On Sun, 14 Dec 2003 12:43:16 +0100 David Belohrad <david.belohrad@xxxxxxx> wrote: > Hi all, > please is there somewhere consistent talk about migration of cryptoapi > when changing the kernel? > In my case: > > -- I have linux kernel 'Linux localhost 2.4.21-0.13mdkcustom-dejfson #6 > Èt dub 10 23:29:41 CEST 2003 i686 unknown unknown GNU/Linux', which is > mdk 2.4.21 > with added support for 'old' cryptoapi (= loop-jari + int patch). > -- because of security I want to move to 2.4.23 kernel. The problem is, > that 2.4.23 already has some 'strange' version of CryptoAPI inside, so > if I want to add my old > cryptoapi support, the patches are confusing the kernel. > -- for this I've found in this mailing conference how to make it with > the crypto what is in kernel (adding patch > patch-cryptoloop-jari-2.4.22.0 to vanilla 2.4.23). This > works without problem, but when I go to make xconfig, and I select loop > device and cryptoloop device (as modules), the cryptographic support is > then completely > grayed, so I cannot make a selection of the cipher I have (twofish-256). > -- if I compile the system as it is (with grayed ciphers), i compile > util-linux + hashalot, then when I try to mount, it says that the cipher > is not existing. > .................... > -- ok, another try: i've hacked little Config.in from crypto not to have > tristate buttons in cryptoapi menu, then I've selected to compile loop, > cryptoloop, two-fish (as module) > -- compile -- ok, makes module of twofish > -- insmod cryptoloop, twofish = ok > -- compile util-linux, -- ok > ..................... > try to mount: > > sha256 | ./losetup -p0 -e twofish-256 /dev/loop0 /dev/hdb > mount /dev/loop0 /pool > > ........... incorrect fs type.... > > so some questions: > > where I do the mistake? > what is the difference between manual patched cryptoapi (ie it creates > in kernel directory /crypto, /crypto/ciphers, /crypto/cryptoloop...) and > the cryptoapi which is already in the kernel 2.4.22? > what is the correct migration to be able to mount the 'old' cryptoapi > with new kernel cryptoapi? (i have 120gb disk encrypted with twofish, so > i cannot simply make > a new partition and copy there all the data to be able to make new > cryptoapi partition) > is there any document to read about all the 'loop' and other patches?? > there is a lot of patches, which do different things... > > thanks for answers > david belohrad > > ------------------------------------------- > David Belohrad, Div. PS/Beam Diagnostics > C.E.R.N. Site de Meyrin, CH 1211 Geneva 23 > http://www.cern.ch > David.Belohrad@xxxxxxx > Tel +41.22.76.76318 Fax +41.22.76.78200 > GSM +41.79.73.50937 > ------------------------------------------- > I have found this guide to be quite helpful. Perhaps it will help answer some of your questions. There are a bunch of links there as well. If the guide doesn't help, perhaps the links will. :) http://forums.gentoo.org/viewtopic.php?t=108162&highlight=encrypt+root Petro --
Attachment:
pgp00099.pgp
Description: PGP signature
