[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stealth crypto

To: "Michael Garibaldi" <michaelgari@xxxxxxxxx>
Subject: Re: Stealth crypto
From: Peter_22@xxxxxx
Date: Mon, 17 Apr 2006 21:39:14 +0200 (MEST)
Cc: venkat@xxxxxxxxxxxxxx,linux-crypto@xxxxxxxxxxxx
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <b224d3290604151730k2b23e5e0j19f3050cd51e48d3@mail.gmail.com>
Sender: linux-crypto-bounce@xxxxxxxxxxxx

Hi Michael!

The mail that Venkat mentioned is an answer from Jari to my question on how
to encrypt full systems.
Since that time I use neither a master boot record nor a partition table on
disk. So this is exactly what you asked for. loop-aes also works with
USB-devices for booting as described in the last example  of the readme.
I didn't set up RAID configurations so let me know about your experiences in
this field.

Regards,
Peter


> --- Ursprüngliche Nachricht ---
> Von: "Michael Garibaldi" <michaelgari@xxxxxxxxx>
> An: "Venkat Manakkal" <venkat@xxxxxxxxxxxxxx>
> Kopie: linux-crypto@xxxxxxxxxxxx
> Betreff: Re: Stealth crypto
> Datum: Sun, 16 Apr 2006 03:30:03 +0300
> 
> >
> > for encrypted root. That can be extended for the entire disk if you boot
> > from
> > CDROM or USB using the entire disk /dev/sda for instance.
> >
> 
> This is not very useful, as I'll end up with a bunch of /dev/loop* devices
> then. Those devices would have partition tables in them, and in
> particular,
> they contain RAID arrays (partition type RAID autodetect). It is difficult
> to keep track of which HDD is which, but if the kernel can autodetect
> that,
> it'll be a lot easier. That is why I want the kernel to read them as HDDs,
> rather than just provide me some block devices.
> 
> The above is only my solution to the problem. There probably are others
> (that still do things automatically!), but this was the first thing that I
> thought about.
> 
> Example:
> 
> 1. Setup cryptoloops
> /dev/sda = /dev/loop0
> /dev/sdb = /dev/loop1
> /dev/sdc = /dev/loop2
> 2. Let the kernel detect them as HDDs
> /dev/loop0 = HDD => kernel detects partitions
> /dev/loop0-partition1 = RAID-5 md0 disk 2
> /dev/loop0-partition2 = RAID-1 md1 disk 0
> /dev/loop1 = HDD => kernel detects partitions
> /dev/loop1-partition1 = RAID-1 md1 disk 1
> /dev/loop1-partition2 = RAID-5 md0 disk 1
> /dev/loop2-partition2 = RAID-5 md0 disk 0
> 3. The kernel found RAID partitions, so it automatically assembles them:
> /dev/md0 = my RAID-5
> /dev/md1 = my RAID-1
> 4. I can easily mount /dev/md1 as root, etc.
> 
> If the kernel cannot detect them that way, I have serious trouble trying
> to
> figure out where exactly is each partition, which array it belongs to,
> etc.
> 

-- 
Analog-/ISDN-Nutzer sparen mit GMX SmartSurfer bis zu 70%!
Kostenlos downloaden: http://www.gmx.net/de/go/smartsurfer

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Re: Stealth crypto
  - From: Michael Garibaldi

Prev by Date: Re: Stealth crypto
Next by Date: Re: loop-AES and RPM's in FC5
Previous by thread: Re: Stealth crypto
Next by thread: Re: Stealth crypto
Index(es):
- Date
- Thread