Thanks for your help.. Could I just ask why you gave different keys for each device? Oh and why is the first partition starting at sector 63? On Fri, 01 Apr 2005 16:36:52 +0300 Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> wrote: > Gabriel Jägenstedt wrote: > > I've been spending several hours looking at ways to encrypt my > > computer. I've read the Disc Encryption HOWTO and loop-aes readme > > but can't find any information about how to partition up a loopback > > device with partitions larger than 2GB. I have understood this > > should be easier with kernel 2.6 but don't know anything more about > > it. > > loop-AES has supported 64 bit device offsets and sizelimits since > November 29 2003. No 2GB limit on 2.4 or 2.6 kernels. > > > Are there any comprehensive guides on partitioning a to be encrypted > > loopback device (device backed)? Or does anyone have any other tips? > > > > For the record all I really want is a disc that is 100% totally > > encrypted no partition tables showing or anything. > > You can use unpartitioned device /dev/hda and set up loop devices > using offset and sizelimit. If 'sfdisk -l -uS /dev/hda' says: > > Units = sectors of 512 bytes, counting from 0 > Device Boot Start End #sectors Id System > /dev/hda1 * 63 48194 48132 83 Linux > /dev/hda2 48195 11245499 11197305 83 Linux > /dev/hda3 11245500 12273659 1028160 82 Linux swap > > And if you were to set up above three partitions as encrypted loop > devices, then you could issue these losetup commands: > > losetup -e AES128 -K foo1.gpg -o @32256 -s 24643584 /dev/loop1 > /dev/hda losetup -e AES128 -K foo2.gpg -o @24675840 -s 5733020160 > /dev/loop2 /dev/hda losetup -e AES128 -K foo3.gpg -o @5757696000 -s > 526417920 /dev/loop3 /dev/hda > > Offset and sizelimit need to be specied in bytes. Offset is partition > start * 512, and sizelimit is #sectors * 512. The @ character in front > of offset is needed to remove the offset from IV computations. > > For encrypted root, you can specify -o and -s losetup options to > build-initrd.sh script if you redefine the meaning of PSEED option. > Like this: > > CRYPTROOT=/dev/hda > PSEED="-o @32256 -s 24643584" > > Normal file system mounts can use offset= and sizelimit= mount options > in /etc/fstab file. Mount program understands them, but swapon program > does not. So, for partition-table-less encrypted swap you must use > losetup program with -o and -s options. > > -- > Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E > A9 DD > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ > --- //gabriel - a true believer - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
