Hi Peter, Peter_22@xxxxxx wrote: > Max Vozeler wrote: > > Peter_22 wrote: > > > No, we are far from a distro that asks for a memory stick to save > > > your root gpg files on it. Very far. > > > > What makes you think so? > > What makes me so pessimistic about full disk encryption beginning with > the installation? Well, first the fact that I had to struggle with > every single SuSE distro since I started with 8.1. Two hours ago I had > a (deeper) look at Kubuntu 7.04 amd64 regarding its loop-aes > capabilities. It was embarrassing. I found your name several times > when people asked where they may get the appropriate packages to build > the loop module. Yes, unfortunately the packages in Ubuntu are not in a good state. I can only give an "outsiders" view of why that is: The loop-AES packages live in the "universe"-component of Ubuntu which is community maintained and usually imported from Debian unstable at some point during development of an Ubuntu release. From my perspective as Debian maintainer, this point is fairly arbitrary. I usually learn about the versions imported from Debian as soon as someone notices a problem with the version included in an Ubuntu release. It has happened that a comparably minor bug (but one that affected usability of the package strongly) was included in an Ubuntu release, although it was documented in the Debian bugtracking system and already fixed by a newer version. So what seems to me is missing is a dedicated maintainer who actually uses loop-AES and checks for bugs, usability and does general QA of the Ubuntu versions of the loop-AES packages before they get released. > As of today: > - ubuntu lacks loop-aes (feisty) > - debian (!) packages have to be used as interim solution to get it working somehow > - the ubuntu 7.04 DVD starts a live system where rmmod loop fails > - not even a successful build of the loop.ko can be verified from within the live system > To avoid misunderstandings, I appreciate your engagement in debian and > ubuntu! My words are not criticism but ubuntu isn´t much closer to > loop-aes than SuSE. Even if you didn't mean to criticise, I think construtive criticism can be very important. :-) To improve the state of loop-AES in Ubuntu it would be useful to provide feedback (bug reports, etc.) to the MOTU Team, who AFAIK take care of packages in the "universe" component. I'm not actually involved in Ubuntu development, but if I can help someone adapt the Debian packages to Ubuntu and fix problems, share experience, etc, I would be happy to help. I just cannot really take care as maintainer for another distribution. > With regard to FULL disk encryption I have serious doubts if the > majority of debian/ubuntu users want such deep interventions in the > kernel configuration. Up to now I always had to build a special kernel > to include vfat, usb, serial ata, native language support and the > like. In fact, it should not be necessary to build your own kernel. Everything that's required is already available as modules, which can be loaded during boot by the initramfs early userspace. Only scripts are required to integrate with initramfs-tools or comparable mechanisms of other distributions. A version of such scripts for Debian is already written and pending upload to Debian unstable. The scripts make it so that almost no changes (besides config) are required to get a system to boot from loop-AES encrypted root. (And they are the last step for adding support of loop-AES encrypted root to the Debian installer) PS: I'm sorry for the very late reply.. :-( I seem to have forgotten about this thread. cheers, Max - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
