Hi folks,
After some searching and much reading in the documentation of which a part
is old (2.4 kernel), I eventually succeeded to configure (part of) my hard
disk so it's encrypted.
I'd like to share the way I did it in a gentoo-disk-encryption HOWTO, which
didn't seem to be available at the gentoo-site last time I was looking for
it. In other words, I want to contribute to the gentoo-community, but I
don't know how I should do it. I'll add some technical details about my
crypto-config below, just in case you're curious.
Now, my question is, what should I do next in order to get my HOWTO at the
gentoo site
except reading the "Documentation Development Tips & Tricks"?
Thank you in advance,
Hans Kwint
_________________________________________________________________
Some info on what I did:
I made an encrypted tmp device, in /dev/mapper/tmp-crypt, which I can mount
at /tmp.
This device was made on the 'physically' /dev/vg/tmp device, which isn't an
acutal device, just the devmapper-device lvm uses :) (Yes, I put encryption
on top of LVM2).
________________________________________________________________
Some info on how I did it:
My system is an ~x86, athlon XP, an stage1 install (If stage is important, I
assume not)
I run kernel 2.6.8-gentoo-r3 (gentoo-dev-sources-2.6.8-r3)
I compilde dm-mod in the kernel (also use it for lvm)
I used the kernel modules dm-crypt and aes-i586
I changed /etc/halt,sh and /etc/init.d/checkfs
I used the packages (ebuilsd) wipe-2.2.0, to wipe the device first, and I
used cryptsetup, which is a sript that uses dmsetup I believe.
Some notes:
1) I'd like to write a rather generic HOWTO whith this configuration as an
example, also covering how to setup disk-encryption on top of a LVM-system,
and preferably also covering how to do it on top of software RAID, but I
haven't implemented the RAID-thing at the moment (should by some new
harddisks first).
2) I'm also thinking about making a script like /etc/conf.d/localmount which
reads a new etc file /etc/crypttab, which is going to be something like
/etc/fstab, only difference is that /etc/crypttab should be read first (hard
disk encryption should be supported before the mapped volumes can be
mounted).
3) In order to get things mentioned in point 2 done in a proper way, I feel
some Init-stuff should be changed (relocated) too. Things should get more
consequent. For example, lvm is now loaded by /etc/conf.d/checkfs and
unloaded by /etc/conf.d/halt.sh. Runscript can start and stop things, so why
not make an /etc/conf.d/lvm file for it? I already tested the thing which
worked quite well, except for the dependency-bug, and I think I already
located that bug as being in /sbin/rc. To be exactly, the problem was, if I
said checkfs depended on lvm, it was run TWICE, first checkfs and localmount
were run after the modules, which failed because lvm and devcrypt weren't
loaded, although checkfs contained lvm and devcrypt in the dependency-use
list (? I consider this as a bug. I think it has something to do with the
critical things mentioned in /sbin/rc, which mentions checkfs and localmount
as being critical, so I think it wants to run it before going further or
something. rc shouldn't be bothered by this process in my opinion), and
after that, lvm and cryptdev were loaded, and checkfs and localmount were
run again, but at that time my whole screen were full of errors already, and
other things went wrong as well.
Curious what you want me to do with it!
Last, but not least, my sources;
1)The Disk-encryption-HOWOT, at
"http://tldp.org/HOWTO/Disk-Encryption-HOWTO/index.html". This is about the
2.4 kernel!
2) The dm-crypt howto by cristhophe saout at
"http://www.saout.de/misc/dm-crypt/", most usefull
3) The output of "cryptsetup --help", "dmsetup --help" and "wipe --help"
4) man wipe (first part a bit technical though)
*************************************************
A nuclear war can ruin your whole day
*************************************************
_________________________________________________________________
Nieuw: Hotmail Medium, Large, Extra Large en Extra Extra Large
http://join.msn.com/?pgmarket=nl-nl&page=hotmail/es2
--
gentoo-doc@gentoo.org mailing list
After some searching and much reading in the documentation of which a part
is old (2.4 kernel), I eventually succeeded to configure (part of) my hard
disk so it's encrypted.
I'd like to share the way I did it in a gentoo-disk-encryption HOWTO, which
didn't seem to be available at the gentoo-site last time I was looking for
it. In other words, I want to contribute to the gentoo-community, but I
don't know how I should do it. I'll add some technical details about my
crypto-config below, just in case you're curious.
Now, my question is, what should I do next in order to get my HOWTO at the
gentoo site
except reading the "Documentation Development Tips & Tricks"?
Thank you in advance,
Hans Kwint
_________________________________________________________________
Some info on what I did:
I made an encrypted tmp device, in /dev/mapper/tmp-crypt, which I can mount
at /tmp.
This device was made on the 'physically' /dev/vg/tmp device, which isn't an
acutal device, just the devmapper-device lvm uses :) (Yes, I put encryption
on top of LVM2).
________________________________________________________________
Some info on how I did it:
My system is an ~x86, athlon XP, an stage1 install (If stage is important, I
assume not)
I run kernel 2.6.8-gentoo-r3 (gentoo-dev-sources-2.6.8-r3)
I compilde dm-mod in the kernel (also use it for lvm)
I used the kernel modules dm-crypt and aes-i586
I changed /etc/halt,sh and /etc/init.d/checkfs
I used the packages (ebuilsd) wipe-2.2.0, to wipe the device first, and I
used cryptsetup, which is a sript that uses dmsetup I believe.
Some notes:
1) I'd like to write a rather generic HOWTO whith this configuration as an
example, also covering how to setup disk-encryption on top of a LVM-system,
and preferably also covering how to do it on top of software RAID, but I
haven't implemented the RAID-thing at the moment (should by some new
harddisks first).
2) I'm also thinking about making a script like /etc/conf.d/localmount which
reads a new etc file /etc/crypttab, which is going to be something like
/etc/fstab, only difference is that /etc/crypttab should be read first (hard
disk encryption should be supported before the mapped volumes can be
mounted).
3) In order to get things mentioned in point 2 done in a proper way, I feel
some Init-stuff should be changed (relocated) too. Things should get more
consequent. For example, lvm is now loaded by /etc/conf.d/checkfs and
unloaded by /etc/conf.d/halt.sh. Runscript can start and stop things, so why
not make an /etc/conf.d/lvm file for it? I already tested the thing which
worked quite well, except for the dependency-bug, and I think I already
located that bug as being in /sbin/rc. To be exactly, the problem was, if I
said checkfs depended on lvm, it was run TWICE, first checkfs and localmount
were run after the modules, which failed because lvm and devcrypt weren't
loaded, although checkfs contained lvm and devcrypt in the dependency-use
list (? I consider this as a bug. I think it has something to do with the
critical things mentioned in /sbin/rc, which mentions checkfs and localmount
as being critical, so I think it wants to run it before going further or
something. rc shouldn't be bothered by this process in my opinion), and
after that, lvm and cryptdev were loaded, and checkfs and localmount were
run again, but at that time my whole screen were full of errors already, and
other things went wrong as well.
Curious what you want me to do with it!
Last, but not least, my sources;
1)The Disk-encryption-HOWOT, at
"http://tldp.org/HOWTO/Disk-Encryption-HOWTO/index.html". This is about the
2.4 kernel!
2) The dm-crypt howto by cristhophe saout at
"http://www.saout.de/misc/dm-crypt/", most usefull
3) The output of "cryptsetup --help", "dmsetup --help" and "wipe --help"
4) man wipe (first part a bit technical though)
*************************************************
A nuclear war can ruin your whole day
*************************************************
_________________________________________________________________
Nieuw: Hotmail Medium, Large, Extra Large en Extra Extra Large
http://join.msn.com/?pgmarket=nl-nl&page=hotmail/es2
--
gentoo-doc@gentoo.org mailing list