[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trying to set up root encryption with loop-AES on SuSE 9.1

There also is a README.loop-AES-v2.0f.SuSE file saying that "to enhance
the feature of mount, umount, losetup, swapon and swapoff we have
included the patch to util-linux-2.12 from Jari Ruusu's loop-AES
package". Does that mean that I don't have to patch anything?
> 
If losetup man page says it supports -K option, and that -K option
description mentions multi-key mode, then your util-linux is most likely
already patched with loop-AES' multi-key support, and you can use
it without patching.

No, it didn't mention multi-key mode. But after following "4. Instructions for building new mount, umount, losetup, swapon and swapoff" it does.

However, I'm worried about your saying "Do *not* install all the utilities in the util-linux package without thinking. You may ruin your system if you do that. Read the INSTALL file provided with util-linux tarball.". Am I safe if I only performed the comments below your saying "These commands, as root user, will recompile and install mount, umount,
losetup, swapon, swapoff and their man pages:"? I'm still a Linux newbie, just wanting to easily setup root encryption to get rid of Windows + Compusec (free closed source root encryption for Windows) :-)

BTW, does someone understand why no flavor of UNIX I'm aware of and no Linux distribution offers integrated root encryption?

Also, after the make command I cannot find any loop.o or loop.ko file.
That is strange. Please post output of "ls -l" of loop-AES build directory.

In your howto, sometimes you don't mention where to execute a command. It may be obvious for people with more Linux experience, but it wasn't for me. loop.ko does exist now.

And how do I verify for sure which kernel has been loaded? (I'm asking
this beause even after choosing my new compiled kernel at the grub boot
menu, the last line before login says that the default kernel was loaded
- if this is a bug, how do I fix it?)

Run command:
    uname -a

It's strange: My only self-compiled kernel is named vmlinuz-2.6.5-7.95-default-neo1 (compiled on 00:58 CET Jul 27 2004) and I can boot it, but uname -a keeps saying that I'm runnung vmlinuz-2.6.5-7.95-default 00:58 CET Jul 27 2004.

If I try to load loop.ko from /lib/modules/2.6.5-7.95-default/block, it fails. After renaming loop.ko to loop.tmp and copying loop.ko from /lib/modules/2.6.5-7.95-default-neo1/block, loading and "make tests" works!!!

P.S. Does a patched gnupg make sense even if my passphrase is composed
of over 20 quite alleatory characters?
Yes, patched gpg is better.

If someone uses a non-patched gpg, would this represent one of the weakest known elements for an attacks? Which ones would be the other ones?

Some days ago you wrote:
> loop-AES is also vulnerable to attacker modifying ciphertext

So if someone modifies data on the crypted harddrive while I'm e.g. sleeping (but without modifying my boot USB stick or CD-R), he could decipher my data if he steals the laptop later?

Many thanks,

Christian


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/