I successfully got the loop-AES to work encrypting my root partition. I
know want to see if I can switch to booting from the CD-ROM so that my
entire drive can be encrypted.
As I looked over the direction in the loop-AES.Readme file, there were a few
things towards the end of the instructions that confused me. I have four
questions below.
Question 1: Step 11 says to do the following:
11) Contents of /etc/lilo.conf configuration file are below. Two copies of
'/dev/loop7' on first two lines refer to temporary file backed loop
mount that is mounted on /mnt later in step 13a.
boot=/dev/loop7
disk=/dev/loop7
bios=0x00
sectors=36
heads=2
cylinders=80
geometric
compact
read-only
prompt
timeout=30
vga=normal
backup=/dev/null
install=text
map=/mnt/map
image=/mnt/vmlinuz
label=Linux
append="init=/linuxrc rootfstype=minix"
initrd=/mnt/initrd.gz
root=/dev/ram0
I am using GRUB, do I just do something like the following?
boot=/dev/loop7
disk=/dev/loop7
bios=0x00
sectors=36
heads=2
cylinders=80
geometric
compact
read-only
prompt
timeout=30
vga=normal
backup=/dev/null
install=text
map=/mnt/map
title Linux using loop-AES
root (hd0,0)
kernel /vmlinuz ro root=/dev/ram0 init=/linuxrc rootfstype=minix
initrd /initrd.gz
Question 2: In Step 12 it says:
12) Build new /boot/initrd.gz
./build-initrd.sh /boot/initrd.conf
but I noticed that not all of the configuration options that I initially
changed in build-initrd.sh are in the initrd.conf file in Step 10a. Do I
add these to that file or will it use what I have set in the buid-initrd.sh
file as defaults and only change the options that I have specifically set in
initrd.conf?
Question 3: In Step 20 it says:
20) Clean up and reboot your computer. The 'dd' command attempts to
overwrite gpg encrypted root partition key file and 'mkswap' command
restores "temporary file system on swap" /dev/hda3 back to swap usage.
dd if=/dev/zero of=/mnt/rootkey.gpg bs=64k count=1 conv=notrunc
umount /mnt
sync
mkswap /dev/hda3
sync
reboot
Am I rebooting the computer with my rescue disk again?
If so, after doing so, do I need to first mount /dev/hda3 again? The dd
command above seems to be trying to overwrite a file on a filesystem that
isn't mounted. But maybe I am missing something here?
If not, what am I rebooting the computer with? The boot CD that I just
made?
Question 4: Do I need the /dev/hda1 or /boot parition after I finish? If
so, I didn't seem to encrypt it yet so can I encrypt it in the same way that
I did for /dev/hda2, the root partition?
I hope that these questions are clear and I am sorry that my understanding
is lacking. Thanks for taking the time to help me out.
Doug
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
