give notes that it is possible to have a persistent crypted container for your config + own files called knoppix-data.aes to run knoppix in llive mode with persistence

well let me know what solution you need

> your knoppix.img is not a crypted container.

my old knoppix.img is crypted (Knoppix 5), I need a passphrase to open it

> You have to create a new aes crypted container to put your personal data in it

how can I create such a container with Knoppix 7? (the "create persistent file" that was in the Knoppix 5 menu is not here anymore)
no way to keep the same container from Knoppix 5? (at least just to open/read it)

> but I give notes that it is possible to have a persistent crypted container for your config + own files called
> knoppix-data.aes to run knoppix in llive mode with persistence

on the boot device only, right?
I need such a file NOT on the boot device and bigger than 4Gb

ok I had not read your requests posted in other threads

1: create a new dir

mkdir /mnt-system/work
2: create a text file in /mnt-system/work called store.pw with written inside the new desired password (max 14 char lenght !!!)
3: open a root scell


dd if=/dev/urandom of=/mnt-system/work/store.aes bs=1M count=2048 #2GB
losetup -p 0 -e aes -k 256 /dev/loop6 /mnt-system/work/store.aes </mnt-system/work/store.pw
mkfs -t ext2 -L MyData /dev/loop6 # MyData is the label you will see after mounting
mount -t ext2 -o rw /dev/loop6 /mnt-system/work
rm /mnt-system/work/store.pw

4: mount your old knoppix.img file from knoppix5

mount -t ext2 /media/sdc1/knoppix.img /mnt-user -o encryption=aes,keybits=256,loop
and you will ask to enter your password
5: copy your important data. If you want copy all at once you can use

rsync -ax /mnt-user/ /mnt-system/work
6: close all

umount /mnt-system/work && losetup -d /dev/loop6
umount /mnt-user
7: if you rename store.aes to knoppix-data.aes and put it in /mnt-system you can use it like persistence, and at boot you need to enter the password to use your own data
8: if you need a file more 4GB you will put in other place and NOT in FAT32 partition
take a look to my old threads: http://knoppix.net/forum/threads/29666-KNOPPIX-6.7.1-on-USB-with-very-large-persistent-data-image (http://knoppix.net/forum/threads/29666-KNOPPIX-6.7.1-on-USB-with-very-large-persistent-data-image.)

Hope that help you and not make a mistake :grin:
bye

thanks! but


mount -t ext2 /media/sdc1/knoppix.img /mnt-user -o encryption=aes,keybits=256,loop

gives the same result after I give my password:


mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so


And here the result of dmesg :

EXT2-fs (loop0): error: can't find an ext2 filesystem on dev loop0.

I checked again the Knoppix.img with the Knoppix 5 CD and on a PC with Ubuntu, it works, the container opens with the password... So what's wrong with Knoppix 7? :confused:

but are you sure it is a ext2 fs and not a ext3 ??
or tape a wrong password ?

sure of the ext2 and the password as I can open the file on other OS with the same command

ok
try to mount in other way

echo yourpassword | losetup -e aes -p 0 /dev/loop6 /media/sdc1/knoppix.img

ok
try to mount in other way

echo yourpassword | losetup -e aes -p 0 /dev/loop6 /media/sdc1/knoppix.img

it's ok, I already tried it but... but... next when I want to mount /dev/loop6 I get the same error:
mount: wrong fs type, bad option, bad superblock on /dev/loop6, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so I really don't understand why Knoppix 5 and Ubuntu agree to open this container, and not Knoppix 7... anybody tried to do the same?

I tried again "sudo mount -t ext2 -o loop,encryption=AES256 /media/sdc1/knoppix.img ~/Desktop/knoppix" after a reboot. Now I get :
ioctl: LOOP_SET_STATUS: No such file or directory I don't understand :/ And "sudo mount -t ext2 /media/sdc1/knoppix.img /mnt-user -o encryption=aes,keybits=256,loop" still gives the same old result "mount: wrong fs type, bad option, bad superblock on /dev/loop3, missing codepage or helper program, or other error. In some cases useful info is found in syslog - try dmesg | tail or so"

one more thing to add to my previous post ----

I tried loopaes ( http://glarson.org/files/loopaes/loopaes ) with hashalot, it seems I have a trouble: ERROR: could not insert 'padlock_aes': No such device ----

then I tried "sudo modprobe -v aes", I got "insmod /lib/modules/3.3.7/kernel/drivers/crypto/padlock-aes.ko ERROR: could not insert 'padlock_aes': No such device" ----

so I tried to blacklist it by "sudo vi /etc/modprobe.d/modprobe.conf" (to add a line "blacklist padlock-aes" as I found on the Web) but the trouble is still here when I launch loopaes ----

maybe I am on a wrong way anyway to solve my first trouble...

Sorry, I haven't time to look over your problem. Perhaps a look at createdata() and mountdata() within the init-script of minirt.gz may help you.

maybe I am on a wrong way anyway to solve my first trouble...

If I may make a guess, I think likely it is due to some incompatibility between the encryption use. Instead of trying to dig thru all the details, perhaps better and faster just copy it out from running an older version of knoppix inside a virtual machine.

you're probably right!
someone here told me how to do is previously but
i just tried its firt command (sudo mkdir /mnt-system/work)
I got:

mkdir: cannot create directory `/mnt-system/work': Read-only file system
:/
I'll try to mount somewhere else...

I created a new container manualy with losetup on Knoppix 7 --
I tried to open it on another old PC Debian that could open my old "knoppix 5" data, but I couldn't open the new container !
because it was asking me a passphrase of at least 20 car.
but I think when creating the new container I couldn't have a passphrase longer than 16 car...

maybe here is the explanation of the trouble...

so the only ready solution to use the same crypted container on a new PC (Knoppix 7) and an old one (not up to date Linux) is with cryptsetup (SHA1, not SHA256)...

now I just wonder when I have to mount the container on Knoppix if I want a persistent image...

now I just wonder when I have to mount the container on Knoppix if I want a persistent image...

Knoppix creates a new encrypted image for you. Placed where Knoppix usually resides. If you store it on NTFS or extX partitions, you can make it big - but then you may have to either create it manually or resize it (I don't know about resizing encrypted images, resizing ordinary images is simple and works quite well.) To make things simpler and safer, I suggest you copy over from the old encrypted image to an unencrypted one, and then from there to the new encryption.

You should be able to do this from Knoppix 7, running, as kl522 suggests, the Knoppix 5 ISO/installation in a virtual machine.

My own preferred way of doing such things, is making a Poor Man's install on some partition, setup legacy Grub so it can boot that install, and then let Grub boot it in Qemu.
For example, booting your main HD like this


sudo qemu -hda /dev/sda -m 512 &

then select the partition and from the original Knoppix version running in the VM, copy from encrypted to unencrypted - on the same partition (the VM's /mnt-system), or somewhere else mounted by the VM. Just beware of multiple mounting of partitions.

Maybe too awkward and stupid for your liking, but that's me.

BTW, I doubt incompatibilities here are introduced by Knoppix, I would guess it's the Debian heritage, and I would think you got a hint when you couldn't open the new container in the old Debian.

again, my data file (on USB key) can't be on the Knoppix device (DVD)

I managed to open my old Knoppix 5 data and to copy them in a cryptsetup device that I can open with my old Debian and newest Knoppix 7, so that's ok

now two troubles:

- the USB key is very very slow on the old Debian, I need about 1h to mount a 16Gb crypted container and a long time too to umount it. It was faster with the Knoppix 5 container (and the same USB key...)

- I need to configure again all my softwares (Icedove mail...) when I reboot, and I didn't find a solution to install and keep new softwares in my container as I did before with Knoppix 5. For static it's ok, but I have some professional softwares only available as .deb and the publishers won't change that...
maybe because I mount my container on a directory on the Desktop...

again, my data file (on USB key) can't be on the Knoppix device (DVD)

I managed to open my old Knoppix 5 data and to copy them in a cryptsetup device that I can open with my old Debian and newest Knoppix 7, so that's ok

now two troubles:

- the USB key is very very slow on the old Debian, I need about 1h to mount a 16Gb crypted container and a long time too to umount it. It was faster with the Knoppix 5 container (and the same USB key...)

- I need to configure again all my softwares (Icedove mail...) when I reboot, and I didn't find a solution to install and keep new softwares in my container as I did before with Knoppix 5. For static it's ok, but I have some professional softwares only available as .deb and the publishers won't change that...
maybe because I mount my container on a directory on the Desktop...

1. Do you understand what we were talking about when we suggested running your old Knoppix in a VM and mention Poor Man's install? The method I suggested doesn't involve DVD at all.

2. If your software is available as .deb
A: If new install works, why don't you just reinstall it on a new persistent store, dropping the old versions?
B: If new install doesn't work, why do you bother trying to transfer? You can still use these programs by running Knoppix5 in a virtual machine, as we suggested.

3. Why do you mix programs and user data in a 16 GB volume? I have experimented with persistent store, and found that for my use, anything beyond ca 6 GB starts to become impractical. User data is better kept on a separate volume, and you can modify for example /etc/rc.local or knoppix.sh to automount that. In particular, if you don't want to roll some programs into the KNOPPIX cloop by remastering, but keep them on an encrypted volume I think it is safest and most practical to keep user data separate from that, encrypted or not. Otherwise, the simplest way to proceed is remastering, so essentially all programs are integrated in the KNOPPIX cloop.

I understand your "solution", a VM and so on, but that's not what I can use/need

I need to run Knoppix on very old machines that are not mine and that can't boot from USB key (old Bios)
so I have to use a DVD for Knoppix (except if sometimes they already have Debian on HDD for exemple, but I can not modify them) + a key for my data (and my /small/ softwares stored here are protected from any unwanted modification)
-- while til now, default Knoppix 7 scripts allow install of a crypted persistent container only on the boot device

the only "new" solution you give me is remastering, that I wanted to avoid if possible

.. and that can't boot from USB key (old Bios)You can build a Knoppix Boot-CD: Summary
(http://www.wp-schulz.de/knoppix/summary.html)With it you can use a Knoppix flash disk installation as usual.
Perhaps Backup (http://www.wp-schulz.de/knoppix/backup.html) also may be useful

I understand your "solution", a VM and so on, but that's not what I can use/need

I need to run Knoppix on very old machines that are not mine and that can't boot from USB key (old Bios)
so I have to use a DVD for Knoppix (except if sometimes they already have Debian on HDD for exemple, but I can not modify them) + a key for my data (and my /small/ softwares stored here are protected from any unwanted modification)
-- while til now, default Knoppix 7 scripts allow install of a crypted persistent container only on the boot device

the only "new" solution you give me is remastering, that I wanted to avoid if possible

No, it does not seem to me that you understand this.
1. You don't have to use the same setup for transferring Knoppix images as for running later, as you seem to imply. We have not discussed the use afterwards at all, only procedures for conversion. You don't insist on doing the conversion on some very old machine if you don't have to???
2. You don't have to run Knoppix off CD/DVD, even it you have to use that for booting. So AFAIK, you can use a USB stick setup whether or not you can boot it. When you can't, you boot with the CD/DVD.
3. Remastering can be done VERY simply nowadays, so "avoid that if possible" is IMHO a very impractical approach if you want to use Knoppix with fairly extensive customizations in the form of added programs, as seems to be your case. The simplest for you is probably just to create overlays instead of doing a complete remastering. YMMV.
4. If you want to make extensive customizations, you simply can't rely fully on the default Knoppix install scripts - they are for the simple use cases. The "only on the boot device" conception which you easily get becomes very misleading - a basic functionality of Knoppix is the splitting of booting and running. For example, if you have a KNOPPIX directory somewhere on the HD and you boot from DVD/USB, Knoppix will use that image (the first it finds if several) unless you specify bootfrom= option on the command line.
5. The partition Knoppix is run from is mounted on /mnt-system, and on that partition, you can have as much persistent stuff as you like - it is always possible to automount it by simple modifications like I mentioned if system capacity permits. You can also have it on other partitions, but then there will be more coordination work. I have used several automounted knoppix-dataX.img files, put into the KNOPPIX directory for convenience - then they will be copied to new media by the Install Knoppix to flash script.
6. If you run the Install Knoppix to flash script, and let Knoppix create a new encrypted image for you on a USB stick, you have created the basis for what you need entirely with standard scripts. Using that for user data, and installing the additional .deb programs in noimage Knoppix instances, rolling them into overlays as needed, will give you a robust and handy setuo for your work - always using the stick, booting from CD/DVD when necessary. If you exceed that 4GB limit on the persistent image, my advice is that you either simply create more 4GB overlays as needed, or setup NTFS/extX partitions on the stick for larger files.

I already told: the conversion is done (and yes I used an old PC to do that - Knoppix is for people who has less money too...)

I already told: the conversion is done (and yes I used an old PC to do that - Knoppix is for people who has less money too...)
Sure, Knoppix may be more relevant the less hardware resources you have got - but then to make the whole thing effective, it's important to organize the setup optimally. For example, I have noticed a huge performance boost using new, fast USB3 sticks instead of old, slower USB 2 on older USB2-equipped machines. Not to talk about the slowdown if Knoppix is not only booted, but run, from CD/DVD on such machines. :)