On Tue, 11 Jun 2002, Ben Slusky wrote: > On Tue, 11 Jun 2002 13:08:12 -0400, Wayne F Davis wrote: > > Now, I want to automate some of the steps (losetup, modules, mount). What > > is the best way to go about doing this? I would like to load the modules > > on boot via modules.conf and have the mount command handle the losetup. > > On shutdown, I would like the umounting to handle the losetup. Is there > > a way to do this easily (via modules.conf & /etc/fstab)? (I tried a few > > things, but was getting some errors, so I figured I'd ask here.) > > This can be done, with a patched util-linux package. Such a package is > standard with RedHat and Debian, and possibly others; if your mount(8) > man page does not mention the "encryption" and "keybits" options, then > get the patch at > <URL:ftp://ftp.kernel.org/pub/linux/kernel/people/hvr/util-linux-patch-int/> > and build it yourself. I do have the updated util-linux package. > Now, to mount /dev/hda7 as /home with 128-bit AES encryption, add to > your modules.conf: > alias cipher-aes-ecb cipher-aes > alias cipher-aes-cbc cipher-aes > and to your fstab: > /dev/hda7 /home ext3 defaults,loop,encryption=aes,keybits=128 1 0 my modules.conf includes: alias cipher-aes-ecb cipher-aes alias cipher-aes-cbc cipher-aes my fstab: /dev/loop0 /mnt/crypt ext3 defaults,loop,encryption=aes,keybits=128 1 0 --- However, I can't mount the drive using mount ... # mount /mnt/crypt ioctl: LOOP_SET_FD: Device or resource busy First, I have to setup the loopback device with losetup, after loading the modueles: # modprobe cipher-aes # modprobe cryptoloop # losetup -e aes /dev/loop0 /path/cryptfile Then, I can mount it: mount /dev/loop0 /mnt/crypt -- Is there anyway I can simplify this? So that I can just type mount /mnt/crypt and type in my password (w/o scripting it)? Thank, Wayne > > Note the 0 in the fsck-pass column, since you can't fsck it. Which isn't > too much of a problem if you use a journaling filesystem. > > HTH, > > -- Wayne Davis - wfdavis@seas.upenn.edu - PGP Key Available - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
