Tsai, Hong-Bin <hbtsai@xxxxxxxxx> wrote: > > I'd like to modify the kernel to load a encrypted initrd. While > loading the initial ramdisk, kernel reads secret key from somewhere > else and decrypts initrd, and then continues the boot process. > However, I met a problem. > > Since there are crypto libraries reside in kernel, I believe that's > the best resource for me to implement this mechanism. At first I > followed the interfaces found in crypto/api.c, but found it is loads > crypto-algorithms from modules. Even after I configured an algo as > build-in module (say, aes), I always failed at its initialization > stage. (crypto_alloc_blkcipher returns error) > > Please give me suggestions. Am I on a right course? Have a look at dm-crypt. It's best if you just load a normal but minimal initrd which then can use dm-crypt to load a larger and encrypted file system (it could even be a loop back mount of a file in the initial initrd). Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
