1 |
Nelson wrote: |
2 |
>Cool, I'll look into it. If anyone offers to patch the *.py files I can do |
3 |
>the rest and specify what it needs to be done. |
4 |
|
5 |
Sorry, I thought you ment look into support encryption directly on catalyst |
6 |
:S. |
7 |
|
8 |
Like I said, I think it's not possible without a patch. Yes, luks is |
9 |
provided by genkernel, I wasn't sure how so I mentioned a (temp) hack. But |
10 |
the compressed image cannot be touched by Catalyst now. The alternative is |
11 |
make a neatly integrated support on it, with fields like encryption/seed. |
12 |
|
13 |
>There's at least one or two more LUKS-related patches/bugs in |
14 |
>bugzilla. |
15 |
|
16 |
Considering that and the 2 loops requir., maybe it's better to stick to |
17 |
loop-aes. |
18 |
|
19 |
I made a simple picture, just for those not following, with a simple |
20 |
correction (no need to do mksquashfs twice, we just dd it to the open loop): |
21 |
|
22 |
|
23 |
---------------------------------------------- |
24 |
---------------------------------------------- |
25 |
|
26 |
|
27 |
---(X)---> means "mapped" to by X. |
28 |
%%%%%%%%%%%%% |
29 |
|
30 |
Crypt (luks): |
31 |
|
32 |
Step 1: random_file (made with dd, same size as squashfs) ---(losetup)---> |
33 |
/dev/loop1----(luks)----> /dev/mapper/root (this is the unencrypted dev |
34 |
where we put the root) |
35 |
|
36 |
step 2: image.squashfs ----(dd)----> /dev/mapper/root |
37 |
|
38 |
%%%%% |
39 |
|
40 |
Crypt (loop-aes) |
41 |
|
42 |
step1: |
43 |
random_file_as_above ----(loop+aes)----> /dev/loop0 (the unencrypted dev |
44 |
where we put the root); |
45 |
step2: |
46 |
image.squashfs ----(dd)----> /dev/loop0 |
47 |
|
48 |
|
49 |
%%%%%%%%%%%%% |
50 |
|
51 |
Uncrypt: |
52 |
|
53 |
luks: |
54 |
encrypted_squashfs ---(losetup)---> /dev/loop0 ---(luks)---> |
55 |
/dev/mapper/cd_root |
56 |
|
57 |
loop+aes: |
58 |
encrypted_squashfs ---(losetup+aes)---> /dev/cd_root. |
59 |
|
60 |
_________________________________________________________________ |
61 |
Express yourself instantly with MSN Messenger! Download today it's FREE! |
62 |
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ |
63 |
|
64 |
-- |
65 |
gentoo-catalyst@g.o mailing list |