On Wed, 2001-12-26 at 23:37, Zygo Blaxell wrote: > I've been looking for a better solution for encrypted loopback root > filesystems. The current strategy used by cryptoapi and loop-AES seems > to be: > > 1. Boot on an initrd > > 2. On the initrd, load crypto modules (unless already built in) > > 3. losetup -e ... /dev/loop0 /dev/hda1 > > 4. Swap roots, exit, let kernel exec /sbin/init > > Unfortunately, this has one major problem: it seems to be impossible > to get rid of the RAM disk afterwards, because the filesystem on the RAM > disk is in use (due to the /dev device inode used for losetup). > This means that whatever RAM is used for the RAM disk is lost forever. haven't tried myself, but at least with 2.4 kernels, there's the pivot_root() system call, which should swap the root and making it possible to unmount the ramdisk... I'd recommend taking a look at redhat's mkinitrd package, which contains 'nash', some kind of self-contained mini-shell, which includes the few necessary commads usually used on initrd's... and add support to it for getting a passphrase (+ hash it) and other encryption paramters... regards, -- Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@xxxxxxxxxx / Finger hvr@xxxxxxx for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142
Attachment:
pgp00081.pgp
Description: PGP signature
