[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux distro w/loop-aes

To: Max Vozeler <max@xxxxxxxxxxxx>, linux-crypto@xxxxxxxxxxxx
Subject: Re: Linux distro w/loop-aes
From: Phil <philtickle200@xxxxxxxxx>
Date: Mon, 11 Jun 2007 02:20:38 -0700 (PDT)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=ankXahqPRXoaR6ppnr8Y4BPXyhBLvOocgqB38qSyLqSg/2OxJur5GhuEFg9eH5hIoiiatxKGpMQoGGceCQq1eTn5aJdZ/Ocwy79lBX0tuwZsfcc8WWrybs6yYGMWVIWKDHDQgNJlv4X+0xl4lBGF48TWZuHLOXD3H8nzfHvmlN4=;
In-reply-to: <20070609163122.GA407@dp.vpn.nusquama.org>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Sender: linux-crypto-bounce@xxxxxxxxxxxx

I wish Jari would change the README to clarify the
possibility of building and installing loop-aes
without a kernel recompile by replacing an existing
loop driver  module.

As I recall the possibility of not recompiling the
kernel exists in the README only with regard to
upgrading an existing loop-aes loop.o, and not with
regard to replacing a non-loop-aes loop.o.

As I understand it you still have to recompile the
kernel if you want to encryot the root filesystem or
if the loop driver has been compiled into the kernel.

I think loop-aes would be much more widely adopted if
this was better understood.  I think a ,ot of users 
assume you have to replace the kernel based on the
README just to encrypt a partition, and they think,
"oh can't be bothered".  Then they use dmcrypt or
whatever.

--- Max Vozeler <max@xxxxxxxxxxxx> wrote:

> Hi markus,
> 
> On Sat, Jun 09, 2007 at 04:32:18PM +0200, markus
> reichelt wrote:
> > * Max Vozeler <max@xxxxxxxxxxxx> wrote:
> > 
> > > It seems to me like building kernels during
> installation could
> > > prove rather complex and might be error prone.
> Fortunately, for
> > > loop-AES this is not required. Most distribution
> kernels include
> > > the standard kernel loop driver as module so
> that it can be
> > > "overridden" by the loop-AES version without
> recompile of the
> > > kernel.
> > 
> > Hmm, I thought the recompile was needed (strictly
> following the
> > readme). Are you sure? ;-)
> 
> Yes, that's fine (to the best of my knowledge).
> 
> The loop driver is very self-contained: In the
> mainline kernel 
> there is no other user of loop.h or symbols exported
> from the loop
> driver apart from the cryptoloop driver. cryptoloop
> might break if
> used with loop-AES, but apart from that, I don't
> think there is 
> any problem replacing the loop module with loop-AES.
> 
> 
> In practice one must be careful to ensure the
> correct module 
> being loaded, be it by overwriting/diverting the
> original module or
> by installing into /lib/modules/$KERNEL/updates for
> 2.6 kernels. I 
> think that this is the reason Jari explicitly
> mentions having to 
> have CONFIG_BLOCK_DEV_LOOP=n in the documentation.
> Jari, please
> correct me if that's wrong.
> 
> The Debian loop-AES packages have been replacing the
> module in 
> this way for quite some time now with no problems
> that I know of.
> I don't see why it wouldn't work or why it would be
> unsafe. That 
> said, if there _are_ any problems I'm not
> seeing/considering, I 
> would appreciate if someone could swing a clue bat
> my way ;-)
> 
> cheers,
> Max
> 
> -
> Linux-crypto:  cryptography in and on the Linux
> system
> Archive:      
> http://mail.nl.linux.org/linux-crypto/
> 
> 

____________________________________________________________________________________
Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
http://new.toolbar.yahoo.com/toolbar/features/mail/index.php

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Linux distro w/loop-aes
  - From: Jari Ruusu

References:
- Re: Linux distro w/loop-aes
  - From: Max Vozeler

Prev by Date: You have 1 message !
Next by Date: Re: Linux distro w/loop-aes
Previous by thread: Re: Linux distro w/loop-aes
Next by thread: Re: Linux distro w/loop-aes
Index(es):
- Date
- Thread