Gabriel Jägenstedt wrote: > I've been spending several hours looking at ways to encrypt my computer. > I've read the Disc Encryption HOWTO and loop-aes readme but can't find > any information about how to partition up a loopback device with > partitions larger than 2GB. I have understood this should be easier with > kernel 2.6 but don't know anything more about it. loop-AES has supported 64 bit device offsets and sizelimits since November 29 2003. No 2GB limit on 2.4 or 2.6 kernels. > Are there any comprehensive guides on partitioning a to be encrypted > loopback device (device backed)? Or does anyone have any other tips? > > For the record all I really want is a disc that is 100% totally > encrypted no partition tables showing or anything. You can use unpartitioned device /dev/hda and set up loop devices using offset and sizelimit. If 'sfdisk -l -uS /dev/hda' says: Units = sectors of 512 bytes, counting from 0 Device Boot Start End #sectors Id System /dev/hda1 * 63 48194 48132 83 Linux /dev/hda2 48195 11245499 11197305 83 Linux /dev/hda3 11245500 12273659 1028160 82 Linux swap And if you were to set up above three partitions as encrypted loop devices, then you could issue these losetup commands: losetup -e AES128 -K foo1.gpg -o @32256 -s 24643584 /dev/loop1 /dev/hda losetup -e AES128 -K foo2.gpg -o @24675840 -s 5733020160 /dev/loop2 /dev/hda losetup -e AES128 -K foo3.gpg -o @5757696000 -s 526417920 /dev/loop3 /dev/hda Offset and sizelimit need to be specied in bytes. Offset is partition start * 512, and sizelimit is #sectors * 512. The @ character in front of offset is needed to remove the offset from IV computations. For encrypted root, you can specify -o and -s losetup options to build-initrd.sh script if you redefine the meaning of PSEED option. Like this: CRYPTROOT=/dev/hda PSEED="-o @32256 -s 24643584" Normal file system mounts can use offset= and sizelimit= mount options in /etc/fstab file. Mount program understands them, but swapon program does not. So, for partition-table-less encrypted swap you must use losetup program with -o and -s options. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
