Re: Linux distro w/loop-aes

[Max Vozeler <max@xxxxxxxxxxxx>]

Hi markus,

On Sat, Jun 09, 2007 at 04:32:18PM +0200, markus reichelt wrote:
> * Max Vozeler <max@xxxxxxxxxxxx> wrote:
> 
> > It seems to me like building kernels during installation could
> > prove rather complex and might be error prone. Fortunately, for
> > loop-AES this is not required. Most distribution kernels include
> > the standard kernel loop driver as module so that it can be
> > "overridden" by the loop-AES version without recompile of the
> > kernel.
> 
> Hmm, I thought the recompile was needed (strictly following the
> readme). Are you sure? ;-)

Yes, that's fine (to the best of my knowledge).

The loop driver is very self-contained: In the mainline kernel 
there is no other user of loop.h or symbols exported from the loop
driver apart from the cryptoloop driver. cryptoloop might break if
used with loop-AES, but apart from that, I don't think there is 
any problem replacing the loop module with loop-AES. 

In practice one must be careful to ensure the correct module 
being loaded, be it by overwriting/diverting the original module or
by installing into /lib/modules/$KERNEL/updates for 2.6 kernels. I 
think that this is the reason Jari explicitly mentions having to 
have CONFIG_BLOCK_DEV_LOOP=n in the documentation. Jari, please
correct me if that's wrong.

The Debian loop-AES packages have been replacing the module in 
this way for quite some time now with no problems that I know of.
I don't see why it wouldn't work or why it would be unsafe. That 
said, if there _are_ any problems I'm not seeing/considering, I 
would appreciate if someone could swing a clue bat my way ;-)

cheers,
Max

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/