Documentation/power/swsusp-dmcrypt.txt
来源:互联网 发布:javascript outlook 编辑:程序博客网 时间:2024/06/13 22:23
Chinese translated version of Documentation/power/swsusp-dmcrypt.txt
If you have any comment or update to the content, please contact the
original document maintainer directly. However, if you have a problem
communicating in English you can also ask the Chinese maintainer for
help. Contact the Chinese maintainer if this translation is outdated
or if there is a problem with the translation.
Chinese maintainer: 徐红 1534342777@qq.com
---------------------------------------------------------------------
Documentation/power/swsusp-dmcrypt.txt的中文翻译
如果想评论或更新本文的内容,请直接联系原文档的维护者。如果你使用英文
交流有困难的话,也可以向中文版维护者求助。如果本翻译更新不及时或者翻
译存在问题,请联系中文版维护者。
中文版维护者: 徐红 1534342777@qq.com
中文版翻译者: 徐红 1534342777@qq.com
以下为正文
---------------------------------------------------------------------
Author: Andreas Steinmetz <ast@domdv.de>
作者:Andreas Steinmetz <ast@domdv.de>
How to use dm-crypt and swsusp together:
如何一起使用DM加密和交换挂起:
========================================
Some prerequisites:
You know how dm-crypt works. If not, visit the following web page:
http://www.saout.de/misc/dm-crypt/
You have read Documentation/power/swsusp.txt and understand it.
You did read Documentation/initrd.txt and know how an initrd works.
You know how to create or how to modify an initrd.
一些先决条件:
你应该知道dm-crypt是如何工作的。如果不知道可以访问下面的页面:
http://www.saout.de/misc/dm-crypt/
你已经阅读并理解了Documentation/power/swsusp.txt文档
你已经读了Documentation/initrd.txt文档,并且知道初始RAM磁盘是如何工作的。
the swap device(s) and the boot partition which may contain a mini
system for crypto setup and/or rescue purposes. You may even have
an initrd that does your current crypto setup already.
现在你的系统已经正确启动,你的磁盘已经加密,除了可能包含小型系统
交换设备和启动分区,这是为了密码设置或救援意图。你可能已经有一个初
be able to suspend using swsusp. This, however, means that you
have to be able to either enter a passphrase or that you read
the key(s) from an external device like a pcmcia flash disk
or an usb stick prior to resume. So you need an initrd, that sets
up dm-crypt and then asks swsusp to resume from the encrypted
swap device.
从这一点来看你也想加密你的交换设备。你还想用swsusp实现挂起。
这就意味着你必须输入密码或从像pcmcia闪存这样的外部设备或恢复
之前的USB棒中读密钥。因此,你需要初始RAM磁盘,来建立DM加密,然
a way that the swap device you suspend to/resume from has
always the same major/minor within the initrd as well as
within your running system. The easiest way to achieve this is
to always set up this swap device first with dmsetup, so that
it will always look like the following:
brw------- 1 root root 254, 0 Jul 28 13:37 /dev/mapper/swap0
最重要的是你用挂起或恢复的交换设备在初始RAM磁盘和正在运行
的系统中总是有相同主次关系的方法来建立DM加密。最简单的方法
就是首先用dmsetup文件来建立交换设备,这样它看起来就像下面这样:
brw------- 1 root root 254, 0 Jul 28 13:37 /dev/mapper/swap0
Now set up your kernel to use /dev/mapper/swap0 as the default
resume partition, so your kernel .config contains:
CONFIG_PM_STD_PARTITION="/dev/mapper/swap0"
现在用/dev/mapper/swap0把你的内核设置为默认恢复分区,这样你的
modify. For lilo the simplest setup looks like the following
lines:
image=/boot/vmlinuz
initrd=/boot/initrd.gz
label=linux
append="root=/dev/ram0 init=/linuxrc rw"
准备你的引导装载程序,使用你将创建或修改的初始RAM磁盘。对于
lilo来说最简单的设置如下所示:
image=/boot/vmlinuz
initrd=/boot/initrd.gz
label=linux
append="root=/dev/ram0 init=/linuxrc rw"
Finally you need to create or modify your initrd. Lets assume
you create an initrd that reads the required dm-crypt setup
from a pcmcia flash disk card. The card is formatted with an ext2
fs which resides on /dev/hde1 when the card is inserted. The
card contains at least the encrypted swap setup in a file
named "swapkey". /etc/fstab of your initrd contains something
none /proc proc defaults,noatime,nodiratime 0 0
none /sys sysfs defaults,noatime,nodiratime 0 0
最后,你需要创建或修改初始RAM磁盘,我们假设你创建了一个从pcmcia
闪存卡读需要的DM加密的初始RAM磁盘。当这个卡插入的时候会被驻留
在/dev/hde1的ext2 fs格式化。这个卡至少包含了"swapkey"文件中的加
密的交换设置。初始RAM磁盘的/etc/fstab包含了一些下面的内容:
/dev/hda1 /mnt ext3 ro 0 0
none /proc proc defaults,noatime,nodiratime 0 0
none /sys sysfs defaults,noatime,nodiratime 0 0
/dev/hda1 contains an unencrypted mini system that sets up all
of your crypto devices, again by reading the setup from the
pcmcia flash disk. What follows now is a /linuxrc for your
initrd that allows you to resume from encrypted swap and that
continues boot with your mini system on /dev/hda1 if resume
does not happen:
/dev/hda1包含了一个未加密的小型系统,这个系统再次通过从pcmcia
闪存读安装说明创建了所有的加密设备。以下是允许你从交换设备恢复
的初始RAM磁盘的/linuxrc,如果没有恢复,它会在/dev/hda1上继续引导
你的小型系统:
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
mount /proc
mount /sys
mapped=0
noresume=`grep -c noresume /proc/cmdline`
if [ "$*" != "" ]
then
noresume=1
fi
dmesg -n 1
/sbin/cardmgr -q
for i in 1 2 3 4 5 6 7 8 9 0
do
if [ -f /proc/ide/hde/media ]
then
usleep 500000
mount -t ext2 -o ro /dev/hde1 /mnt
if [ -f /mnt/swapkey ]
then
dmsetup create swap0 /mnt/swapkey > /dev/null 2>&1 && mapped=1
fi
umount /mnt
break
fi
usleep 500000
done
killproc /sbin/cardmgr
dmesg -n 6
if [ $mapped = 1 ]
then
if [ $noresume != 0 ]
then
mkswap /dev/mapper/swap0 > /dev/null 2>&1
fi
echo 254:0 > /sys/power/resume
dmsetup remove swap0
fi
umount /sys
mount /mnt
umount /proc
cd /mnt
pivot_root . mnt
mount /proc
umount -l /mnt
umount /proc
exec chroot . /sbin/init $* < dev/console > dev/console 2>&1
Please don't mind the weird loop above, busybox's msh doesn't know
the let statement. Now, what is happening in the script?
First we have to decide if we want to try to resume, or not.
We will not resume if booting with "noresume" or any parameters
for init like "single" or "emergency" as boot parameters.
不要介意上面怪异的环路,busybox的msh不知道这个声明。现在脚本发生了
什么?首先我们必须确定是否想要恢复。如果用"noresume"引导,或任何初
pcmcia flash disk. If this succeeds we need to reset the swap
device if we don't want to resume. The line "echo 254:0 > /sys/power/resume"
then attempts to resume from the first device mapper device.
Note that it is important to set the device in /sys/power/resume,
regardless if resuming or not, otherwise later suspend will fail.
If resume starts, script execution terminates here.
然后我们需要从pcmcia闪存中用安装数据建立DM加密。如果成功了,我们不想
恢复的话就要重置交换设备。"echo 254:0 > /sys/power/resume"这一行代码试图
从第一设备映射器恢复。注意,在/sys/power/resume中设置设备很重要,不管是
mini system on /dev/hda1 to set the whole crypto up (it is up to
you to modify this to your taste).
否则我们只移动加密交换设备,把它留在/dev/hda1的小型系统中建立整个密码
file system and continue booting from there. I prefer to unmount
the initrd prior to continue booting but it is up to you to modify
this.
接下来是著名的更改根文件系统的步骤,继续从那引导。我宁愿在继续引导之前
退出初始RAM磁盘,但是轮到你修改了。
If you have any comment or update to the content, please contact the
original document maintainer directly. However, if you have a problem
communicating in English you can also ask the Chinese maintainer for
help. Contact the Chinese maintainer if this translation is outdated
or if there is a problem with the translation.
Chinese maintainer: 徐红 1534342777@qq.com
---------------------------------------------------------------------
Documentation/power/swsusp-dmcrypt.txt的中文翻译
如果想评论或更新本文的内容,请直接联系原文档的维护者。如果你使用英文
交流有困难的话,也可以向中文版维护者求助。如果本翻译更新不及时或者翻
译存在问题,请联系中文版维护者。
中文版维护者: 徐红 1534342777@qq.com
中文版翻译者: 徐红 1534342777@qq.com
以下为正文
---------------------------------------------------------------------
Author: Andreas Steinmetz <ast@domdv.de>
作者:Andreas Steinmetz <ast@domdv.de>
How to use dm-crypt and swsusp together:
如何一起使用DM加密和交换挂起:
========================================
Some prerequisites:
You know how dm-crypt works. If not, visit the following web page:
http://www.saout.de/misc/dm-crypt/
You have read Documentation/power/swsusp.txt and understand it.
You did read Documentation/initrd.txt and know how an initrd works.
You know how to create or how to modify an initrd.
一些先决条件:
你应该知道dm-crypt是如何工作的。如果不知道可以访问下面的页面:
http://www.saout.de/misc/dm-crypt/
你已经阅读并理解了Documentation/power/swsusp.txt文档
你已经读了Documentation/initrd.txt文档,并且知道初始RAM磁盘是如何工作的。
你知道如何创建或如何修改初始RAM磁盘。
the swap device(s) and the boot partition which may contain a mini
system for crypto setup and/or rescue purposes. You may even have
an initrd that does your current crypto setup already.
现在你的系统已经正确启动,你的磁盘已经加密,除了可能包含小型系统
交换设备和启动分区,这是为了密码设置或救援意图。你可能已经有一个初
始RAM磁盘处理当前的密码设置。
be able to suspend using swsusp. This, however, means that you
have to be able to either enter a passphrase or that you read
the key(s) from an external device like a pcmcia flash disk
or an usb stick prior to resume. So you need an initrd, that sets
up dm-crypt and then asks swsusp to resume from the encrypted
swap device.
从这一点来看你也想加密你的交换设备。你还想用swsusp实现挂起。
这就意味着你必须输入密码或从像pcmcia闪存这样的外部设备或恢复
之前的USB棒中读密钥。因此,你需要初始RAM磁盘,来建立DM加密,然
后让swsusp从加密的交换设备中恢复。
a way that the swap device you suspend to/resume from has
always the same major/minor within the initrd as well as
within your running system. The easiest way to achieve this is
to always set up this swap device first with dmsetup, so that
it will always look like the following:
brw------- 1 root root 254, 0 Jul 28 13:37 /dev/mapper/swap0
最重要的是你用挂起或恢复的交换设备在初始RAM磁盘和正在运行
的系统中总是有相同主次关系的方法来建立DM加密。最简单的方法
就是首先用dmsetup文件来建立交换设备,这样它看起来就像下面这样:
brw------- 1 root root 254, 0 Jul 28 13:37 /dev/mapper/swap0
Now set up your kernel to use /dev/mapper/swap0 as the default
resume partition, so your kernel .config contains:
CONFIG_PM_STD_PARTITION="/dev/mapper/swap0"
现在用/dev/mapper/swap0把你的内核设置为默认恢复分区,这样你的
kernel .config就包含了:CONFIG_PM_STD_PARTITION="/dev/mapper/swap0"
modify. For lilo the simplest setup looks like the following
lines:
image=/boot/vmlinuz
initrd=/boot/initrd.gz
label=linux
append="root=/dev/ram0 init=/linuxrc rw"
准备你的引导装载程序,使用你将创建或修改的初始RAM磁盘。对于
lilo来说最简单的设置如下所示:
image=/boot/vmlinuz
initrd=/boot/initrd.gz
label=linux
append="root=/dev/ram0 init=/linuxrc rw"
Finally you need to create or modify your initrd. Lets assume
you create an initrd that reads the required dm-crypt setup
from a pcmcia flash disk card. The card is formatted with an ext2
fs which resides on /dev/hde1 when the card is inserted. The
card contains at least the encrypted swap setup in a file
named "swapkey". /etc/fstab of your initrd contains something
like the following:
none /proc proc defaults,noatime,nodiratime 0 0
none /sys sysfs defaults,noatime,nodiratime 0 0
最后,你需要创建或修改初始RAM磁盘,我们假设你创建了一个从pcmcia
闪存卡读需要的DM加密的初始RAM磁盘。当这个卡插入的时候会被驻留
在/dev/hde1的ext2 fs格式化。这个卡至少包含了"swapkey"文件中的加
密的交换设置。初始RAM磁盘的/etc/fstab包含了一些下面的内容:
/dev/hda1 /mnt ext3 ro 0 0
none /proc proc defaults,noatime,nodiratime 0 0
none /sys sysfs defaults,noatime,nodiratime 0 0
/dev/hda1 contains an unencrypted mini system that sets up all
of your crypto devices, again by reading the setup from the
pcmcia flash disk. What follows now is a /linuxrc for your
initrd that allows you to resume from encrypted swap and that
continues boot with your mini system on /dev/hda1 if resume
does not happen:
/dev/hda1包含了一个未加密的小型系统,这个系统再次通过从pcmcia
闪存读安装说明创建了所有的加密设备。以下是允许你从交换设备恢复
的初始RAM磁盘的/linuxrc,如果没有恢复,它会在/dev/hda1上继续引导
你的小型系统:
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
mount /proc
mount /sys
mapped=0
noresume=`grep -c noresume /proc/cmdline`
if [ "$*" != "" ]
then
noresume=1
fi
dmesg -n 1
/sbin/cardmgr -q
for i in 1 2 3 4 5 6 7 8 9 0
do
if [ -f /proc/ide/hde/media ]
then
usleep 500000
mount -t ext2 -o ro /dev/hde1 /mnt
if [ -f /mnt/swapkey ]
then
dmsetup create swap0 /mnt/swapkey > /dev/null 2>&1 && mapped=1
fi
umount /mnt
break
fi
usleep 500000
done
killproc /sbin/cardmgr
dmesg -n 6
if [ $mapped = 1 ]
then
if [ $noresume != 0 ]
then
mkswap /dev/mapper/swap0 > /dev/null 2>&1
fi
echo 254:0 > /sys/power/resume
dmsetup remove swap0
fi
umount /sys
mount /mnt
umount /proc
cd /mnt
pivot_root . mnt
mount /proc
umount -l /mnt
umount /proc
exec chroot . /sbin/init $* < dev/console > dev/console 2>&1
Please don't mind the weird loop above, busybox's msh doesn't know
the let statement. Now, what is happening in the script?
First we have to decide if we want to try to resume, or not.
We will not resume if booting with "noresume" or any parameters
for init like "single" or "emergency" as boot parameters.
不要介意上面怪异的环路,busybox的msh不知道这个声明。现在脚本发生了
什么?首先我们必须确定是否想要恢复。如果用"noresume"引导,或任何初
始化为"single" 或 "emergency"的参数作为引导参数,我们将不恢复。
pcmcia flash disk. If this succeeds we need to reset the swap
device if we don't want to resume. The line "echo 254:0 > /sys/power/resume"
then attempts to resume from the first device mapper device.
Note that it is important to set the device in /sys/power/resume,
regardless if resuming or not, otherwise later suspend will fail.
If resume starts, script execution terminates here.
然后我们需要从pcmcia闪存中用安装数据建立DM加密。如果成功了,我们不想
恢复的话就要重置交换设备。"echo 254:0 > /sys/power/resume"这一行代码试图
从第一设备映射器恢复。注意,在/sys/power/resume中设置设备很重要,不管是
否恢复,否则后面的挂起会失败。如果恢复启动,脚本执行就终止了。
mini system on /dev/hda1 to set the whole crypto up (it is up to
you to modify this to your taste).
否则我们只移动加密交换设备,把它留在/dev/hda1的小型系统中建立整个密码
(轮到你按照自己的风格来修改了)。
file system and continue booting from there. I prefer to unmount
the initrd prior to continue booting but it is up to you to modify
this.
接下来是著名的更改根文件系统的步骤,继续从那引导。我宁愿在继续引导之前
退出初始RAM磁盘,但是轮到你修改了。
- Documentation/power/swsusp-dmcrypt.txt
- Documentation-power-states.txt
- Documentation/power/tricks.txt
- Documentation/power/notifers.txt
- Documentation/power/interface.txt
- Documentation/power/s2ram.txt
- Documentation-power-drivers-testing.txt
- Documentation/power/apm-acpi
- Documentation/devices.txt
- Documentation/sched-bwc.txt
- Documentation/timers/hpet.txt
- Documentation/input/cd32.txt
- Documentation/x86/pat.txt
- Documentation/filesystems/xip.txt
- Documentation/zorro.txt
- Documentation-spiep93xx-spi.txt
- Documentation/dvb/readme.txt
- Documentation-spi-pxa2xx.txt
- 消息模式Toast.makeText的几种常见用法
- 计算1/3-3/5+5/7-7/9...+19/21的值
- vim 命令大全
- linux下切换到之前的工作目录
- Java正则表达式获取网址和链接文字解析 .
- Documentation/power/swsusp-dmcrypt.txt
- mapreduce的全排序问题
- 一篇很全面的freemarker教程
- shell下快捷键的使用
- ubuntu password
- Ubuntu 12.04中文输入法的安装
- 深度探索actionscript3事件
- 常用JavaScript 技巧剖析 .
- ceph配置——3.网络配置
