[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kernel Migration

To: linux-crypto@nl.linux.org
Subject: Re: Kernel Migration
From: Petro Verkhogliad <Petro@ncf.ca>
Date: Sun, 14 Dec 2003 08:01:45 -0500
In-reply-to: <3FDC4CD4.2080208@cern.ch>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Organization: layer::13
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <3FDC4CD4.2080208@cern.ch>
Sender: linux-crypto-bounce@nl.linux.org

On Sun, 14 Dec 2003 12:43:16 +0100
David Belohrad <david.belohrad@cern.ch> wrote:

> Hi all,
> please is there somewhere consistent talk about migration of cryptoapi 
> when changing the kernel?
> In my case:
> 
> -- I have linux kernel 'Linux localhost 2.4.21-0.13mdkcustom-dejfson #6 
> Èt dub 10 23:29:41 CEST 2003 i686 unknown unknown GNU/Linux', which is 
> mdk 2.4.21
> with added support for 'old' cryptoapi (= loop-jari + int patch).
> -- because of security I want to move to 2.4.23 kernel. The problem is, 
> that 2.4.23 already has some 'strange' version of CryptoAPI inside, so 
> if I want to add my old
> cryptoapi support, the patches are confusing the kernel.
> -- for this I've found in this mailing conference how to make it with 
> the crypto what is in kernel (adding patch 
> patch-cryptoloop-jari-2.4.22.0 to vanilla 2.4.23). This
> works without problem, but when I go to make xconfig, and I select loop 
> device and cryptoloop device (as modules), the cryptographic support is 
> then completely
> grayed, so I cannot make a selection of the cipher I have (twofish-256).
> -- if I compile the system as it is (with grayed ciphers), i compile 
> util-linux + hashalot, then when I try to mount, it says that the cipher 
> is not existing.
> ....................
> -- ok, another try: i've hacked little Config.in from crypto not to have 
> tristate buttons in cryptoapi menu, then I've selected to compile loop, 
> cryptoloop, two-fish (as module)
> -- compile -- ok, makes module of twofish
> -- insmod cryptoloop, twofish = ok
> -- compile util-linux, -- ok
> .....................
> try to mount:
> 
> sha256 | ./losetup -p0 -e twofish-256 /dev/loop0 /dev/hdb
> mount /dev/loop0 /pool
> 
> ........... incorrect fs type....
> 
> so some questions:
> 
> where I do the mistake?
> what is the difference between manual patched cryptoapi (ie it creates 
> in kernel directory /crypto, /crypto/ciphers, /crypto/cryptoloop...) and
> the cryptoapi which is already in the kernel 2.4.22?
> what is the correct migration to be able to mount the 'old' cryptoapi 
> with new kernel cryptoapi? (i have 120gb disk encrypted with twofish, so 
> i cannot simply make
> a new partition and copy there all the data to be able to make new 
> cryptoapi partition)
> is there any document to read about all the 'loop' and other patches?? 
> there is a lot of patches, which do different things...
> 
> thanks for answers
> david belohrad
> 
> -------------------------------------------
> David Belohrad, Div. PS/Beam Diagnostics
> C.E.R.N. Site de Meyrin, CH 1211 Geneva 23
> http://www.cern.ch
> David.Belohrad@cern.ch
> Tel +41.22.76.76318  Fax +41.22.76.78200
> GSM +41.79.73.50937
> -------------------------------------------
> 

I have found this guide to be quite helpful. Perhaps it will help answer some of your questions. There are a bunch of links there as well. If the guide doesn't help, perhaps the links will. :)

http://forums.gentoo.org/viewtopic.php?t=108162&highlight=encrypt+root

Petro
--

PGP signature

References:
- Kernel Migration
  - From: David Belohrad <david.belohrad@cern.ch>

Prev by Date: Kernel Migration
Next by Date: Re: Pb deciphering after 2.4.21 -> 2.4.23 upgrade
Prev by thread: Kernel Migration
Next by thread: Re: Kernel Migration
Index(es):
- Date
- Thread