Re: loop-aes on Fedora Core 4?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jari Ruusu wrote:

I tried encrypted root on FC4. Worked ok for me.
>
One problem I encountered was that Fedora installer adds some silly mount
options to /etc/fstab file. Normal mount program does not understand them
and tries to pass those mount "options" to the kernel file system code. File
system code does not like them either, so it aborts the mount.

Did you use a clean copy of util-linux, or the patched version provided by FC4? From your above comments, I'm guessing you used a clean copy...

I applied the patch provided in the loop-AES tarball to the FC4 SRPM. I had to comment out the NFSv4 patches included in the FC4 SRPM in order to get it to apply, though. Also, the patch provided by loop-AES-3.0d is for util-linux-2.12q, while Fedora includes util-linux-2.12p.

Does "make tests" work on the loop-AES source directory? If there are
problems with key setup or such, that test script should report problem.

It does. I thought of that after I sent the email and tried it, and all tests passed successfully.

Looks like random junk == bad key setup.

To the best of my knowledge, it is the same key -- the timestamp hasn't changed. I suppose it may have been corrupted though, I will compare it with my backup copy.

What does "losetup /dev/loop3" say? It should say "multi-key-v2"

$ /sbin/losetup /dev/loop3
/dev/loop3: [000e]:748 (/dev/hdb4) encryption=AES128 multi-key-v2

What does "strings -a /sbin/losetup | grep multi-key" say?

$ strings -a /sbin/losetup | grep multi-key
multi-key-v3
multi-key-v2

After I verify the key hasn't been corrupted, I think I'll try a few more software combinations (e.g. clean version of mount as explained in documentation), unless you have any better suggestions.

If the encrypted partition header was corrupted, I would expect I'd still see something of value from /dev/loop3, but running strings on it gives me nothing recognizable. I'm hoping it's just a software issue with multi-key, since single key encryption seems to be working fine. If worse comes to worse, I'll wipe the system drive and set my old FC3 install back up.

Thanks,
Bill

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux