| 1 |
Joshua Brindle wrote: |
| 2 |
|
| 3 |
> read this |
| 4 |
> http://loop-aes.sourceforge.net/loop-AES.README |
| 5 |
> |
| 6 |
> and these |
| 7 |
> |
| 8 |
http://forums.gentoo.org/viewtopic.php?t=31363&start=0&postdays=0&postorder=asc&highlight= |
| 9 |
> |
| 10 |
> I'd really like something like this, particularly the example |
| 11 |
> in the aes readme about using a passphrase, and gpg |
| 12 |
> key on a usb dongle to mount the filesystem at boot time |
| 13 |
> |
| 14 |
> so basically i'm asking for volunteers to set up something |
| 15 |
> like this, an ebuild that would create the initrd, and docs |
| 16 |
> about encrypting the filesystems, etc. |
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
I have a just such a system with cryptoAPI, initrd, and a USB memory |
| 21 |
stick holding a GPG key working for 2.4.[19-21] kernels no problem. I |
| 22 |
can document this and post to this list for others to test. |
| 23 |
|
| 24 |
|
| 25 |
I have been working on this for months now... trying to get the initrd |
| 26 |
to work well with kernel 2.6, with varying degrees of success, but no joy... |
| 27 |
|
| 28 |
I have not had too much success with loop-AES initrd, as it makes many |
| 29 |
assumptions regarding the util-linux version, patches to the kernel, |
| 30 |
etc... since crytpoAPI is now standard for loopback encryption in the |
| 31 |
2.6 kernel (and was included in the old crypto-sources kernel for |
| 32 |
Gentoo), and is supported by mainline util-linux 2.12, I have been using |
| 33 |
that. |
| 34 |
|
| 35 |
At the moment, I cannot get a kernel 2.6 to pay attention to pivot_root. |
| 36 |
Indeed I have never had a pivot_root call succeed on any version of any |
| 37 |
kernel, so it is probably my stupidity. But I suspect that there is an |
| 38 |
interaction with devfs that I don't fully apprehend. The loop-AES |
| 39 |
maintainer does not quite understand devfs. I will continue to peruse |
| 40 |
the Gentoo forum regarding this matter. |
| 41 |
|
| 42 |
-- boyd |
| 43 |
|
| 44 |
|
| 45 |
-- |
| 46 |
gentoo-hardened@g.o mailing list |
Archives