Hi markus, On Sat, Jun 09, 2007 at 04:32:18PM +0200, markus reichelt wrote: > * Max Vozeler <max@xxxxxxxxxxxx> wrote: > > > It seems to me like building kernels during installation could > > prove rather complex and might be error prone. Fortunately, for > > loop-AES this is not required. Most distribution kernels include > > the standard kernel loop driver as module so that it can be > > "overridden" by the loop-AES version without recompile of the > > kernel. > > Hmm, I thought the recompile was needed (strictly following the > readme). Are you sure? ;-) Yes, that's fine (to the best of my knowledge). The loop driver is very self-contained: In the mainline kernel there is no other user of loop.h or symbols exported from the loop driver apart from the cryptoloop driver. cryptoloop might break if used with loop-AES, but apart from that, I don't think there is any problem replacing the loop module with loop-AES. In practice one must be careful to ensure the correct module being loaded, be it by overwriting/diverting the original module or by installing into /lib/modules/$KERNEL/updates for 2.6 kernels. I think that this is the reason Jari explicitly mentions having to have CONFIG_BLOCK_DEV_LOOP=n in the documentation. Jari, please correct me if that's wrong. The Debian loop-AES packages have been replacing the module in this way for quite some time now with no problems that I know of. I don't see why it wouldn't work or why it would be unsafe. That said, if there _are_ any problems I'm not seeing/considering, I would appreciate if someone could swing a clue bat my way ;-) cheers, Max - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
