Zygo Blaxell wrote: > I've been looking for a better solution for encrypted loopback root > filesystems. The current strategy used by cryptoapi and loop-AES seems > to be: > > 1. Boot on an initrd > > 2. On the initrd, load crypto modules (unless already built in) > > 3. losetup -e ... /dev/loop0 /dev/hda1 > > 4. Swap roots, exit, let kernel exec /sbin/init > > Unfortunately, this has one major problem: it seems to be impossible > to get rid of the RAM disk afterwards, because the filesystem on the RAM > disk is in use (due to the /dev device inode used for losetup). > This means that whatever RAM is used for the RAM disk is lost forever. > Encrypted root is most useful on laptops, where RAM is scarce, expensive, > or both...so this plan sucks. Have you looked at size of loop-AES' initrd.gz? It's only about 1.6 KB compressed and 15 KB uncompressed. Initrd remains unmountable, but 15 KB of unuseable kernel RAM not something to cry about, is it? Regards, Jari Ruusu <jari.ruusu@xxxxxxxxxx> - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
