[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kernel Migration

To: linux-crypto@nl.linux.org
Subject: Re: Kernel Migration
From: David Belohrad <david.belohrad@cern.ch>
Date: Sun, 14 Dec 2003 20:32:50 +0100
In-Reply-To: <3FDC4CD4.2080208@cern.ch>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <3FDC4CD4.2080208@cern.ch>
Sender: linux-crypto-bounce@nl.linux.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.5) Gecko/20031007

Okay, perhaps I did not clarify exactly what i would like to have. 
Thanks to the people who already replied, it helped somehow. But please, 
I have big mess
in what I know. Could someone tell me:

- I have 2 cryptoapi systems

       -- first system: kernel 2.4.21, with loop-jari,  patch-int-2.4.21 
compiled in. I've compiled utils-linux 2.11x with patch for cryptoapi.
       -- if I want to mount the crypted partition, I have to:

                                                /sbin/insmod cryptoapi
                                                /sbin/insmod cryptoloop
                                                /sbin/insmod cipher-twofish

                                                /sbin/losetup -e twofish 
-k 256 /dev/loop0 /dev/hdb
                                                /bin/mount /dev/loop0 /pool
                                                    .... grrgrrgrrrr.... 
partition mounted on pool, OK, everything is perfect


      -- situation two:
             -- i want - because of security problems - install 2.4.23 
kernel
             -- tar zxvf kernel....2.4.23
             -- install cryptoloop patch: patch -sp1 < 
patch-cryptoloop-jari-2.4.22.0 (works well even for 2.4.23)
             -- small hack of crypto/Config.in due to tristate buttons 
(merci Florent)
             -- then I select loop=y, cryptoloop=y, from block devices
             -- from cryptographics, which now works due to new 
config.in: sha256 = y, twofish=y
             -- make dep; make modules; make modules_install; make 
bzInstall; make install
             -- kernel is installed, works perfectly
             -- compilation of utils-linux 2.12 WITH losetup-combined.patch
             -- I have new losetup compiled, everything OK
             -- compilation of hashalot + install -> ok
             -----------------
             -- now I need to mount the same damn disk:
             -- sha256 | ./losetup -p0 -e twofish-256 /dev/loop0 /dev/hdb
             -- ./mount /dev/loop0 /pool

----------------- ERROR: unknown filesystem, you must specify 
filesystem.....

          question: what's wrong? are the two systems compatible??

thanks a lot
david




David Belohrad napsal(a):

> Hi all,
> please is there somewhere consistent talk about migration of cryptoapi 
> when changing the kernel?
> In my case:
>
> -- I have linux kernel 'Linux localhost 2.4.21-0.13mdkcustom-dejfson 
> #6 Čt dub 10 23:29:41 CEST 2003 i686 unknown unknown GNU/Linux', which 
> is mdk 2.4.21
> with added support for 'old' cryptoapi (= loop-jari + int patch).
> -- because of security I want to move to 2.4.23 kernel. The problem 
> is, that 2.4.23 already has some 'strange' version of CryptoAPI 
> inside, so if I want to add my old
> cryptoapi support, the patches are confusing the kernel.
> -- for this I've found in this mailing conference how to make it with 
> the crypto what is in kernel (adding patch 
> patch-cryptoloop-jari-2.4.22.0 to vanilla 2.4.23). This
> works without problem, but when I go to make xconfig, and I select 
> loop device and cryptoloop device (as modules), the cryptographic 
> support is then completely
> grayed, so I cannot make a selection of the cipher I have (twofish-256).
> -- if I compile the system as it is (with grayed ciphers), i compile 
> util-linux + hashalot, then when I try to mount, it says that the 
> cipher is not existing.
> ....................
> -- ok, another try: i've hacked little Config.in from crypto not to 
> have tristate buttons in cryptoapi menu, then I've selected to compile 
> loop, cryptoloop, two-fish (as module)
> -- compile -- ok, makes module of twofish
> -- insmod cryptoloop, twofish = ok
> -- compile util-linux, -- ok
> .....................
> try to mount:
>
> sha256 | ./losetup -p0 -e twofish-256 /dev/loop0 /dev/hdb
> mount /dev/loop0 /pool
>
> ........... incorrect fs type....
>
> so some questions:
>
> where I do the mistake?
> what is the difference between manual patched cryptoapi (ie it creates 
> in kernel directory /crypto, /crypto/ciphers, /crypto/cryptoloop...) and
> the cryptoapi which is already in the kernel 2.4.22?
> what is the correct migration to be able to mount the 'old' cryptoapi 
> with new kernel cryptoapi? (i have 120gb disk encrypted with twofish, 
> so i cannot simply make
> a new partition and copy there all the data to be able to make new 
> cryptoapi partition)
> is there any document to read about all the 'loop' and other patches?? 
> there is a lot of patches, which do different things...
>
> thanks for answers
> david belohrad
>
> -------------------------------------------
> David Belohrad, Div. PS/Beam Diagnostics
> C.E.R.N. Site de Meyrin, CH 1211 Geneva 23
> http://www.cern.ch
> David.Belohrad@cern.ch
> Tel +41.22.76.76318  Fax +41.22.76.78200
> GSM +41.79.73.50937
> -------------------------------------------
>
>
>
>
> -
> Linux-crypto:  cryptography in and on the Linux system
> Archive:       http://mail.nl.linux.org/linux-crypto/
>
>


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Kernel Migration
  - From: David Belohrad <david.belohrad@cern.ch>

Prev by Date: Re: Pb deciphering after 2.4.21 -> 2.4.23 upgrade
Next by Date: Re: Kernel Migration
Prev by thread: Re: Kernel Migration
Next by thread: Re: Kernel Migration
Index(es):
- Date
- Thread