Re: Trying to set up root encryption with loop-AES on SuSE 9.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Christian wrote:
> However, I'm worried about your saying "Do *not* install all the
> utilities in the util-linux package without thinking. You may ruin your
> system if you do that. Read the INSTALL file provided with util-linux
> tarball.". Am I safe if I only performed the comments below your saying
> "These commands, as root user, will recompile and install mount, umount,
> losetup, swapon, swapoff and their man pages:"?

Yes.

> >>And how do I verify for sure which kernel has been loaded? (I'm asking
> >>this beause even after choosing my new compiled kernel at the grub boot
> >>menu, the last line before login says that the default kernel was loaded
> >>- if this is a bug, how do I fix it?)
> > Run command:
> >     uname -a
> 
> It's strange: My only self-compiled kernel is named
> vmlinuz-2.6.5-7.95-default-neo1 (compiled on 00:58 CET Jul 27 2004) and
> I can boot it, but uname -a keeps saying that I'm runnung
> vmlinuz-2.6.5-7.95-default 00:58 CET Jul 27 2004.

uname -a version comes from version strings that were set in top level
kernel Makefile, but on SUSE kernels you can change those strings by
changing CONFIG_RELEASE CONFIG_CFGNAME entries in kernel config.

Those entries need to be changed so that every kernel compiled has unique
version that does not conflict with any other kernel on same computer.

> If I try to load loop.ko from /lib/modules/2.6.5-7.95-default/block, it
> fails. After renaming loop.ko to loop.tmp and copying loop.ko from
> /lib/modules/2.6.5-7.95-default-neo1/block, loading and "make tests"
> works!!!

Looks like more than one kernel was compiled using same version string
2.6.5-7.95-default. Thus the confusion and incompatibility.

The fix is to recompile and boot new kernel using but using different
CONFIG_RELEASE CONFIG_CFGNAME strings.

> Some days ago you wrote:
>  > loop-AES is also vulnerable to attacker modifying ciphertext
> 
> So if someone modifies data on the crypted harddrive while I'm e.g.
> sleeping (but without modifying my boot USB stick or CD-R), he could
> decipher my data if he steals the laptop later?

He can't decipher data after stealing your laptop, but ciphertext
modifications can cause somewhat predictable changes to plaintext data.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux