Re: Crypto on root filesystem

[umsfalfb@umail.furryterror.org (Zygo Blaxell)]

In article <NBBBJHKIOKPKOGOEPEDPKELFEBAA.stuart@bh90210.net>,
IT3 Stuart Blake Tener, USNR-R <stuart@bh90210.net> wrote:
>Zygo:
>
>	I am reading your post below with regard to making the linux crypto part of
>the kernel, but I am curious how does this impact those people whom are
>using devfs=mount with their kernels?

If there was an in-kernel losetup, it would presumably use the raw device major/minor
numbers just like the existing 'root=' kernel command-line parameter.  So you'd say
something like

	append locrypt=aes lokeysize=256 loroot=0302 lodev=7 root=0707

which would be equivalent to something like:

	losetup -e aes -k 256 /dev/loop7 /dev/hda2
	mount /dev/hda2 /somewhere
	cd /somewhere
	pivot_root /somewhere /somewhere/else
	exec chroot /sbin/init

Now interestingly enough, if you use devfs to do that actual losetup
command, you get around the busy-device-inode problem that prevents you
from dropping the init RAM disk (you get around it because the busy inode
is on devfs, and devfs doesn't care about busy inodes when you umount it).

Next time my laptop crashes I will have to try this.  ;-)

-- 
Zygo Blaxell (Laptop) <zblaxell@feedme.hungrycats.org>
GPG = D13D 6651 F446 9787 600B AD1E CCF3 6F93 2823 44AD
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/