Hi Michael! The mail that Venkat mentioned is an answer from Jari to my question on how to encrypt full systems. Since that time I use neither a master boot record nor a partition table on disk. So this is exactly what you asked for. loop-aes also works with USB-devices for booting as described in the last example of the readme. I didn't set up RAID configurations so let me know about your experiences in this field. Regards, Peter > --- Ursprüngliche Nachricht --- > Von: "Michael Garibaldi" <michaelgari@xxxxxxxxx> > An: "Venkat Manakkal" <venkat@xxxxxxxxxxxxxx> > Kopie: linux-crypto@xxxxxxxxxxxx > Betreff: Re: Stealth crypto > Datum: Sun, 16 Apr 2006 03:30:03 +0300 > > > > > for encrypted root. That can be extended for the entire disk if you boot > > from > > CDROM or USB using the entire disk /dev/sda for instance. > > > > This is not very useful, as I'll end up with a bunch of /dev/loop* devices > then. Those devices would have partition tables in them, and in > particular, > they contain RAID arrays (partition type RAID autodetect). It is difficult > to keep track of which HDD is which, but if the kernel can autodetect > that, > it'll be a lot easier. That is why I want the kernel to read them as HDDs, > rather than just provide me some block devices. > > The above is only my solution to the problem. There probably are others > (that still do things automatically!), but this was the first thing that I > thought about. > > Example: > > 1. Setup cryptoloops > /dev/sda = /dev/loop0 > /dev/sdb = /dev/loop1 > /dev/sdc = /dev/loop2 > 2. Let the kernel detect them as HDDs > /dev/loop0 = HDD => kernel detects partitions > /dev/loop0-partition1 = RAID-5 md0 disk 2 > /dev/loop0-partition2 = RAID-1 md1 disk 0 > /dev/loop1 = HDD => kernel detects partitions > /dev/loop1-partition1 = RAID-1 md1 disk 1 > /dev/loop1-partition2 = RAID-5 md0 disk 1 > /dev/loop2-partition2 = RAID-5 md0 disk 0 > 3. The kernel found RAID partitions, so it automatically assembles them: > /dev/md0 = my RAID-5 > /dev/md1 = my RAID-1 > 4. I can easily mount /dev/md1 as root, etc. > > If the kernel cannot detect them that way, I have serious trouble trying > to > figure out where exactly is each partition, which array it belongs to, > etc. > -- Analog-/ISDN-Nutzer sparen mit GMX SmartSurfer bis zu 70%! Kostenlos downloaden: http://www.gmx.net/de/go/smartsurfer - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
