Re: Root partition encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kostas Psarras wrote:
> Could someone clarify what Jari means in the 8th step of the README by:
> "
> Reboot system from rescue floppy / cdrom / other partition on your
>     system, so that the partition you are about to encrypt is _not_ mounted.
>     Note: you must use loop-AES' loop.o module and loop-AES modified losetup
>     program for this.
> 
>         insmod loop
>         losetup -e AES128 /dev/loop5 /dev/hda2
>         dd if=/dev/hda2 of=/dev/loop5 bs=8192 conv=notrunc
>         sync
>         mount -t ext2 /dev/loop5 /mnt
> "
> 
> I mean what is needed to do the trick? Perhaps a disk with 3 partitions?
> 
> I think i have to build (besides /boot and / partitions) a rescue disk
> with same kernel version of my / so the loop-2.4.7.o can be used . . .
> 
> Is that right?

Yes, you need to boot from floppy, and you need a loop.o module that matches
your boot floppy kernel. Kernel version on the boot floppy does not matter
(any 2.2.x or 2.4.x should work) as long as loop.o module is compiled for
that kernel.

Easiest way to do that is to use existing boot floppy with some kernel. You
need that kernel's source and .config to compile a new loop.o module for
that kernel.

1)  Install boot disk kernel source and .config somewhere

2)  Check that CONFIG_MODULES is Y and CONFIG_BLK_DEV_LOOP is not Y in
    .config file. If they are not like that, you have to replace the kernel
    on the boot floppy.

3)  Recompile kernel without installing:

    make oldconfig
    make dep && make clean && make bzImage
    make modules

4)  Mount an "extra" ext2 formatted floppy on /floppy

5)  cd to loop-AES directory

6)  Build loop.o module for that kernel by typing:

    make LINUX_SOURCE=/path/to/kernel/dir INSTALL_MOD_PATH=/floppy

7)  Copy loop-AES enhanced losetup to floppy. There may be library
    dependency problems with boot disk C library. Statically linked losetup
    program avoids such troubles.

    cp /sbin/losetup /floppy

8)  Unmount floppy

9)  Boot from original boot floppy (or floppies)

10) Mount "extra" floppy on /floppy

11) Manually load loop.o driver to kernel:

    insmod /floppy/lib/modules/*/block/loop.o

12) Proceed with "/floppy/losetup" and "dd" as explained in loop-AES README

Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux