From linux-crypto-bounce@nl.linux.org Wed Feb 01 00:40:37 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F456u-0005yN-JM; Wed, 01 Feb 2006 00:40:32 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 00:40:03 +0100 (CET) Received: from rayservers.com ([38.99.66.81]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F456D-0005uh-5o for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 00:39:49 +0100 Received: (qmail 2877 invoked from network); 31 Jan 2006 23:39:14 +0000 Received: from unknown (HELO ?192.168.2.2?) (venkat@rayservers.com@12.31.6.2) by rayservers.com with ESMTPA; 31 Jan 2006 23:39:14 +0000 Message-ID: <43DFF487.20605@rayservers.com> Date: Tue, 31 Jan 2006 18:36:39 -0500 From: Venkat Manakkal User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: "Cipher or key length not supported" under loop-aes 3.0 References: <20060131184237.GA6012@c68.191.146.142.dul.mn.charter.com> <20060131193259.GA9546@loop.nusquama.org> <20060131214722.GA6632@c68.191.146.142.dul.mn.charter.com> In-Reply-To: <20060131214722.GA6632@c68.191.146.142.dul.mn.charter.com> X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: venkat@rayservers.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/31/2006 04:47 PM, Chris Schadl wrote: | Ah, yeah. About 5 minutes after I posted this I discovered that a seperate | module 'cryptoloop' is created. Once I loaded that, everything worked fine. Thats great that things work out. Just remember that cryptoloop and loop-aes are different. Crytoloop implements single key disk crypto that is fubar and the second implements multi-key crypto that is not vulnerable to the watermark attack. See: http://mareichelt.de/pub/texts.cryptoloop.php and from google: http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2 http://www.governmentsecurity.org/archive/t14922.html Best regards, - ---Venkat. - -- http://rayservers.com/ 607-546-7300 PGP/GPG: https://rayservers.com/keys/0x12430522.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD3/SFWdkW/RJDBSIRAs34AJ0Thzbxsi6mNgCu1ta4kthWLgTTLwCglQ8K VYmuAvjfk69fkYMhMioHdkc= =qM4Q -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 14:47:43 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4IKg-0006jt-0Q; Wed, 01 Feb 2006 14:47:38 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 14:46:57 +0100 (CET) Received: from elvira.ekonomikum.uu.se ([2001:6b0:b:400::5]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4IJV-0006Ya-Cv for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 14:46:25 +0100 Received: by elvira.ekonomikum.uu.se (Postfix, from userid 204) id 968D8575; Wed, 1 Feb 2006 14:46:13 +0100 (MEZ) Received: from elvira.its.uu.se(127.0.0.1) by elvira.its.uu.se via virus-scan id s26721; Wed, 1 Feb 06 14:46:01 +0100 Received: from [130.243.148.148] (nl103-148-148.student.uu.se [130.243.148.148]) by elvira.ekonomikum.uu.se (Postfix) with ESMTP id C2EFE35D for ; Wed, 1 Feb 2006 14:45:59 +0100 (MEZ) Message-ID: <43E0BB98.90007@telia.com> Date: Wed, 01 Feb 2006 14:46:00 +0100 From: =?ISO-8859-1?Q?Gabriel_J=E4genstedt?= User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Encrypting DVD:s and CD:s References: In-Reply-To: X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: gabriel.j@telia.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hey! Now for once I'm coming with a question that isn't about some stupid problem I've caused. I'm looking for a simple way to have encrypted dvd:s and cd:s. I have the following line in fstab. /dev/hdc /mnt/secure iso9660 ro,user,noauto,loop=/dev/loop11,encryption=AES256,gpgkey=/etc/keys/cd_dvdkey.gpg What I want is basicly a simple way to encrypt stuff that is off my drive. I'm sure it is possible to do it in some way writing a simple script and having one file on the disc but I can't help think there is a better way. I haven't tried anything yet but I'm quite sure I don't wish to throw away media to test what works before asking the professionals. Does anyone have any tips on this? cheers /G - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 15:14:21 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4IkV-0001iq-3f; Wed, 01 Feb 2006 15:14:19 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 15:14:04 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4Ik3-0001i5-JX for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 15:13:51 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id F25733129; Wed, 1 Feb 2006 16:13:45 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19987-20; Wed, 1 Feb 2006 16:13:44 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id C9BBDA2A; Wed, 1 Feb 2006 16:13:44 +0200 (EET) Message-ID: <43E0C218.2917DC37@users.sourceforge.net> Date: Wed, 01 Feb 2006 16:13:44 +0200 From: Jari Ruusu To: Gabriel =?iso-8859-1?Q?J=E4genstedt?= Cc: linux-crypto@nl.linux.org Subject: Re: Encrypting DVD:s and CD:s References: <43E0BB98.90007@telia.com> Content-Type: text/plain; charset=iso-8859-1 X-Virus-Scanned: amavisd-new at mail.tnnet.fi Content-Transfer-Encoding: quoted-printable Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Gabriel J=E4genstedt wrote: > I have the following line in fstab. > /dev/hdc /mnt/secure iso9660 > ro,user,noauto,loop=3D/dev/loop11,encryption=3DAES256,gpgkey=3D/etc/key= s/cd_dvdkey.gpg >=20 > What I want is basicly a simple way to encrypt stuff that is off my > drive. I'm sure it is possible to do it in some way writing a simple > script and having one file on the disc but I can't help think there is = a > better way. Each CD and DVD must have its own key file. If you use same key file for multiple file systems, you start getting identical ciphertext blocks, whi= ch is bad for security. aespipe README example 3.3. shows how to encrypt CDs. It puts a key file = at beginning of the CD and specifies offset for encrypted data. If you want = to be able to change passphrase afterwards, then encrypt the key file using = gpg public-key crypto. Changing gpg private-key passphrase changes your CD/DV= D mount passphrase. http://loop-aes.sourceforge.net/aespipe.README --=20 Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 = DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 15:39:18 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4J8d-0004TD-9O; Wed, 01 Feb 2006 15:39:15 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 15:38:57 +0100 (CET) Received: from elvira.ekonomikum.uu.se ([2001:6b0:b:400::5]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4J86-0004Ml-6v for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 15:38:42 +0100 Received: by elvira.ekonomikum.uu.se (Postfix, from userid 204) id 91A7920B; Wed, 1 Feb 2006 15:38:41 +0100 (MEZ) Received: from elvira.its.uu.se(127.0.0.1) by elvira.its.uu.se via virus-scan id s26710; Wed, 1 Feb 06 15:38:35 +0100 Received: from [130.243.148.148] (nl103-148-148.student.uu.se [130.243.148.148]) by elvira.ekonomikum.uu.se (Postfix) with ESMTP id A142D5E9 for ; Wed, 1 Feb 2006 15:38:32 +0100 (MEZ) Message-ID: <43E0C7EB.2090602@telia.com> Date: Wed, 01 Feb 2006 15:38:35 +0100 From: =?ISO-8859-1?Q?Gabriel_J=E4genstedt?= User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Encrypting DVD:s and CD:s References: <43E0BB98.90007@telia.com> <43E0C218.2917DC37@users.sourceforge.net> In-Reply-To: <43E0C218.2917DC37@users.sourceforge.net> X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: gabriel.j@telia.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Thanks.. I'll take a look at that. Jari Ruusu wrote: > Gabriel J=E4genstedt wrote: >=20 >>I have the following line in fstab. >>/dev/hdc /mnt/secure iso9660 >>ro,user,noauto,loop=3D/dev/loop11,encryption=3DAES256,gpgkey=3D/etc/key= s/cd_dvdkey.gpg >> >>What I want is basicly a simple way to encrypt stuff that is off my >>drive. I'm sure it is possible to do it in some way writing a simple >>script and having one file on the disc but I can't help think there is = a >>better way. >=20 >=20 > Each CD and DVD must have its own key file. If you use same key file fo= r > multiple file systems, you start getting identical ciphertext blocks, w= hich > is bad for security. >=20 > aespipe README example 3.3. shows how to encrypt CDs. It puts a key fil= e at > beginning of the CD and specifies offset for encrypted data. If you wan= t to > be able to change passphrase afterwards, then encrypt the key file usin= g gpg > public-key crypto. Changing gpg private-key passphrase changes your CD/= DVD > mount passphrase. >=20 > http://loop-aes.sourceforge.net/aespipe.README >=20 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 16:20:08 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4Jm7-00023I-To; Wed, 01 Feb 2006 16:20:03 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 16:19:42 +0100 (CET) Received: from elvira.ekonomikum.uu.se ([2001:6b0:b:400::5]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4JlU-0001wh-5N for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 16:19:24 +0100 Received: by elvira.ekonomikum.uu.se (Postfix, from userid 204) id C313D3A7; Wed, 1 Feb 2006 16:19:18 +0100 (MEZ) Received: from elvira.its.uu.se(127.0.0.1) by elvira.its.uu.se via virus-scan id s26736; Wed, 1 Feb 06 16:19:08 +0100 Received: from [130.243.148.148] (nl103-148-148.student.uu.se [130.243.148.148]) by elvira.ekonomikum.uu.se (Postfix) with ESMTP id 178BF24B for ; Wed, 1 Feb 2006 16:19:06 +0100 (MEZ) Message-ID: <43E0D16E.4050403@telia.com> Date: Wed, 01 Feb 2006 16:19:10 +0100 From: =?ISO-8859-1?Q?Gabriel_J=E4genstedt?= User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: Encrypting DVD:s and CD:s References: <43E0BB98.90007@telia.com> <43E0C218.2917DC37@users.sourceforge.net> <43E0C7EB.2090602@telia.com> In-Reply-To: <43E0C7EB.2090602@telia.com> X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: gabriel.j@telia.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Wow.. That was way cool. Thanks for creating such beautifull software. Gabriel J=E4genstedt wrote: > Thanks.. I'll take a look at that. >=20 > Jari Ruusu wrote: >=20 >>Gabriel J=E4genstedt wrote: >> >> >>>I have the following line in fstab. >>>/dev/hdc /mnt/secure iso9660 >>>ro,user,noauto,loop=3D/dev/loop11,encryption=3DAES256,gpgkey=3D/etc/ke= ys/cd_dvdkey.gpg >>> >>>What I want is basicly a simple way to encrypt stuff that is off my >>>drive. I'm sure it is possible to do it in some way writing a simple >>>script and having one file on the disc but I can't help think there is= a >>>better way. >> >> >>Each CD and DVD must have its own key file. If you use same key file fo= r >>multiple file systems, you start getting identical ciphertext blocks, w= hich >>is bad for security. >> >>aespipe README example 3.3. shows how to encrypt CDs. It puts a key fil= e at >>beginning of the CD and specifies offset for encrypted data. If you wan= t to >>be able to change passphrase afterwards, then encrypt the key file usin= g gpg >>public-key crypto. Changing gpg private-key passphrase changes your CD/= DVD >>mount passphrase. >> >>http://loop-aes.sourceforge.net/aespipe.README >> >=20 >=20 > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ >=20 >=20 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 17:04:05 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4KSZ-0006bS-K2; Wed, 01 Feb 2006 17:03:55 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 17:03:42 +0100 (CET) Received: from panther.misty.com ([198.137.254.71]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4KS2-0006Z4-16 for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 17:03:22 +0100 X-Envelope-From: teners@bh90210.net Received: from smtpserver1.misty.com (localhost [127.0.0.1]) by panther.misty.com (8.13.5/8.13.4) with ESMTP id k11G2QRg024630; Wed, 1 Feb 2006 11:02:30 -0500 (EST) Received: from [70.194.177.138] (138.sub-70-194-177.myvzw.com [70.194.177.138]) (authenticated bits=0) by smtpserver1.misty.com (8.13.5/8.13.1) with ESMTP id k11G1h1o024603; Wed, 1 Feb 2006 11:02:08 -0500 (EST) User-Agent: Microsoft-Entourage/11.2.1.051004 Date: Wed, 01 Feb 2006 11:00:33 -0500 Subject: LoopAES for MacOS From: "IT3 Stuart Blake Tener, USN" To: CC: Jari Ruusu Message-ID: Thread-Topic: LoopAES for MacOS Thread-Index: AcYnSKGp4G8NDZM7Edq02AANkzM2/g== Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-Scanned-By: http://mail-cleaner.com/ on 198.137.254.71 Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: teners@bh90210.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Mr. Ruusu, et alia: Recently I switched (about a year ago) from using a Windows/Linux mix to that of an Apple Macintosh running MacOS. This has proved to offer both Unix as well as a reasonable "end user" application mix for me. That said, I like and use the encryption within MacOS but it is not portable to Linux or other operating systems. Is there a version of LoopAES that can be compiled and used under MacOS given that MacOS is a FreeBSD sub variant? Thanks in advance. -- Very Respectfully, IT3 Stuart Blake Tener, USN Beverly Hills, California Amateur Radio Call Sign: N3GWG (General) email: teners@bh90210.net phone: +(1) 310.358.0202 (Beverly Hills, CA) phone: +(1) 215.338.6005 (Philadelphia, PA) Military emails (checked monthly until remote NMCI access is secured) NIPRNET: stuart.tener@navy.mil SIPRNET: NONE NRO: tenerstu (on the GWAN and @NRO.MIL) Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 17:28:26 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4KqF-0000Tp-Ay; Wed, 01 Feb 2006 17:28:23 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 17:28:01 +0100 (CET) Received: from revere.aoc.nrao.edu ([146.88.1.15]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4KpO-0000ML-B8 for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 17:27:30 +0100 Received: from cly.aoc.nrao.edu (cly.aoc.nrao.edu [146.88.3.188]) by revere.aoc.nrao.edu (8.13.1/8.13.1/cv-ws-8.12) with ESMTP id k11GQsV6009533; Wed, 1 Feb 2006 09:26:54 -0700 Received: from [10.0.1.3] (dsl-209-155-89-94.sdc.org [209.155.89.94]) (authenticated bits=0) by cly.aoc.nrao.edu (8.13.1/8.13.1) with ESMTP id k11GQnZq014787 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Wed, 1 Feb 2006 09:26:52 -0700 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-52--557257540; protocol="application/pkcs7-signature" Message-Id: <5EE935C2-A45F-4B6D-BDBC-DF4A096D60A9@nrao.edu> Cc: , Jari Ruusu From: Boyd Waters Subject: Re: LoopAES for MacOS Date: Wed, 1 Feb 2006 09:26:55 -0700 To: "IT3 Stuart Blake Tener, USN" X-Mailer: Apple Mail (2.746.2) X-MailScanner-Information: Please contact postmaster@aoc.nrao.edu for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-101.44, required 5, autolearn=disabled, ALL_TRUSTED -1.44, USER_IN_WHITELIST -100.00) X-MailScanner-From: bwaters@nrao.edu Received-SPF: X-Spam-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_40 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bwaters@nrao.edu Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --Apple-Mail-52--557257540 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed I am also a Mac user after years of hard-core Linux use. I still use a loop-aes Linux server as a backup/rsync server for the Macintosh desktop clients. Loop-AES is a module which is intimately tied to the Linux block loopback driver. At the moment, no loop-aes port is available on Mac OS X. However, the aespipe compiles and runs fine on Mac OS X, and I have used this tool to move data from loop-aes volumes to large (unencrypted) files that I can mount on the Macintosh (provided the encrypted volume used a file system that the Mac can use, hfsplus or vfat). The Macintosh OS offers a loopback-block-device driver with AES encryption which is very similar in implementation to LUKS-with-dm- crypt on Linux. You may use GPG-encrypted key in conjunction with hdiutil encrypted volumes to implement multi-factor authentication for your encrypted disk images: # gpg --homedir /Volumes/some-usb-key/gpghome -d /Volumes/some-other- volume/diskKey.gpg | hdiutil attach encrypted-disk.dmg -encryption - stdinpass Unfortunately, the source code for hdiutil encrypted volumes in not published by Apple (I think), and therefore has not been evaluated. It likely has problems with watermarking attacks - if not worse - that only loop-aes seems to address effectively. It would be possible to port some of loop-aes to the Mac, I think, but it would need to work within the IOKit framework. Does anyone want to help me with this? Regards, - boyd Boyd Waters Socorro, New Mexico On Feb 1, 2006, at 9:00 AM, IT3 Stuart Blake Tener, USN wrote: > Mr. Ruusu, et alia: > > Recently I switched (about a year ago) from using a Windows/ > Linux mix to > that of an Apple Macintosh running MacOS. This has proved to offer > both Unix > as well as a reasonable "end user" application mix for me. That > said, I like > and use the encryption within MacOS but it is not portable to Linux > or other > operating systems. > > Is there a version of LoopAES that can be compiled and used > under MacOS > given that MacOS is a FreeBSD sub variant? > > Thanks in advance. > > > -- > > Very Respectfully, > > IT3 Stuart Blake Tener, USN > Beverly Hills, California > Amateur Radio Call Sign: N3GWG (General) > email: teners@bh90210.net > phone: +(1) 310.358.0202 (Beverly Hills, CA) > phone: +(1) 215.338.6005 (Philadelphia, PA) > > Military emails (checked monthly until remote NMCI access is secured) > NIPRNET: stuart.tener@navy.mil > SIPRNET: NONE > NRO: tenerstu (on the GWAN and @NRO.MIL) > > Confidentiality Notice: This e-mail message, including any > attachments, is > for the sole use of the intended recipient(s) and may contain > confidential > and/or privileged information. Any unauthorized review, use, > disclosure or > distribution is prohibited. If you are not the intended recipient, > please > contact the sender by reply e-mail and destroy all copies of the > original > message. > > > > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ --Apple-Mail-52--557257540 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGFDCCAs0w ggI2oAMCAQICAw/xvTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIElzc3VpbmcgQ0EwHhcNMDUxMTI5MjI1NjIwWhcNMDYxMTI5MjI1NjIwWjBCMR8wHQYDVQQD ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhBid2F0ZXJzQG5yYW8uZWR1 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLzyMs7hT0kZ4/7b8/DuVwJqBN3Vqbzb 5A7EiBHEbkzIg74ybHh+yLJkO0pXduDSUg/siFpOv9S639A//akORNiLoKGCxCObpppms2wNg1OV SRA8bwWJkkkZTHo9+JLkoxpKxcvT/kZlGY8WAXkwyVcvY2DHlIUBUjNFhY73RZIr4jeKzztrAQWX T/7wQVxagKESj+IYb625xQN+k0yCx+HoIi741vXZ09woEnpHXKG2zXE6NWprPVEw6FzaN8QFzp4F uZY1MsDoBg6QvkLpPDlVt4Hms69i8PGP2nlO/+9TzLd2qMZwgD2tF8i5t/lP0VZfcWiG0fluBcid 02D5eQIDAQABoy0wKzAbBgNVHREEFDASgRBid2F0ZXJzQG5yYW8uZWR1MAwGA1UdEwEB/wQCMAAw DQYJKoZIhvcNAQEEBQADgYEAJvBHtNrGWESYoZIYgKMvQOCNwYj8YpeK81CzZZ8E3jreQLXg/4sr q3qfBFTv4WPh0pqy3t92uMpNCq58Yqp5G6t7fVhNpS5YA9VPXAZHBkjaH29qcXimBBgkmx4XP6c/ 62lzXT80fHo0bizNEyqpKeN/nn7hL2jLC2r06phkjFgwggM/MIICqKADAgECAgENMA0GCSqGSIb3 DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlD YXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0 aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg Q0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3 MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENv bnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f 6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYk KhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGj gZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRo YXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0R BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM 0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZ Nd4ksdMdRv9dX2VPMYIC5zCCAuMCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls IElzc3VpbmcgQ0ECAw/xvTAJBgUrDgMCGgUAoIIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0wNjAyMDExNjI2NTZaMCMGCSqGSIb3DQEJBDEWBBS9bRtslLuTxryt 7IbNkb3Utp2EMjB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3 dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQQIDD/G9MHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw/xvTANBgkqhkiG9w0BAQEFAASCAQCftg+NjfrtyG96 e1g7gmd8RoaE7Gv0hYhE36FL+a4kIET99jmMnY1m91c3sbm+vVNb0HoXLqslmzttlBd1U6ojNkiA i7gKZCMSxNKZZKGGum/3yAmbNqDjFQR5Ugz50Mdzlp6jle425LSuSppnHQFDU+HX8MOmtaR3kizo jFy5hNDJxMJuUNU1x4KQ/emgcBkEDk2MhNOLgtBd9VSWQm+KTncIejCLbtsEdU3yPh4rILj4lFfd pSK74kS0TKeDu+lZPTfamHvVe4mL7wyygmtoR5sjtZFXrtF9J7KQEr3jgcsIfHlj0hqkZMBO//Z9 a7tfGwOoE32TGqBr+zm52SaSAAAAAAAA --Apple-Mail-52--557257540-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 17:55:47 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4LGh-0002lO-9e; Wed, 01 Feb 2006 17:55:43 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 17:55:27 +0100 (CET) Received: from uproxy.gmail.com ([66.249.92.207]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4LGH-0002hn-Bm for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 17:55:17 +0100 Received: by uproxy.gmail.com with SMTP id c2so3019ugf for ; Wed, 01 Feb 2006 08:53:54 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=XeYYr57ScXd8Ca4jraIyL9fzWJSQVcCvULDAAtG1fIHixN5TtsDGk7ortqmkQHfx5hj1eB5pX4yjhbnuvMjEF6EfwV1F/Qoi04XR/lA4SXs1ulyxJreNxq41Jl7xFy5Y76yTV+Eyh8/o0+P/fcslngmqFZLJxP0wEIM21CXprPw= Received: by 10.49.34.4 with SMTP id m4mr573027nfj; Wed, 01 Feb 2006 08:53:53 -0800 (PST) Received: by 10.49.41.14 with HTTP; Wed, 1 Feb 2006 08:53:53 -0800 (PST) Message-ID: <67d53e40602010853j37d15e93pac437b2e053f4d7a@mail.gmail.com> Date: Wed, 1 Feb 2006 18:53:53 +0200 From: Markus Laire To: linux-crypto@nl.linux.org Subject: How to get the size of the loop-device? MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: malaire@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Once I have a working loop device, e.g. /dev/loop5, how can I get the size of this device in bytes for bash-script? I need this, so that I can create two loop-devices on top on it, like losetup -o 0 -s $halfsize /dev/loop6 /dev/loop5 losetup -o $halfsize /dev/loop7 /dev/loop5 I tried trivial `perl -e 'print -s "/dev/loop5"'`, but it just returns zero= . There's likely a trivial answer to this, but I havn't been able to find it. -- Markus Laire - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 18:09:51 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4LUK-0003tT-4k; Wed, 01 Feb 2006 18:09:48 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 18:09:37 +0100 (CET) Received: from uproxy.gmail.com ([66.249.92.205]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4LTy-0003hu-AM for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 18:09:26 +0100 Received: by uproxy.gmail.com with SMTP id m3so18854uge for ; Wed, 01 Feb 2006 09:08:01 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=LLDAR+cdQa6fBP0axp9FW+boPHrm3MXEzWBv0Z8OWCZkVexAfHwxDQYoa3QaXvscTxJn50OZd7fZJeffPCxpMJYsTZDdFyzSDzq+7n2pXIOTYwRw3w2OCTtN+i8t6jQLj+egBeSkhkN4ukKu44n5Pk3n3Dt20whNk861mCpMmVI= Received: by 10.48.199.13 with SMTP id w13mr1122451nff; Wed, 01 Feb 2006 09:08:01 -0800 (PST) Received: by 10.49.41.14 with HTTP; Wed, 1 Feb 2006 09:08:01 -0800 (PST) Message-ID: <67d53e40602010908m641b7de8pac9cda3d4724f839@mail.gmail.com> Date: Wed, 1 Feb 2006 19:08:01 +0200 From: Markus Laire To: linux-crypto@nl.linux.org Subject: Re: How to get the size of the loop-device? In-Reply-To: <67d53e40602010853j37d15e93pac437b2e053f4d7a@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <67d53e40602010853j37d15e93pac437b2e053f4d7a@mail.gmail.com> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: malaire@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto On 2/1/06, Markus Laire wrote: > Once I have a working loop device, e.g. /dev/loop5, how can I get the > size of this device in bytes for bash-script? > I need this, so that I can create two loop-devices on top on it, like > losetup -o 0 -s $halfsize /dev/loop6 /dev/loop5 > losetup -o $halfsize /dev/loop7 /dev/loop5 > > I tried trivial `perl -e 'print -s "/dev/loop5"'`, but it just returns ze= ro. > > There's likely a trivial answer to this, but I havn't been able to find i= t. ok, I just found one way to do it. I should have tried a bit more before asking from the list. `sudo perl -e 'open D, "<", "/dev/loop5"; print sysseek D,0,2; close D'` -- Markus Laire - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 18:19:06 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4LdG-0004t6-E7; Wed, 01 Feb 2006 18:19:02 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 18:18:54 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4Lcw-0004sH-7o for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 18:18:42 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 3CD213A76; Wed, 1 Feb 2006 19:18:28 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01505-13; Wed, 1 Feb 2006 19:18:26 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id DF8D13436; Wed, 1 Feb 2006 19:18:26 +0200 (EET) Message-ID: <43E0ED62.A23DC7DB@users.sourceforge.net> Date: Wed, 01 Feb 2006 19:18:26 +0200 From: Jari Ruusu To: Markus Laire Cc: linux-crypto@nl.linux.org Subject: Re: How to get the size of the loop-device? References: <67d53e40602010853j37d15e93pac437b2e053f4d7a@mail.gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Markus Laire wrote: > Once I have a working loop device, e.g. /dev/loop5, how can I get the > size of this device in bytes for bash-script? > I need this, so that I can create two loop-devices on top on it, like > losetup -o 0 -s $halfsize /dev/loop6 /dev/loop5 > losetup -o $halfsize /dev/loop7 /dev/loop5 > > I tried trivial `perl -e 'print -s "/dev/loop5"'`, but it just returns zero. > > There's likely a trivial answer to this, but I havn't been able to find it. sectors=`blockdev --getsize /dev/loop5` fullsize=`echo ${sectors}' * 512' | bc` halfsize=`echo ${sectors}' * 256' | bc` What are you trying to do? -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 18:42:26 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4Lzr-0008Hx-GP; Wed, 01 Feb 2006 18:42:23 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 18:42:03 +0100 (CET) Received: from astra.telenet-ops.be ([195.130.132.58]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4LzJ-0008Go-Ii for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 18:41:49 +0100 Received: from localhost (localhost.localdomain [127.0.0.1]) by astra.telenet-ops.be (Postfix) with SMTP id DA450385F3 for ; Wed, 1 Feb 2006 18:41:35 +0100 (CET) Received: from [192.168.0.100] (dD576513D.access.telenet.be [213.118.81.61]) by astra.telenet-ops.be (Postfix) with ESMTP id 609D03835B for ; Wed, 1 Feb 2006 18:41:35 +0100 (CET) From: malvert To: linux-crypto@nl.linux.org Subject: AES -LWR-IV encrypting without kernel recomplile? Date: Wed, 1 Feb 2006 18:41:32 +0100 User-Agent: KMail/1.8.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602011841.32719.malvert@telenet.be> Received-SPF: X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: malvert@telenet.be Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi all, It seems that this discussion kind of got stalled way back in early 2005. Is a solution to be expected soon for this rather awkward situation. I would by far prefer a 'non-broken' AES-LWR encryption without the hassle of tinkering with kernel recompile. As I understand it, this is mainly a linux kernel shortcoming. malv - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Feb 01 19:02:25 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4MJ5-0001XP-Vx; Wed, 01 Feb 2006 19:02:16 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Wed, 01 Feb 2006 19:02:00 +0100 (CET) Received: from uproxy.gmail.com ([66.249.92.198]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4MIY-0001WR-E9 for linux-crypto@nl.linux.org; Wed, 01 Feb 2006 19:01:42 +0100 Received: by uproxy.gmail.com with SMTP id o2so141820uge for ; Wed, 01 Feb 2006 10:01:41 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=DT03yfwmKrqs4t5xho1l2L2EeqvErYh2rwWp3bFL8OD0ER7blqQGtH9tp39M2JNzmU/loeI3LE7XWJkjThe+EqVKEHM5A1HK1RuFSRgaamA2K4Fpp9tJYrgxOprJ9zgvvE2fQGvhwnsyqFS10QzgS2DM8GF5RzAjvUJx2oslFLo= Received: by 10.48.108.7 with SMTP id g7mr1523854nfc; Wed, 01 Feb 2006 10:01:41 -0800 (PST) Received: by 10.49.41.14 with HTTP; Wed, 1 Feb 2006 10:01:41 -0800 (PST) Message-ID: <67d53e40602011001k4eba76d8tcb08b300dd8693a0@mail.gmail.com> Date: Wed, 1 Feb 2006 20:01:41 +0200 From: Markus Laire To: Jari Ruusu Subject: Re: How to get the size of the loop-device? Cc: linux-crypto@nl.linux.org In-Reply-To: <43E0ED62.A23DC7DB@users.sourceforge.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <67d53e40602010853j37d15e93pac437b2e053f4d7a@mail.gmail.com> <43E0ED62.A23DC7DB@users.sourceforge.net> Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: malaire@gmail.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto On 2/1/06, Jari Ruusu wrote: > Markus Laire wrote: > > Once I have a working loop device, e.g. /dev/loop5, how can I get the > > size of this device in bytes for bash-script? > > sectors=3D`blockdev --getsize /dev/loop5` > fullsize=3D`echo ${sectors}' * 512' | bc` > halfsize=3D`echo ${sectors}' * 256' | bc` > > What are you trying to do? I'm writing a script which double-encrypts a single swap-area and /tmp with random keys. If I simply use two loop-devices for both, I need 4 sets of random keys. So I'm trying this setup which only needs 2 sets of random keys: (I don't want to waste the entropy) (Note: I intend to use 2 different ciphers, but currently I only have AES working) losetup -e AES256 -H random /dev/loop7 "$DEV" losetup -e AES256 -H random /dev/loop6 /dev/loop7 losetup -s $halfsize /dev/loop4 /dev/loop6 losetup -o $halfsize /dev/loop5 /dev/loop6 mkswap /dev/loop4 > /dev/null mke2fs -m 0 /dev/loop5 &> /dev/null swapon /dev/loop4 mount -t ext2 /dev/loop5 /tmp chmod 1777 /tmp -- Markus Laire - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 02 10:34:27 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4arA-0004n1-9J; Thu, 02 Feb 2006 10:34:24 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 02 Feb 2006 10:33:39 +0100 (CET) Received: from web54003.mail.yahoo.com ([206.190.36.227]) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1F4aqE-0003zA-Fz for linux-crypto@nl.linux.org; Thu, 02 Feb 2006 10:33:26 +0100 Received: (qmail 43931 invoked by uid 60001); 2 Feb 2006 09:29:36 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=x5QNMvIUo1rRbK4RdDKqDEQaUTscSka82+iYQWT+I8rLyc9PukT8M3mWBp7MG8bV2ej+3Uje/Ty51UDNqu00SjjUfAGq9p5G9sdSkbLg2Sd2ZU0dUAG4Y0cOqcvZ9NhoBsake/r6MObltUMMaiS+IJtv+WphJ2SoTPIpBYUdfHU= ; Message-ID: <20060202092936.43929.qmail@web54003.mail.yahoo.com> Received: from [83.235.160.2] by web54003.mail.yahoo.com via HTTP; Thu, 02 Feb 2006 01:29:36 PST Date: Thu, 2 Feb 2006 01:29:36 -0800 (PST) From: Phil H Subject: Re: AES -LWR-IV encrypting without kernel recomplile? To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-2131431470-1138872576=:18176" Content-Transfer-Encoding: 8bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: philtickle200@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --0-2131431470-1138872576=:18176 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit The recent version of Truecrypt now claims to implement LWR I think, mainly in response to well-aimed criticisms by people like Jari. What shoudl be of concern is that it took so long for Truecrypt to wake up to this issue in the first place. I have no idea if that in fact resolves Truecrypt's brokeness - it would be interesting to know. On linux it requires the device mapper stuff, hence a 2.6.something kernel that is capable of this. But it can only mount, not create, encrypted volumes under linux - that you have to under windoze - and this is a tremendous bore. malvert wrote: Hi all It seems that this discussion kind of got stalled way back in early 2005. Is a solution to be expected soon for this rather awkward situation. I would by far prefer a 'non-broken' AES-LWR encryption without the hassle of tinkering with kernel recompile. As I understand it, this is mainly a linux kernel shortcoming. malv - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ What are the most popular cars? Find out at Yahoo! Autos --------------------------------- Do you Yahoo!? With a free 1 GB, there's more in store with Yahoo! Mail. --0-2131431470-1138872576=:18176 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit
The recent version of Truecrypt now claims to implement LWR I think, mainly in response to well-aimed criticisms by people like Jari.  What shoudl be of concern is that it took so long for Truecrypt to wake up to this issue in the first place.

I have no idea if that in fact resolves Truecrypt's brokeness - it would be interesting to know.

On linux it requires the device mapper stuff, hence a 2.6.something kernel that is capable of this.   But it can only mount, not create, encrypted volumes under linux - that you have to under windoze -  and this is a tremendous bore.
malvert <mavert@telenet.be> wrote:

Hi all
It seems that this discussion kind of got stalled way back in early 2005.
Is a solution to be expected soon for this rather awkward situation.
I would by far prefer a 'non-broken' AES-LWR encryption without the hassle of
tinkering with kernel recompile. As I understand it, this is mainly a linux
kernel shortcoming.

malv

-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/

What are the most popular cars? Find out at Yahoo! Autos

Do you Yahoo!?
With a free 1 GB, there's more in store with Yahoo! Mail. --0-2131431470-1138872576=:18176-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 02 15:49:24 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4flv-0001nd-Uy; Thu, 02 Feb 2006 15:49:19 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 02 Feb 2006 15:48:31 +0100 (CET) Received: from hoboe1bl1.telenet-ops.be ([195.130.137.72]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4fkl-0001cO-RZ for linux-crypto@nl.linux.org; Thu, 02 Feb 2006 15:48:07 +0100 Received: from localhost (localhost.localdomain [127.0.0.1]) by hoboe1bl1.telenet-ops.be (Postfix) with SMTP id 6A14238A6C for ; Thu, 2 Feb 2006 15:48:01 +0100 (CET) Received: from [192.168.0.100] (dD576513D.access.telenet.be [213.118.81.61]) by hoboe1bl1.telenet-ops.be (Postfix) with ESMTP id 355D538843 for ; Thu, 2 Feb 2006 15:48:01 +0100 (CET) From: malvert To: linux-crypto@nl.linux.org Subject: Using loop-aes while keeping original loop.ko Date: Thu, 2 Feb 2006 15:48:00 +0100 User-Agent: KMail/1.8.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602021548.00593.malvert@telenet.be> Received-SPF: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: malvert@telenet.be Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello All, I am currently running encrypted file systems under luks dm-crypt, this on Suse10.0 v2.6.13-15.7 I badly would like to start on loop-aes, but I would like to keep the present luks encrypted files going, this without having to switch between two different kernels. Following the instructions for a kernel recompile for loop-aes, could I also keep the old loop.o as a loadable module now and after rmmod loop, either modprobe the old loop or the new loop-aes? Did anybody do this. Thank you kindly for any commentary or help on this. malv - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 02 17:08:50 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4h0n-0005Ui-F7; Thu, 02 Feb 2006 17:08:45 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 02 Feb 2006 17:08:22 +0100 (CET) Received: from mail.tnnet.fi ([217.112.240.26]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F4gy6-0002xu-7Q for linux-crypto@nl.linux.org; Thu, 02 Feb 2006 17:05:58 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.tnnet.fi (Postfix) with ESMTP id 000AD3564BC; Thu, 2 Feb 2006 18:05:52 +0200 (EET) Received: from mail.tnnet.fi ([127.0.0.1]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01902-03; Thu, 2 Feb 2006 18:05:48 +0200 (EET) Received: from a64.adsl.tnnet.fi (a64.adsl.tnnet.fi [217.112.242.64]) by mail.tnnet.fi (Postfix) with ESMTP id 3B4373547; Thu, 2 Feb 2006 18:05:48 +0200 (EET) Message-ID: <43E22DDA.E2CB1D18@users.sourceforge.net> Date: Thu, 02 Feb 2006 18:05:46 +0200 From: Jari Ruusu To: Markus Laire Cc: linux-crypto@nl.linux.org Subject: Re: How to get the size of the loop-device? References: <67d53e40602010853j37d15e93pac437b2e053f4d7a@mail.gmail.com> <43E0ED62.A23DC7DB@users.sourceforge.net> <67d53e40602011001k4eba76d8tcb08b300dd8693a0@mail.gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.tnnet.fi Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jariruusu@users.sourceforge.net Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Markus Laire wrote: > losetup -e AES256 -H random /dev/loop7 "$DEV" > losetup -e AES256 -H random /dev/loop6 /dev/loop7 > losetup -s $halfsize /dev/loop4 /dev/loop6 > losetup -o $halfsize /dev/loop5 /dev/loop6 You have three loops stacked which does have small run time overhead. My advise is to stack only two. Something like this: losetup -e AES256 -H random /dev/loop7 "$TMPDEV" losetup -e AES256 -H random /dev/loop6 "$SWAPDEV" losetup -e twofish256 -H random /dev/loop5 /dev/loop7 losetup -e twofish256 -H random /dev/loop4 /dev/loop6 If do decide to use $halfsize, then you need to make sure that sizelimit (-s) and offset (-o) options given to losetup must be multiples of 512 bytes. Just cutting some device size in half does not guarantee that. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 03 15:50:25 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F52GS-0004p6-LD; Fri, 03 Feb 2006 15:50:20 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 03 Feb 2006 15:49:33 +0100 (CET) Received: from mail.gmx.de ([213.165.64.21] helo=mail.gmx.net) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1F52FT-0004kD-EO for linux-crypto@nl.linux.org; Fri, 03 Feb 2006 15:49:19 +0100 Received: (qmail 4232 invoked by uid 0); 3 Feb 2006 14:47:27 -0000 Received: from 84.175.55.73 by www008.gmx.net with HTTP; Fri, 3 Feb 2006 15:47:28 +0100 (MET) Date: Fri, 3 Feb 2006 15:47:28 +0100 (MET) From: Peter_22@gmx.de To: Jari Ruusu Cc: linux-crypto@nl.linux.org MIME-Version: 1.0 References: <43E22DDA.E2CB1D18@users.sourceforge.net> Subject: SATA Raid0 and loop-aes X-Priority: 3 (Normal) X-Authenticated: #5663700 Message-ID: <3618.1138978048@www008.gmx.net> X-Mailer: WWW-Mail 1.6 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_50,NO_REAL_NAME autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hello! I would like to kindly ask if the following harddrives are ok to built a raid0 and then encrypt it with loop-aes. As drives I consider these two as a good choice: 1. Maxtor model: 7V300F0 size: 300GB (7200U/min, 16MB Cache, 9ms, S-ATA II, NCQ) price: 130 Euros 2. Western Digital model: WD3200SD (RAID Edition) size: 320GB (7200U/min, 8MB Cache, 8.9ms, S-ATA/150) price: 134 Euros Two of them as raid0 should operate faster than one of these high-price 500GB wonders with 5 platters inside. Raid0 would be done with Via chipset VT8237. Is it a hard struggle to get the raid0 encrypted? Are there readers around here with experience in this field? I consider Maxtor and WD as reliable drives. Regards, Peter -- Telefonieren Sie schon oder sparen Sie noch? NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 03 16:10:08 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F52ZY-0008Qz-CM; Fri, 03 Feb 2006 16:10:04 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 03 Feb 2006 16:09:50 +0100 (CET) Received: from opium.multi24.com ([213.239.202.166]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F52Z6-0008QC-P1 for linux-crypto@nl.linux.org; Fri, 03 Feb 2006 16:09:36 +0100 Received: by opium.multi24.com (Postfix, from userid 1001) id 19A16400092; Fri, 3 Feb 2006 16:09:20 +0100 (CET) Date: Fri, 3 Feb 2006 16:09:20 +0100 From: Florian Reitmeir To: linux-crypto@nl.linux.org, Jari Ruusu Subject: Re: SATA Raid0 and loop-aes Message-ID: <20060203150920.GE14104@squat.noreply.org> Mail-Followup-To: linux-crypto@nl.linux.org, Jari Ruusu Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Accept-Language: de, en User-Agent: Mutt/1.5.9i Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_50 autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: florian@reitmeir.org Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi, On Fre, 03 Feb 2006, Peter_22@gmx.de wrote: > I would like to kindly ask if the following harddrives are ok to built a > raid0 and then encrypt it with loop-aes. As drives I consider these two as a > good choice: > 1. Maxtor > model: 7V300F0 > size: 300GB (7200U/min, 16MB Cache, 9ms, S-ATA II, NCQ) > price: 130 Euros > > 2. Western Digital > model: WD3200SD (RAID Edition) > size: 320GB (7200U/min, 8MB Cache, 8.9ms, S-ATA/150) > price: 134 Euros why not.. > Two of them as raid0 should operate faster than one of these high-price > 500GB wonders with 5 platters inside. Raid0 would be done with Via chipset > VT8237. Why not using a normal native software raid? (maybe you intend to change your mainboard someday..) The software raid from linux is in many cases faster and more stable than some "raid"-adapters. > Is it a hard struggle to get the raid0 encrypted? Are there readers around > here with experience in this field? I consider Maxtor and WD as reliable > drives. you can painless encrypt nearly every block-device in linux -- Florian Reitmeir - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Feb 04 01:41:05 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F5BU5-00019z-BF; Sat, 04 Feb 2006 01:41:01 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sat, 04 Feb 2006 01:40:34 +0100 (CET) Received: from mail.gmx.de ([213.165.64.21] helo=mail.gmx.net) by humbolt.nl.linux.org with smtp (Exim 4.22) id 1F5BTP-00015R-E8 for linux-crypto@nl.linux.org; Sat, 04 Feb 2006 01:40:19 +0100 Received: (qmail 20964 invoked by uid 0); 4 Feb 2006 00:38:28 -0000 Received: from 84.175.22.150 by www072.gmx.net with HTTP; Sat, 4 Feb 2006 01:38:28 +0100 (MET) Date: Sat, 4 Feb 2006 01:38:28 +0100 (MET) From: Peter_22@gmx.de To: Florian Reitmeir Cc: linux-crypto@nl.linux.org MIME-Version: 1.0 References: <20060203150920.GE14104@squat.noreply.org> Subject: Re: SATA Raid0 and loop-aes X-Priority: 3 (Normal) X-Authenticated: #5663700 Message-ID: <5649.1139013508@www072.gmx.net> X-Mailer: WWW-Mail 1.6 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,NO_REAL_NAME autolearn=no version=3.0.1 X-Spam-Level: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Peter_22@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto > --- Ursprüngliche Nachricht --- > Von: Florian Reitmeir > An: linux-crypto@nl.linux.org, Jari Ruusu > > Betreff: Re: SATA Raid0 and loop-aes > Datum: Fri, 3 Feb 2006 16:09:20 +0100 [...] > > Two of them as raid0 should operate faster than one of these high-price > > 500GB wonders with 5 platters inside. Raid0 would be done with Via > chipset > > VT8237. > > Why not using a normal native software raid? (maybe you intend to change > your > mainboard someday..) The software raid from linux is in many cases faster > and > more stable than some "raid"-adapters. May I ask if you mean LVM2 with software raid? How is its impact on cpu load? Yes indeed, upgrading form current 754-socket to 939-socket would be an option in the future. Could I transfer the two SATA drives into another PC an access that raid0 with linux if I use LVM2 for raid setup? I ask because I never did something like that nor have I heard about it. Setting up such a 640GB raid is a decision that has to be well considered. Thanks for help and hints. Regards Peter -- Telefonieren Sie schon oder sparen Sie noch? NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 09 04:42:55 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F72hl-0007Vv-FF; Thu, 09 Feb 2006 04:42:49 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 09 Feb 2006 04:41:52 +0100 (CET) Received: from rayservers.com ([38.99.66.81]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F72cy-0006X3-2P for linux-crypto@nl.linux.org; Thu, 09 Feb 2006 04:37:52 +0100 Received: (qmail 19878 invoked from network); 9 Feb 2006 03:37:04 +0000 Received: from unknown (HELO ?192.168.2.2?) (venkat@rayservers.com@12.31.6.2) by rayservers.com with ESMTPA; 9 Feb 2006 03:37:04 +0000 Message-ID: <43EAB8C4.9000303@rayservers.com> Date: Wed, 08 Feb 2006 22:36:36 -0500 From: Venkat Manakkal User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: hardened kernel and loop-aes X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: venkat@rayservers.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jari, I'm having trouble getting the latest hardened kernel and loop-aes happy with each other, I've used older hardened kernels before. I suspect it is over ambitious lockdown of PaX and GrSecurity. I've tried disabling the Preempt the Big Kernel Lock and using the No Forced Preemption Model (see .config) below... I will try a few other options or move to another kernel, just thought you might be interested. Best regards, - ---Venkat. - -- http://rayservers.com/ 607-546-7300 PGP/GPG: https://rayservers.com/keys/0x12430522.asc Skype: rayservers GDCA: http://www.gdcaonline.org/members/rayservers.htm # head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ | | losetup -p 0 -e AES128 /dev/loop3 /dev/md/1 Segmentation fault uname -a output: Linux kbw 2.6.14-hardened-r5 #4 SMP Thu Feb 9 11:27:10 GMT 2006 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux relevant part of dmesg: eth1: link up, 100Mbps, full-duplex, lpa 0x45E1 Unable to handle kernel paging request at virtual address 0036e6f4 ~ printing eip: 0036cf1c *pgd = 0 *pmd = 0 Oops: 0000 [#1] SMP Modules linked in: loop CPU: 1 EIP: 0060:[<0036cf1c>] Not tainted VLI EFLAGS: 00010a47 (2.6.14-hardened-r5) eax: 00000004 ebx: 64124dcd ecx: 000000cd edx: 5df1ce15 esi: ce8efcaa edi: f7a6b018 ebp: 75b7a29d esp: f74c5c6c ds: 007b es: 007b ss: 0068 Process losetup (pid: 17543, threadinfo=f74c4000 task=f7e54030) Stack: f74c5c84 f74c5d30 00000000 00000008 000000d0 00000000 f74c5cac 00000246 ~ 0036ab77 f7a6b000 f74c5cac 00000010 00000000 f74c5de8 f7ae65d4 f74c5ce8 ~ ce8efcaa 75b7a29d 5df1ce15 124dcd64 449b183f 9204755b 771318a4 1904adc0 Call Trace: ~ [<00000000>] ~ [<00000008>] ~ [<000000d0>] ~ [<00000000>] ~ [<00000246>] ~ [<0036ab77>] ~ [<00000010>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00369239>] ~ [<00000000>] ~ [<00000000>] ~ [<003695af>] ~ [<00369b6d>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000010>] ~ [<00000010>] ~ [<00000000>] ~ [<00000031>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00000000>] ~ [<00369ec3>] ~ [<00000000>] ~ [<00000000>] ~ [<0001af51>] ~ [<00100100>] ~ [<00200200>] ~ [<00369e27>] ~ [<00000000>] ~ [<00004c04>] ~ [<001ccc3c>] ~ [<00004c04>] ~ [<00004c04>] ~ [<001cce41>] ~ [<00004c04>] ~ [<00004c04>] ~ [<0006d37f>] ~ [<00004c04>] ~ [<00078b1a>] ~ [<00004c04>] ~ [<00000000>] ~ [<00004c04>] ~ [<00078cd2>] ~ [<00004c04>] ~ [<00000004>] ~ [<00000000>] ~ [<00078ed3>] ~ [<00000004>] ~ [<00004c04>] ~ [<00000000>] ~ [<00000004>] ~ [<00000000>] ~ [<00002e79>] ~ [<00000004>] ~ [<00004c04>] ~ [<00000000>] ~ [<00000036>] ~ [<0000007b>] ~ [<00000036>] ~ [<00000073>] ~ [<00000246>] ~ [<0000007b>] ~ [<00000000>] ~ [<0000007b>] ~ [<00000036>] ~ [<00000073>] ~ [<00000206>] ~ [<0000007b>] ~ [<00000000>] ~ [<0000007b>] ~ [<00000036>] ~ [<00000073>] ~ [<00000246>] ~ [<0000007b>] ~ [<0000007b>] ~ [<00000073>] ~ [<00000246>] ~ [<0000007b>] ~ [<00000000>] ~ [<00000000>] Code: 31 c6 31 f5 89 b7 b0 00 00 00 89 af b4 00 00 00 31 ea 31 d3 89 97 b8 00 00 00 89 9f bc 00 00 00 e9 06 03 00 00 c1 c3 18 0f b6 cb <8b> 04 8d c0 e3 36 00 0f b6 cf c1 cb 10 33 04 8d c0 e7 36 00 0f the kernel .config cat .config # # Automatically generated make config: don't edit # Linux kernel version: 2.6.14-hardened-r5 # Thu Feb 9 11:19:00 2006 # CONFIG_X86=y CONFIG_SEMAPHORE_SLEEPERS=y CONFIG_MMU=y CONFIG_UID16=y CONFIG_GENERIC_ISA_DMA=y CONFIG_GENERIC_IOMAP=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y # # Code maturity level options # CONFIG_EXPERIMENTAL=y CONFIG_CLEAN_COMPILE=y CONFIG_LOCK_KERNEL=y CONFIG_INIT_ENV_ARG_LIMIT=32 # # General setup # CONFIG_LOCALVERSION="" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_BSD_PROCESS_ACCT_V3=y CONFIG_SYSCTL=y CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_HOTPLUG=y CONFIG_KOBJECT_UEVENT=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y # CONFIG_CPUSETS is not set CONFIG_INITRAMFS_SOURCE="" # CONFIG_EMBEDDED is not set CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_EPOLL=y CONFIG_SHMEM=y CONFIG_CC_ALIGN_FUNCTIONS=0 CONFIG_CC_ALIGN_LABELS=0 CONFIG_CC_ALIGN_LOOPS=0 CONFIG_CC_ALIGN_JUMPS=0 # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # # Loadable module support # CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_OBSOLETE_MODPARM=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y CONFIG_KMOD=y CONFIG_STOP_MACHINE=y # # Processor type and features # CONFIG_X86_PC=y # CONFIG_X86_ELAN is not set # CONFIG_X86_VOYAGER is not set # CONFIG_X86_NUMAQ is not set # CONFIG_X86_SUMMIT is not set # CONFIG_X86_BIGSMP is not set # CONFIG_X86_VISWS is not set # CONFIG_X86_GENERICARCH is not set # CONFIG_X86_ES7000 is not set # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set CONFIG_MPENTIUM4=y # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_X86_GENERIC is not set CONFIG_X86_CMPXCHG=y CONFIG_X86_XADD=y CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_ALIGNMENT_16=y CONFIG_X86_GOOD_APIC=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y # CONFIG_HPET_TIMER is not set CONFIG_SMP=y CONFIG_NR_CPUS=8 CONFIG_SCHED_SMT=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set # CONFIG_PREEMPT_BKL is not set CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y CONFIG_X86_TSC=y CONFIG_X86_MCE=y CONFIG_X86_MCE_NONFATAL=y CONFIG_X86_MCE_P4THERMAL=y # CONFIG_TOSHIBA is not set # CONFIG_I8K is not set # CONFIG_X86_REBOOTFIXUPS is not set CONFIG_MICROCODE=y CONFIG_X86_MSR=y # CONFIG_X86_CPUID is not set # # Firmware Drivers # # CONFIG_EDD is not set # CONFIG_DELL_RBU is not set CONFIG_DCDBAS=m # CONFIG_NOHIGHMEM is not set CONFIG_HIGHMEM4G=y # CONFIG_HIGHMEM64G is not set CONFIG_HIGHMEM=y CONFIG_SELECT_MEMORY_MODEL=y CONFIG_FLATMEM_MANUAL=y # CONFIG_DISCONTIGMEM_MANUAL is not set # CONFIG_SPARSEMEM_MANUAL is not set CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y # CONFIG_SPARSEMEM_STATIC is not set # CONFIG_HIGHPTE is not set # CONFIG_MATH_EMULATION is not set CONFIG_MTRR=y # CONFIG_EFI is not set CONFIG_IRQBALANCE=y # CONFIG_REGPARM is not set CONFIG_SECCOMP=y # CONFIG_HZ_100 is not set CONFIG_HZ_250=y # CONFIG_HZ_1000 is not set CONFIG_HZ=250 CONFIG_PHYSICAL_START=0x100000 # CONFIG_KEXEC is not set # # Power management options (ACPI, APM) # CONFIG_PM=y # CONFIG_PM_DEBUG is not set # # ACPI (Advanced Configuration and Power Interface) Support # CONFIG_ACPI=y CONFIG_ACPI_AC=y CONFIG_ACPI_BATTERY=y CONFIG_ACPI_BUTTON=y CONFIG_ACPI_VIDEO=y # CONFIG_ACPI_HOTKEY is not set CONFIG_ACPI_FAN=y CONFIG_ACPI_PROCESSOR=y CONFIG_ACPI_THERMAL=y # CONFIG_ACPI_ASUS is not set CONFIG_ACPI_IBM=y # CONFIG_ACPI_TOSHIBA is not set CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_EC=y CONFIG_ACPI_POWER=y CONFIG_ACPI_SYSTEM=y # CONFIG_X86_PM_TIMER is not set # CONFIG_ACPI_CONTAINER is not set # # APM (Advanced Power Management) BIOS Support # # CONFIG_APM is not set # # CPU Frequency scaling # CONFIG_CPU_FREQ=y CONFIG_CPU_FREQ_TABLE=y # CONFIG_CPU_FREQ_DEBUG is not set CONFIG_CPU_FREQ_STAT=y # CONFIG_CPU_FREQ_STAT_DETAILS is not set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y # CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set CONFIG_CPU_FREQ_GOV_PERFORMANCE=y # CONFIG_CPU_FREQ_GOV_POWERSAVE is not set # CONFIG_CPU_FREQ_GOV_USERSPACE is not set # CONFIG_CPU_FREQ_GOV_ONDEMAND is not set # CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set # # CPUFreq processor drivers # # CONFIG_X86_ACPI_CPUFREQ is not set # CONFIG_X86_POWERNOW_K6 is not set # CONFIG_X86_POWERNOW_K7 is not set # CONFIG_X86_POWERNOW_K8 is not set # CONFIG_X86_GX_SUSPMOD is not set CONFIG_X86_SPEEDSTEP_CENTRINO=y CONFIG_X86_SPEEDSTEP_CENTRINO_ACPI=y CONFIG_X86_SPEEDSTEP_CENTRINO_TABLE=y CONFIG_X86_SPEEDSTEP_ICH=y # CONFIG_X86_SPEEDSTEP_SMI is not set # CONFIG_X86_P4_CLOCKMOD is not set # CONFIG_X86_CPUFREQ_NFORCE2 is not set # CONFIG_X86_LONGRUN is not set # CONFIG_X86_LONGHAUL is not set # # shared options # # CONFIG_X86_ACPI_CPUFREQ_PROC_INTF is not set CONFIG_X86_SPEEDSTEP_LIB=y # CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK is not set # # Bus options (PCI, PCMCIA, EISA, MCA, ISA) # CONFIG_PCI=y # CONFIG_PCI_GOBIOS is not set # CONFIG_PCI_GOMMCONFIG is not set # CONFIG_PCI_GODIRECT is not set CONFIG_PCI_GOANY=y CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y # CONFIG_PCIEPORTBUS is not set # CONFIG_PCI_MSI is not set CONFIG_PCI_LEGACY_PROC=y CONFIG_ISA_DMA_API=y CONFIG_ISA=y # CONFIG_EISA is not set # CONFIG_MCA is not set # CONFIG_SCx200 is not set # CONFIG_HOTPLUG_CPU is not set # # PCCARD (PCMCIA/CardBus) support # # CONFIG_PCCARD is not set # # PCI Hotplug Support # # CONFIG_HOTPLUG_PCI is not set # # Executable file formats # CONFIG_BINFMT_ELF=y CONFIG_BINFMT_AOUT=y CONFIG_BINFMT_MISC=y # # Networking # CONFIG_NET=y # # Networking options # CONFIG_PACKET=y # CONFIG_PACKET_MMAP is not set CONFIG_UNIX=y # CONFIG_NET_KEY is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_MULTIPATH_CACHED=y CONFIG_IP_ROUTE_MULTIPATH_RR=m CONFIG_IP_ROUTE_MULTIPATH_RANDOM=m CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=m CONFIG_IP_ROUTE_MULTIPATH_DRR=m CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y # CONFIG_IP_MROUTE is not set CONFIG_ARPD=y # CONFIG_SYN_COOKIES is not set # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set # CONFIG_INET_TUNNEL is not set CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_BIC=y # # IP: Virtual Server Configuration # # CONFIG_IP_VS is not set # CONFIG_IPV6 is not set CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set # CONFIG_NETFILTER_NETLINK is not set # # IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_CT_ACCT=y CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y CONFIG_IP_NF_CT_PROTO_SCTP=m CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_NETBIOS_NS=m CONFIG_IP_NF_TFTP=m CONFIG_IP_NF_AMANDA=m CONFIG_IP_NF_PPTP=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_LIMIT=m CONFIG_IP_NF_MATCH_IPRANGE=m CONFIG_IP_NF_MATCH_MAC=m CONFIG_IP_NF_MATCH_PKTTYPE=m CONFIG_IP_NF_MATCH_MARK=m CONFIG_IP_NF_MATCH_MULTIPORT=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_RECENT=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_DSCP=m CONFIG_IP_NF_MATCH_AH_ESP=m CONFIG_IP_NF_MATCH_LENGTH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_TCPMSS=m # CONFIG_IP_NF_MATCH_STEALTH is not set CONFIG_IP_NF_MATCH_HELPER=m CONFIG_IP_NF_MATCH_STATE=m CONFIG_IP_NF_MATCH_CONNTRACK=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_MATCH_ADDRTYPE=m CONFIG_IP_NF_MATCH_REALM=m CONFIG_IP_NF_MATCH_SCTP=m CONFIG_IP_NF_MATCH_DCCP=m CONFIG_IP_NF_MATCH_COMMENT=m CONFIG_IP_NF_MATCH_CONNMARK=m CONFIG_IP_NF_MATCH_CONNBYTES=m CONFIG_IP_NF_MATCH_HASHLIMIT=m CONFIG_IP_NF_MATCH_STRING=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_TCPMSS=m CONFIG_IP_NF_TARGET_NFQUEUE=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_SAME=m # CONFIG_IP_NF_NAT_SNMP_BASIC is not set CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_NAT_TFTP=m CONFIG_IP_NF_NAT_AMANDA=m CONFIG_IP_NF_NAT_PPTP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m CONFIG_IP_NF_TARGET_MARK=m CONFIG_IP_NF_TARGET_CLASSIFY=m CONFIG_IP_NF_TARGET_TTL=m # CONFIG_IP_NF_TARGET_CONNMARK is not set # CONFIG_IP_NF_TARGET_CLUSTERIP is not set CONFIG_IP_NF_RAW=m CONFIG_IP_NF_TARGET_NOTRACK=m CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # # DCCP Configuration (EXPERIMENTAL) # # CONFIG_IP_DCCP is not set # # SCTP Configuration (EXPERIMENTAL) # # CONFIG_IP_SCTP is not set # CONFIG_ATM is not set # CONFIG_BRIDGE is not set # CONFIG_VLAN_8021Q is not set # CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_NET_DIVERT is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set CONFIG_NET_SCHED=y CONFIG_NET_SCH_CLK_JIFFIES=y # CONFIG_NET_SCH_CLK_GETTIMEOFDAY is not set # CONFIG_NET_SCH_CLK_CPU is not set CONFIG_NET_SCH_CBQ=m CONFIG_NET_SCH_HTB=m CONFIG_NET_SCH_HFSC=m CONFIG_NET_SCH_PRIO=m CONFIG_NET_SCH_RED=m CONFIG_NET_SCH_SFQ=m CONFIG_NET_SCH_TEQL=m CONFIG_NET_SCH_TBF=m CONFIG_NET_SCH_GRED=m CONFIG_NET_SCH_DSMARK=m CONFIG_NET_SCH_NETEM=m CONFIG_NET_SCH_INGRESS=m CONFIG_NET_QOS=y CONFIG_NET_ESTIMATOR=y CONFIG_NET_CLS=y CONFIG_NET_CLS_BASIC=m CONFIG_NET_CLS_TCINDEX=m CONFIG_NET_CLS_ROUTE4=m CONFIG_NET_CLS_ROUTE=y # CONFIG_NET_CLS_FW is not set # CONFIG_NET_CLS_U32 is not set # CONFIG_NET_CLS_RSVP is not set # CONFIG_NET_CLS_RSVP6 is not set # CONFIG_NET_EMATCH is not set # CONFIG_NET_CLS_ACT is not set # CONFIG_NET_CLS_POLICE is not set # # Network testing # # CONFIG_NET_PKTGEN is not set # CONFIG_HAMRADIO is not set # CONFIG_IRDA is not set # CONFIG_BT is not set # CONFIG_IEEE80211 is not set # # Device Drivers # # # Generic Driver Options # CONFIG_STANDALONE=y CONFIG_PREVENT_FIRMWARE_BUILD=y CONFIG_FW_LOADER=m # # Connector - unified userspace <-> kernelspace linker # # CONFIG_CONNECTOR is not set # # Memory Technology Devices (MTD) # # CONFIG_MTD is not set # # Parallel port support # CONFIG_PARPORT=y CONFIG_PARPORT_PC=y # CONFIG_PARPORT_SERIAL is not set # CONFIG_PARPORT_PC_FIFO is not set # CONFIG_PARPORT_PC_SUPERIO is not set # CONFIG_PARPORT_GSC is not set # CONFIG_PARPORT_1284 is not set # # Plug and Play support # CONFIG_PNP=y # CONFIG_PNP_DEBUG is not set # # Protocols # # CONFIG_ISAPNP is not set # CONFIG_PNPBIOS is not set CONFIG_PNPACPI=y # # Block devices # CONFIG_BLK_DEV_FD=y # CONFIG_BLK_DEV_XD is not set # CONFIG_PARIDE is not set # CONFIG_BLK_CPQ_DA is not set # CONFIG_BLK_CPQ_CISS_DA is not set # CONFIG_BLK_DEV_DAC960 is not set # CONFIG_BLK_DEV_UMEM is not set # CONFIG_BLK_DEV_COW_COMMON is not set # CONFIG_BLK_DEV_LOOP is not set # CONFIG_BLK_DEV_NBD is not set # CONFIG_BLK_DEV_SX8 is not set # CONFIG_BLK_DEV_UB is not set # CONFIG_BLK_DEV_RAM is not set CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_LBD=y # CONFIG_CDROM_PKTCDVD is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y # CONFIG_ATA_OVER_ETH is not set # # ATA/ATAPI/MFM/RLL support # CONFIG_IDE=y CONFIG_BLK_DEV_IDE=y # # Please see Documentation/ide.txt for help/info on IDE drives # # CONFIG_BLK_DEV_IDE_SATA is not set # CONFIG_BLK_DEV_HD_IDE is not set CONFIG_BLK_DEV_IDEDISK=y CONFIG_IDEDISK_MULTI_MODE=y CONFIG_BLK_DEV_IDECD=y # CONFIG_BLK_DEV_IDETAPE is not set # CONFIG_BLK_DEV_IDEFLOPPY is not set # CONFIG_BLK_DEV_IDESCSI is not set # CONFIG_IDE_TASK_IOCTL is not set # # IDE chipset support/bugfixes # CONFIG_IDE_GENERIC=y CONFIG_BLK_DEV_CMD640=y # CONFIG_BLK_DEV_CMD640_ENHANCED is not set # CONFIG_BLK_DEV_IDEPNP is not set CONFIG_BLK_DEV_IDEPCI=y CONFIG_IDEPCI_SHARE_IRQ=y # CONFIG_BLK_DEV_OFFBOARD is not set CONFIG_BLK_DEV_GENERIC=y # CONFIG_BLK_DEV_OPTI621 is not set CONFIG_BLK_DEV_RZ1000=y CONFIG_BLK_DEV_IDEDMA_PCI=y # CONFIG_BLK_DEV_IDEDMA_FORCED is not set CONFIG_IDEDMA_PCI_AUTO=y # CONFIG_IDEDMA_ONLYDISK is not set # CONFIG_BLK_DEV_AEC62XX is not set # CONFIG_BLK_DEV_ALI15X3 is not set # CONFIG_BLK_DEV_AMD74XX is not set # CONFIG_BLK_DEV_ATIIXP is not set # CONFIG_BLK_DEV_CMD64X is not set # CONFIG_BLK_DEV_TRIFLEX is not set # CONFIG_BLK_DEV_CY82C693 is not set # CONFIG_BLK_DEV_CS5520 is not set # CONFIG_BLK_DEV_CS5530 is not set # CONFIG_BLK_DEV_HPT34X is not set # CONFIG_BLK_DEV_HPT366 is not set # CONFIG_BLK_DEV_SC1200 is not set CONFIG_BLK_DEV_PIIX=y # CONFIG_BLK_DEV_IT821X is not set # CONFIG_BLK_DEV_NS87415 is not set # CONFIG_BLK_DEV_PDC202XX_OLD is not set # CONFIG_BLK_DEV_PDC202XX_NEW is not set # CONFIG_BLK_DEV_SVWKS is not set # CONFIG_BLK_DEV_SIIMAGE is not set # CONFIG_BLK_DEV_SIS5513 is not set # CONFIG_BLK_DEV_SLC90E66 is not set # CONFIG_BLK_DEV_TRM290 is not set # CONFIG_BLK_DEV_VIA82CXXX is not set # CONFIG_IDE_ARM is not set # CONFIG_IDE_CHIPSETS is not set CONFIG_BLK_DEV_IDEDMA=y # CONFIG_IDEDMA_IVB is not set CONFIG_IDEDMA_AUTO=y # CONFIG_BLK_DEV_HD is not set # # SCSI device support # # CONFIG_RAID_ATTRS is not set CONFIG_SCSI=y CONFIG_SCSI_PROC_FS=y # # SCSI support type (disk, tape, CD-ROM) # CONFIG_BLK_DEV_SD=y # CONFIG_CHR_DEV_ST is not set # CONFIG_CHR_DEV_OSST is not set # CONFIG_BLK_DEV_SR is not set CONFIG_CHR_DEV_SG=y # CONFIG_CHR_DEV_SCH is not set # # Some SCSI devices (e.g. CD jukebox) support multiple LUNs # # CONFIG_SCSI_MULTI_LUN is not set # CONFIG_SCSI_CONSTANTS is not set # CONFIG_SCSI_LOGGING is not set # # SCSI Transport Attributes # # CONFIG_SCSI_SPI_ATTRS is not set # CONFIG_SCSI_FC_ATTRS is not set # CONFIG_SCSI_ISCSI_ATTRS is not set # CONFIG_SCSI_SAS_ATTRS is not set # # SCSI low-level drivers # # CONFIG_BLK_DEV_3W_XXXX_RAID is not set # CONFIG_SCSI_3W_9XXX is not set # CONFIG_SCSI_7000FASST is not set # CONFIG_SCSI_ACARD is not set # CONFIG_SCSI_AHA152X is not set # CONFIG_SCSI_AHA1542 is not set # CONFIG_SCSI_AACRAID is not set # CONFIG_SCSI_AIC7XXX is not set # CONFIG_SCSI_AIC7XXX_OLD is not set # CONFIG_SCSI_AIC79XX is not set # CONFIG_SCSI_DPT_I2O is not set # CONFIG_SCSI_IN2000 is not set # CONFIG_MEGARAID_NEWGEN is not set # CONFIG_MEGARAID_LEGACY is not set # CONFIG_MEGARAID_SAS is not set CONFIG_SCSI_SATA=y # CONFIG_SCSI_SATA_AHCI is not set # CONFIG_SCSI_SATA_SVW is not set CONFIG_SCSI_ATA_PIIX=y # CONFIG_SCSI_SATA_MV is not set # CONFIG_SCSI_SATA_NV is not set # CONFIG_SCSI_SATA_PROMISE is not set # CONFIG_SCSI_SATA_QSTOR is not set # CONFIG_SCSI_SATA_SX4 is not set # CONFIG_SCSI_SATA_SIL is not set # CONFIG_SCSI_SATA_SIS is not set # CONFIG_SCSI_SATA_ULI is not set # CONFIG_SCSI_SATA_VIA is not set # CONFIG_SCSI_SATA_VITESSE is not set CONFIG_SCSI_SATA_INTEL_COMBINED=y # CONFIG_SCSI_BUSLOGIC is not set # CONFIG_SCSI_DMX3191D is not set # CONFIG_SCSI_DTC3280 is not set # CONFIG_SCSI_EATA is not set # CONFIG_SCSI_FUTURE_DOMAIN is not set # CONFIG_SCSI_GDTH is not set # CONFIG_SCSI_GENERIC_NCR5380 is not set # CONFIG_SCSI_GENERIC_NCR5380_MMIO is not set # CONFIG_SCSI_IPS is not set # CONFIG_SCSI_INITIO is not set # CONFIG_SCSI_INIA100 is not set # CONFIG_SCSI_PPA is not set # CONFIG_SCSI_IMM is not set # CONFIG_SCSI_NCR53C406A is not set # CONFIG_SCSI_SYM53C8XX_2 is not set CONFIG_SCSI_IPR=m # CONFIG_SCSI_IPR_TRACE is not set # CONFIG_SCSI_IPR_DUMP is not set # CONFIG_SCSI_PAS16 is not set # CONFIG_SCSI_PSI240I is not set # CONFIG_SCSI_QLOGIC_FAS is not set # CONFIG_SCSI_QLOGIC_FC is not set # CONFIG_SCSI_QLOGIC_1280 is not set CONFIG_SCSI_QLA2XXX=y # CONFIG_SCSI_QLA21XX is not set # CONFIG_SCSI_QLA22XX is not set # CONFIG_SCSI_QLA2300 is not set # CONFIG_SCSI_QLA2322 is not set # CONFIG_SCSI_QLA6312 is not set # CONFIG_SCSI_QLA24XX is not set # CONFIG_SCSI_LPFC is not set # CONFIG_SCSI_SYM53C416 is not set # CONFIG_SCSI_DC395x is not set # CONFIG_SCSI_DC390T is not set # CONFIG_SCSI_T128 is not set # CONFIG_SCSI_U14_34F is not set # CONFIG_SCSI_ULTRASTOR is not set # CONFIG_SCSI_NSP32 is not set # CONFIG_SCSI_DEBUG is not set # # Old CD-ROM drivers (not SCSI, not IDE) # # CONFIG_CD_NO_IDESCSI is not set # # Multi-device support (RAID and LVM) # CONFIG_MD=y CONFIG_BLK_DEV_MD=y # CONFIG_MD_LINEAR is not set # CONFIG_MD_RAID0 is not set CONFIG_MD_RAID1=y # CONFIG_MD_RAID10 is not set # CONFIG_MD_RAID5 is not set # CONFIG_MD_RAID6 is not set # CONFIG_MD_MULTIPATH is not set # CONFIG_MD_FAULTY is not set CONFIG_BLK_DEV_DM=y CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_MIRROR=y CONFIG_DM_ZERO=y CONFIG_DM_MULTIPATH=y CONFIG_DM_MULTIPATH_EMC=y CONFIG_BLK_DEV_DM_BBR=y # # Fusion MPT device support # # CONFIG_FUSION is not set # CONFIG_FUSION_SPI is not set # CONFIG_FUSION_FC is not set # CONFIG_FUSION_SAS is not set # # IEEE 1394 (FireWire) support # CONFIG_IEEE1394=y # # Subsystem Options # # CONFIG_IEEE1394_VERBOSEDEBUG is not set # CONFIG_IEEE1394_OUI_DB is not set # CONFIG_IEEE1394_EXTRA_CONFIG_ROMS is not set # CONFIG_IEEE1394_EXPORT_FULL_API is not set # # Device Drivers # # # Texas Instruments PCILynx requires I2C # CONFIG_IEEE1394_OHCI1394=y # # Protocol Drivers # # CONFIG_IEEE1394_VIDEO1394 is not set # CONFIG_IEEE1394_SBP2 is not set # CONFIG_IEEE1394_ETH1394 is not set # CONFIG_IEEE1394_DV1394 is not set CONFIG_IEEE1394_RAWIO=y # CONFIG_IEEE1394_CMP is not set # # I2O device support # # CONFIG_I2O is not set # # Network device support # CONFIG_NETDEVICES=y CONFIG_DUMMY=m # CONFIG_BONDING is not set # CONFIG_EQUALIZER is not set CONFIG_TUN=m # CONFIG_NET_SB1000 is not set # # ARCnet devices # # CONFIG_ARCNET is not set # # PHY device support # # CONFIG_PHYLIB is not set # # Ethernet (10 or 100Mbit) # CONFIG_NET_ETHERNET=y CONFIG_MII=y # CONFIG_HAPPYMEAL is not set # CONFIG_SUNGEM is not set # CONFIG_CASSINI is not set # CONFIG_NET_VENDOR_3COM is not set # CONFIG_LANCE is not set # CONFIG_NET_VENDOR_SMC is not set # CONFIG_NET_VENDOR_RACAL is not set # # Tulip family network device support # # CONFIG_NET_TULIP is not set # CONFIG_AT1700 is not set # CONFIG_DEPCA is not set # CONFIG_HP100 is not set # CONFIG_NET_ISA is not set CONFIG_NET_PCI=y # CONFIG_PCNET32 is not set # CONFIG_AMD8111_ETH is not set # CONFIG_ADAPTEC_STARFIRE is not set # CONFIG_AC3200 is not set # CONFIG_APRICOT is not set # CONFIG_B44 is not set # CONFIG_FORCEDETH is not set # CONFIG_CS89x0 is not set # CONFIG_DGRS is not set # CONFIG_EEPRO100 is not set # CONFIG_E100 is not set # CONFIG_FEALNX is not set # CONFIG_NATSEMI is not set # CONFIG_NE2K_PCI is not set # CONFIG_8139CP is not set CONFIG_8139TOO=y CONFIG_8139TOO_PIO=y # CONFIG_8139TOO_TUNE_TWISTER is not set # CONFIG_8139TOO_8129 is not set # CONFIG_8139_OLD_RX_RESET is not set # CONFIG_SIS900 is not set # CONFIG_EPIC100 is not set # CONFIG_SUNDANCE is not set # CONFIG_TLAN is not set # CONFIG_VIA_RHINE is not set # CONFIG_NET_POCKET is not set # # Ethernet (1000 Mbit) # # CONFIG_ACENIC is not set # CONFIG_DL2K is not set # CONFIG_E1000 is not set # CONFIG_NS83820 is not set # CONFIG_HAMACHI is not set # CONFIG_YELLOWFIN is not set # CONFIG_R8169 is not set # CONFIG_SIS190 is not set # CONFIG_SKGE is not set # CONFIG_SK98LIN is not set # CONFIG_VIA_VELOCITY is not set # CONFIG_TIGON3 is not set # CONFIG_BNX2 is not set # # Ethernet (10000 Mbit) # # CONFIG_CHELSIO_T1 is not set # CONFIG_IXGB is not set # CONFIG_S2IO is not set # # Token Ring devices # # CONFIG_TR is not set # # Wireless LAN (non-hamradio) # # CONFIG_NET_RADIO is not set # # Wan interfaces # # CONFIG_WAN is not set # CONFIG_FDDI is not set # CONFIG_HIPPI is not set # CONFIG_PLIP is not set # CONFIG_PPP is not set # CONFIG_SLIP is not set # CONFIG_NET_FC is not set # CONFIG_SHAPER is not set # CONFIG_NETCONSOLE is not set # CONFIG_NETPOLL is not set # CONFIG_NET_POLL_CONTROLLER is not set # # ISDN subsystem # # CONFIG_ISDN is not set # # Telephony Support # # CONFIG_PHONE is not set # # Input device support # CONFIG_INPUT=y # # Userland interfaces # CONFIG_INPUT_MOUSEDEV=y CONFIG_INPUT_MOUSEDEV_PSAUX=y CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 # CONFIG_INPUT_JOYDEV is not set # CONFIG_INPUT_TSDEV is not set # CONFIG_INPUT_EVDEV is not set # CONFIG_INPUT_EVBUG is not set # # Input Device Drivers # CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ATKBD=y # CONFIG_KEYBOARD_SUNKBD is not set # CONFIG_KEYBOARD_LKKBD is not set # CONFIG_KEYBOARD_XTKBD is not set # CONFIG_KEYBOARD_NEWTON is not set CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=y # CONFIG_MOUSE_SERIAL is not set # CONFIG_MOUSE_INPORT is not set # CONFIG_MOUSE_LOGIBM is not set # CONFIG_MOUSE_PC110PAD is not set # CONFIG_MOUSE_VSXXXAA is not set # CONFIG_INPUT_JOYSTICK is not set # CONFIG_INPUT_TOUCHSCREEN is not set # CONFIG_INPUT_MISC is not set # # Hardware I/O ports # CONFIG_SERIO=y CONFIG_SERIO_I8042=y # CONFIG_SERIO_SERPORT is not set # CONFIG_SERIO_CT82C710 is not set # CONFIG_SERIO_PARKBD is not set # CONFIG_SERIO_PCIPS2 is not set CONFIG_SERIO_LIBPS2=y # CONFIG_SERIO_RAW is not set # CONFIG_GAMEPORT is not set # # Character devices # CONFIG_VT=y CONFIG_VT_CONSOLE=y CONFIG_HW_CONSOLE=y # CONFIG_SERIAL_NONSTANDARD is not set # # Serial drivers # CONFIG_SERIAL_8250=y # CONFIG_SERIAL_8250_CONSOLE is not set # CONFIG_SERIAL_8250_ACPI is not set CONFIG_SERIAL_8250_NR_UARTS=4 # CONFIG_SERIAL_8250_EXTENDED is not set # # Non-8250 serial port support # CONFIG_SERIAL_CORE=y # CONFIG_SERIAL_JSM is not set CONFIG_UNIX98_PTYS=y CONFIG_LEGACY_PTYS=y CONFIG_LEGACY_PTY_COUNT=256 CONFIG_PRINTER=y # CONFIG_LP_CONSOLE is not set # CONFIG_PPDEV is not set # CONFIG_TIPAR is not set # # IPMI # # CONFIG_IPMI_HANDLER is not set # # Watchdog Cards # # CONFIG_WATCHDOG is not set # CONFIG_HW_RANDOM is not set # CONFIG_NVRAM is not set CONFIG_RTC=y # CONFIG_DTLK is not set # CONFIG_R3964 is not set # CONFIG_APPLICOM is not set # CONFIG_SONYPI is not set # # Ftape, the floppy tape device driver # CONFIG_AGP=y # CONFIG_AGP_ALI is not set # CONFIG_AGP_ATI is not set # CONFIG_AGP_AMD is not set # CONFIG_AGP_AMD64 is not set CONFIG_AGP_INTEL=y # CONFIG_AGP_NVIDIA is not set # CONFIG_AGP_SIS is not set # CONFIG_AGP_SWORKS is not set # CONFIG_AGP_VIA is not set # CONFIG_AGP_EFFICEON is not set CONFIG_DRM=y # CONFIG_DRM_TDFX is not set # CONFIG_DRM_R128 is not set # CONFIG_DRM_RADEON is not set # CONFIG_DRM_I810 is not set # CONFIG_DRM_I830 is not set # CONFIG_DRM_I915 is not set # CONFIG_DRM_MGA is not set # CONFIG_DRM_SIS is not set # CONFIG_DRM_VIA is not set # CONFIG_DRM_SAVAGE is not set # CONFIG_MWAVE is not set # CONFIG_RAW_DRIVER is not set # CONFIG_HPET is not set # CONFIG_HANGCHECK_TIMER is not set # # TPM devices # # CONFIG_TCG_TPM is not set # # I2C support # # CONFIG_I2C is not set # # Dallas's 1-wire bus # # CONFIG_W1 is not set # # Hardware Monitoring support # CONFIG_HWMON=y # CONFIG_HWMON_VID is not set # CONFIG_SENSORS_HDAPS is not set # CONFIG_HWMON_DEBUG_CHIP is not set # # Misc devices # # CONFIG_IBM_ASM is not set # # Multimedia Capabilities Port drivers # # # Multimedia devices # # CONFIG_VIDEO_DEV is not set # # Digital Video Broadcasting Devices # # CONFIG_DVB is not set # # Graphics support # # CONFIG_FB is not set # CONFIG_VIDEO_SELECT is not set # # Console display driver support # CONFIG_VGA_CONSOLE=y # CONFIG_MDA_CONSOLE is not set CONFIG_DUMMY_CONSOLE=y # # Sound # # CONFIG_SOUND is not set # # USB support # CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB_ARCH_HAS_OHCI=y CONFIG_USB=y # CONFIG_USB_DEBUG is not set # # Miscellaneous USB options # CONFIG_USB_DEVICEFS=y # CONFIG_USB_BANDWIDTH is not set # CONFIG_USB_DYNAMIC_MINORS is not set # CONFIG_USB_SUSPEND is not set # CONFIG_USB_OTG is not set # # USB Host Controller Drivers # CONFIG_USB_EHCI_HCD=y # CONFIG_USB_EHCI_SPLIT_ISO is not set # CONFIG_USB_EHCI_ROOT_HUB_TT is not set # CONFIG_USB_ISP116X_HCD is not set # CONFIG_USB_OHCI_HCD is not set CONFIG_USB_UHCI_HCD=y # CONFIG_USB_SL811_HCD is not set # # USB Device Class drivers # # CONFIG_USB_BLUETOOTH_TTY is not set # CONFIG_USB_ACM is not set CONFIG_USB_PRINTER=y # # NOTE: USB_STORAGE enables SCSI, and 'SCSI disk support' may also be needed; see USB_STORAGE Help for more information # CONFIG_USB_STORAGE=y # CONFIG_USB_STORAGE_DEBUG is not set # CONFIG_USB_STORAGE_DATAFAB is not set # CONFIG_USB_STORAGE_FREECOM is not set # CONFIG_USB_STORAGE_ISD200 is not set # CONFIG_USB_STORAGE_DPCM is not set # CONFIG_USB_STORAGE_USBAT is not set # CONFIG_USB_STORAGE_SDDR09 is not set # CONFIG_USB_STORAGE_SDDR55 is not set # CONFIG_USB_STORAGE_JUMPSHOT is not set # # USB Input Devices # CONFIG_USB_HID=y CONFIG_USB_HIDINPUT=y # CONFIG_HID_FF is not set # CONFIG_USB_HIDDEV is not set # CONFIG_USB_AIPTEK is not set # CONFIG_USB_WACOM is not set # CONFIG_USB_ACECAD is not set # CONFIG_USB_KBTAB is not set # CONFIG_USB_POWERMATE is not set # CONFIG_USB_MTOUCH is not set # CONFIG_USB_ITMTOUCH is not set CONFIG_USB_EGALAX=m # CONFIG_USB_YEALINK is not set # CONFIG_USB_XPAD is not set # CONFIG_USB_ATI_REMOTE is not set # CONFIG_USB_KEYSPAN_REMOTE is not set # CONFIG_USB_APPLETOUCH is not set # # USB Imaging devices # # CONFIG_USB_MDC800 is not set # CONFIG_USB_MICROTEK is not set # # USB Multimedia devices # # CONFIG_USB_DABUSB is not set # # Video4Linux support is needed for USB Multimedia device support # # # USB Network Adapters # # CONFIG_USB_CATC is not set # CONFIG_USB_KAWETH is not set # CONFIG_USB_PEGASUS is not set # CONFIG_USB_RTL8150 is not set # CONFIG_USB_USBNET is not set CONFIG_USB_MON=y # # USB port drivers # # CONFIG_USB_USS720 is not set # # USB Serial Converter support # # CONFIG_USB_SERIAL is not set # # USB Miscellaneous drivers # # CONFIG_USB_EMI62 is not set # CONFIG_USB_EMI26 is not set # CONFIG_USB_AUERSWALD is not set # CONFIG_USB_RIO500 is not set # CONFIG_USB_LEGOTOWER is not set # CONFIG_USB_LCD is not set # CONFIG_USB_LED is not set CONFIG_USB_CYTHERM=m # CONFIG_USB_PHIDGETKIT is not set CONFIG_USB_PHIDGETSERVO=m # CONFIG_USB_IDMOUSE is not set # CONFIG_USB_SISUSBVGA is not set # CONFIG_USB_LD is not set # CONFIG_USB_TEST is not set # # USB DSL modem support # # # USB Gadget Support # # CONFIG_USB_GADGET is not set # # MMC/SD Card support # # CONFIG_MMC is not set # # InfiniBand support # # CONFIG_INFINIBAND is not set # # SN Devices # # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT2_FS_XIP=y CONFIG_FS_XIP=y CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y CONFIG_JBD=y # CONFIG_JBD_DEBUG is not set CONFIG_FS_MBCACHE=y CONFIG_REISERFS_FS=y # CONFIG_REISERFS_CHECK is not set # CONFIG_REISERFS_PROC_INFO is not set # CONFIG_REISERFS_FS_XATTR is not set # CONFIG_JFS_FS is not set CONFIG_FS_POSIX_ACL=y # CONFIG_XFS_FS is not set CONFIG_MINIX_FS=y # CONFIG_ROMFS_FS is not set CONFIG_INOTIFY=y # CONFIG_QUOTA is not set CONFIG_DNOTIFY=y # CONFIG_AUTOFS_FS is not set CONFIG_AUTOFS4_FS=y # CONFIG_FUSE_FS is not set # # CD-ROM/DVD Filesystems # CONFIG_ISO9660_FS=y CONFIG_JOLIET=y # CONFIG_ZISOFS is not set CONFIG_UDF_FS=y CONFIG_UDF_NLS=y # # DOS/FAT/NT Filesystems # CONFIG_FAT_FS=y CONFIG_MSDOS_FS=y CONFIG_VFAT_FS=y CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" # CONFIG_NTFS_FS is not set # # Pseudo filesystems # CONFIG_PROC_FS=y CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_HUGETLBFS is not set # CONFIG_HUGETLB_PAGE is not set CONFIG_RAMFS=y # CONFIG_RELAYFS_FS is not set # # Miscellaneous filesystems # # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set # CONFIG_HFSPLUS_FS is not set # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set # # Network File Systems # CONFIG_NFS_FS=y # CONFIG_NFS_V3 is not set # CONFIG_NFS_V4 is not set # CONFIG_NFS_DIRECTIO is not set CONFIG_NFSD=y # CONFIG_NFSD_V3 is not set CONFIG_NFSD_TCP=y CONFIG_LOCKD=y CONFIG_EXPORTFS=y CONFIG_NFS_COMMON=y CONFIG_SUNRPC=y # CONFIG_RPCSEC_GSS_KRB5 is not set # CONFIG_RPCSEC_GSS_SPKM3 is not set # CONFIG_SMB_FS is not set # CONFIG_CIFS is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set # CONFIG_9P_FS is not set # # Partition Types # # CONFIG_PARTITION_ADVANCED is not set CONFIG_MSDOS_PARTITION=y # # Native Language Support # CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-1" CONFIG_NLS_CODEPAGE_437=y # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set # CONFIG_NLS_CODEPAGE_850 is not set # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_936 is not set # CONFIG_NLS_CODEPAGE_950 is not set # CONFIG_NLS_CODEPAGE_932 is not set # CONFIG_NLS_CODEPAGE_949 is not set # CONFIG_NLS_CODEPAGE_874 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set # CONFIG_NLS_ASCII is not set CONFIG_NLS_ISO8859_1=y # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_13 is not set # CONFIG_NLS_ISO8859_14 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set # CONFIG_NLS_KOI8_U is not set # CONFIG_NLS_UTF8 is not set # # Profiling support # CONFIG_PROFILING=y CONFIG_OPROFILE=y # # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_LOG_BUF_SHIFT=15 CONFIG_DEBUG_BUGVERBOSE=y CONFIG_EARLY_PRINTK=y CONFIG_X86_FIND_SMP_CONFIG=y CONFIG_X86_MPPARSE=y # # Security options # # # PaX # CONFIG_PAX=y # # PaX Control # CONFIG_PAX_SOFTMODE=y CONFIG_PAX_EI_PAX=y CONFIG_PAX_PT_PAX_FLAGS=y # CONFIG_PAX_NO_ACL_FLAGS is not set CONFIG_PAX_HAVE_ACL_FLAGS=y # CONFIG_PAX_HOOK_ACL_FLAGS is not set # # Non-executable pages # CONFIG_PAX_NOEXEC=y CONFIG_PAX_PAGEEXEC=y CONFIG_PAX_SEGMEXEC=y # CONFIG_PAX_DEFAULT_PAGEEXEC is not set CONFIG_PAX_DEFAULT_SEGMEXEC=y CONFIG_PAX_EMUTRAMP=y CONFIG_PAX_MPROTECT=y CONFIG_PAX_NOELFRELOCS=y CONFIG_PAX_KERNEXEC=y # # Address Space Layout Randomization # CONFIG_PAX_ASLR=y CONFIG_PAX_RANDKSTACK=y CONFIG_PAX_RANDUSTACK=y CONFIG_PAX_RANDMMAP=y CONFIG_PAX_NOVSYSCALL=y # # Grsecurity # CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_LOW is not set # CONFIG_GRKERNSEC_MEDIUM is not set # CONFIG_GRKERNSEC_HIGH is not set CONFIG_GRKERNSEC_CUSTOM=y # # Address Space Protection # CONFIG_GRKERNSEC_KMEM=y CONFIG_GRKERNSEC_IO=y CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODSTOP=y CONFIG_GRKERNSEC_HIDESYM=y # # Role Based Access Control Options # # CONFIG_GRKERNSEC_ACL_HIDEKERN is not set CONFIG_GRKERNSEC_ACL_MAXTRIES=3 CONFIG_GRKERNSEC_ACL_TIMEOUT=30 # # Filesystem Protections # CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y CONFIG_GRKERNSEC_CHROOT_DOUBLE=y CONFIG_GRKERNSEC_CHROOT_PIVOT=y CONFIG_GRKERNSEC_CHROOT_CHDIR=y CONFIG_GRKERNSEC_CHROOT_CHMOD=y CONFIG_GRKERNSEC_CHROOT_FCHDIR=y CONFIG_GRKERNSEC_CHROOT_MKNOD=y CONFIG_GRKERNSEC_CHROOT_SHMAT=y CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y CONFIG_GRKERNSEC_CHROOT_CAPS=y # # Kernel Auditing # # CONFIG_GRKERNSEC_AUDIT_GROUP is not set # CONFIG_GRKERNSEC_EXECLOG is not set # CONFIG_GRKERNSEC_RESLOG is not set # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set # CONFIG_GRKERNSEC_AUDIT_IPC is not set # CONFIG_GRKERNSEC_SIGNAL is not set CONFIG_GRKERNSEC_FORKFAIL=y # CONFIG_GRKERNSEC_TIME is not set # CONFIG_GRKERNSEC_PROC_IPADDR is not set # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set # # Executable Protections # CONFIG_GRKERNSEC_EXECVE=y CONFIG_GRKERNSEC_SHM=y CONFIG_GRKERNSEC_DMESG=y CONFIG_GRKERNSEC_RANDPID=y # CONFIG_GRKERNSEC_TPE is not set # # Network Protections # CONFIG_GRKERNSEC_RANDNET=y CONFIG_GRKERNSEC_RANDSRC=y CONFIG_GRKERNSEC_SOCKET=y # CONFIG_GRKERNSEC_SOCKET_ALL is not set # CONFIG_GRKERNSEC_SOCKET_CLIENT is not set # CONFIG_GRKERNSEC_SOCKET_SERVER is not set # # Sysctl support # CONFIG_GRKERNSEC_SYSCTL=y CONFIG_GRKERNSEC_SYSCTL_ON=y # # Logging Options # CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=4 # CONFIG_KEYS is not set CONFIG_SECURITY=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_CAPABILITIES is not set # CONFIG_SECURITY_ROOTPLUG is not set # CONFIG_SECURITY_SECLVL is not set # CONFIG_SECURITY_SELINUX is not set # # Cryptographic options # CONFIG_CRYPTO=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=m CONFIG_CRYPTO_SHA1=m CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_DES=m CONFIG_CRYPTO_BLOWFISH=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_AES_586=m CONFIG_CRYPTO_CAST5=m CONFIG_CRYPTO_CAST6=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_ARC4=m CONFIG_CRYPTO_KHAZAD=m CONFIG_CRYPTO_ANUBIS=m CONFIG_CRYPTO_DEFLATE=m CONFIG_CRYPTO_MICHAEL_MIC=m CONFIG_CRYPTO_CRC32C=m # CONFIG_CRYPTO_TEST is not set # # Hardware crypto devices # CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=y # # Library routines # CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC32=y CONFIG_LIBCRC32C=m CONFIG_ZLIB_INFLATE=m CONFIG_ZLIB_DEFLATE=m CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=m CONFIG_TEXTSEARCH_BM=m CONFIG_TEXTSEARCH_FSM=m CONFIG_GENERIC_HARDIRQS=y CONFIG_GENERIC_IRQ_PROBE=y CONFIG_GENERIC_PENDING_IRQ=y CONFIG_X86_SMP=y CONFIG_X86_HT=y CONFIG_X86_BIOS_REBOOT=y CONFIG_X86_TRAMPOLINE=y CONFIG_PC=y -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD6ri9WdkW/RJDBSIRAttMAKDJ5rGAXdP0Av6ggO3OBhLiM/368ACff32h PT2taa++/Gjtg7OK+0TvLPk= =wCKS -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 09 06:41:45 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F74Yj-0007m2-WA; Thu, 09 Feb 2006 06:41:38 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 09 Feb 2006 06:40:58 +0100 (CET) Received: from revere.aoc.nrao.edu ([146.88.1.15]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F74Xk-0007Sw-HI for linux-crypto@nl.linux.org; Thu, 09 Feb 2006 06:40:36 +0100 Received: from cly.aoc.nrao.edu (cly.aoc.nrao.edu [146.88.3.188]) by revere.aoc.nrao.edu (8.13.1/8.13.1/cv-ws-8.12) with ESMTP id k195eGX2018491; Wed, 8 Feb 2006 22:40:16 -0700 Received: from [10.0.1.3] (dsl-209-155-89-94.sdc.org [209.155.89.94]) (authenticated bits=0) by cly.aoc.nrao.edu (8.13.1/8.13.1) with ESMTP id k195e8UH027284 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Wed, 8 Feb 2006 22:40:14 -0700 In-Reply-To: <43EAB8C4.9000303@rayservers.com> References: <43EAB8C4.9000303@rayservers.com> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-1-95138441; protocol="application/pkcs7-signature" Message-Id: <75A1E228-C193-466D-BA55-942F1FEE5B38@nrao.edu> Cc: linux-crypto@nl.linux.org From: Boyd Waters Subject: Re: hardened kernel and loop-aes Date: Wed, 8 Feb 2006 22:40:11 -0700 To: Venkat Manakkal X-Mailer: Apple Mail (2.746.2) X-MailScanner-Information: Please contact postmaster@aoc.nrao.edu for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-101.44, required 5, autolearn=disabled, ALL_TRUSTED -1.44, USER_IN_WHITELIST -100.00) X-MailScanner-From: bwaters@nrao.edu Received-SPF: X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=no version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bwaters@nrao.edu Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto --Apple-Mail-1-95138441 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On a Gentoo system yesterday, after installing loop-aes-3.1c I received the warning that the loop.ko module has an executable stack. However, I did not receive that message just now when re-installing. On Feb 8, 2006, at 8:36 PM, Venkat Manakkal wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Jari, > > I'm having trouble getting the latest hardened kernel and loop-aes > happy with > each other, I've used older hardened kernels before. I suspect it > is over > ambitious lockdown of PaX and GrSecurity. > > > # head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ > | | losetup -p 0 -e AES128 /dev/loop3 /dev/md/1 > Segmentation fault > > uname -a output: > > Linux kbw 2.6.14-hardened-r5 #4 SMP Thu Feb 9 11:27:10 GMT 2006 > i686 Intel(R) > Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux --Apple-Mail-1-95138441 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGFDCCAs0w ggI2oAMCAQICAw/xvTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIElzc3VpbmcgQ0EwHhcNMDUxMTI5MjI1NjIwWhcNMDYxMTI5MjI1NjIwWjBCMR8wHQYDVQQD ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhBid2F0ZXJzQG5yYW8uZWR1 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLzyMs7hT0kZ4/7b8/DuVwJqBN3Vqbzb 5A7EiBHEbkzIg74ybHh+yLJkO0pXduDSUg/siFpOv9S639A//akORNiLoKGCxCObpppms2wNg1OV SRA8bwWJkkkZTHo9+JLkoxpKxcvT/kZlGY8WAXkwyVcvY2DHlIUBUjNFhY73RZIr4jeKzztrAQWX T/7wQVxagKESj+IYb625xQN+k0yCx+HoIi741vXZ09woEnpHXKG2zXE6NWprPVEw6FzaN8QFzp4F uZY1MsDoBg6QvkLpPDlVt4Hms69i8PGP2nlO/+9TzLd2qMZwgD2tF8i5t/lP0VZfcWiG0fluBcid 02D5eQIDAQABoy0wKzAbBgNVHREEFDASgRBid2F0ZXJzQG5yYW8uZWR1MAwGA1UdEwEB/wQCMAAw DQYJKoZIhvcNAQEEBQADgYEAJvBHtNrGWESYoZIYgKMvQOCNwYj8YpeK81CzZZ8E3jreQLXg/4sr q3qfBFTv4WPh0pqy3t92uMpNCq58Yqp5G6t7fVhNpS5YA9VPXAZHBkjaH29qcXimBBgkmx4XP6c/ 62lzXT80fHo0bizNEyqpKeN/nn7hL2jLC2r06phkjFgwggM/MIICqKADAgECAgENMA0GCSqGSIb3 DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlD YXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0 aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg Q0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3 MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENv bnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f 6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYk KhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGj gZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRo YXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0R BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM 0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZ Nd4ksdMdRv9dX2VPMYIC5zCCAuMCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls IElzc3VpbmcgQ0ECAw/xvTAJBgUrDgMCGgUAoIIBUzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0wNjAyMDkwNTQwMTJaMCMGCSqGSIb3DQEJBDEWBBShmpx8nsR/fS8V WRJIpMPYMkmWJjB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3 dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQQIDD/G9MHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw/xvTANBgkqhkiG9w0BAQEFAASCAQAQJ2PfCP51AZzE N8XmTyNyWuv7NyyeT6c7ha93+5rFWQUtoGlaL6z0s1WzDUWYjDWnDlYHH08J5lXLXg1XiBJgjqJ+ bEoA/pSIAE3pVejLUjdxjY27m/CXIoT5Qdu0lyxrb1efvk7c+l7SXiVpochk+twao80XUkejysfi KrSl5Jm3wo97Qr/yPwDXK0NBPEn6aRjSVriIzmzcOC5qxFvjIgDwuOMufuEQKC/gcaXCjpgNutVY 2aIjY6MaYG2RADGvvbf8SBqOMOX4HzDvDPuColyOR26MxMrMI1ecwMijCDNTGRdObKJaFGZD3wE6 4DbDvRgVVp2ctopP81SZXm4+AAAAAAAA --Apple-Mail-1-95138441-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Feb 09 14:20:35 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F7Bip-00013x-DA; Thu, 09 Feb 2006 14:20:31 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Thu, 09 Feb 2006 14:19:57 +0100 (CET) Received: from rayservers.com ([38.99.66.81]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F7BhQ-0000qx-26 for linux-crypto@nl.linux.org; Thu, 09 Feb 2006 14:19:04 +0100 Received: (qmail 2944 invoked from network); 9 Feb 2006 13:18:28 +0000 Received: from unknown (HELO ?192.168.2.2?) (venkat@rayservers.com@12.31.6.2) by rayservers.com with ESMTPA; 9 Feb 2006 13:18:28 +0000 Message-ID: <43EB4101.4050907@rayservers.com> Date: Thu, 09 Feb 2006 08:17:53 -0500 From: Venkat Manakkal User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013) X-Accept-Language: en-us, en MIME-Version: 1.0 To: linux-crypto@nl.linux.org Subject: Re: hardened kernel and loop-aes References: <43EAB8C4.9000303@rayservers.com> <75A1E228-C193-466D-BA55-942F1FEE5B38@nrao.edu> In-Reply-To: <75A1E228-C193-466D-BA55-942F1FEE5B38@nrao.edu> X-Enigmail-Version: 0.92.1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: venkat@rayservers.com Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/09/2006 12:40 AM, Boyd Waters wrote: | On a Gentoo system yesterday, after installing loop-aes-3.1c I received | the warning that the loop.ko module has an executable stack. I think that was the issue after all (PaX was set to enforce non executable stack in the kernel), I now have that kernel working - I had another .config on another machine with the hardened kernel that worked out, and so I used that .config, did a make oldconfig, set up the hardware, and the diff between the .config I posted and one that is now working is below: Cheers, - ---Venkat. 4c4 < # Thu Feb 9 11:19:00 2006 - --- | # Thu Feb 9 20:19:24 2006 121c121 < # CONFIG_PREEMPT_BKL is not set - --- | CONFIG_PREEMPT_BKL=y 140c140 < CONFIG_DCDBAS=m - --- | # CONFIG_DCDBAS is not set 177c177 < CONFIG_ACPI_BATTERY=y - --- | # CONFIG_ACPI_BATTERY is not set 179,180c179,180 < CONFIG_ACPI_VIDEO=y < # CONFIG_ACPI_HOTKEY is not set - --- | CONFIG_ACPI_VIDEO=m | CONFIG_ACPI_HOTKEY=m 185c185 < CONFIG_ACPI_IBM=y - --- | # CONFIG_ACPI_IBM is not set 228,229c228,229 < # CONFIG_X86_SPEEDSTEP_SMI is not set < # CONFIG_X86_P4_CLOCKMOD is not set - --- | CONFIG_X86_SPEEDSTEP_SMI=y | CONFIG_X86_P4_CLOCKMOD=y 251c251 < # CONFIG_PCIEPORTBUS is not set - --- | CONFIG_PCIEPORTBUS=y 288a289,290 | CONFIG_XFRM=y | # CONFIG_XFRM_USER is not set 307,308c309 < CONFIG_NET_IPGRE=m < CONFIG_NET_IPGRE_BROADCAST=y - --- | # CONFIG_NET_IPGRE is not set 315c316 < # CONFIG_INET_TUNNEL is not set - --- | CONFIG_INET_TUNNEL=y 328c329,331 < # CONFIG_NETFILTER_NETLINK is not set - --- | CONFIG_NETFILTER_NETLINK=m | CONFIG_NETFILTER_NETLINK_QUEUE=m | CONFIG_NETFILTER_NETLINK_LOG=m 343c346 < CONFIG_IP_NF_PPTP=m - --- | # CONFIG_IP_NF_PPTP is not set 360c363 < # CONFIG_IP_NF_MATCH_STEALTH is not set - --- | CONFIG_IP_NF_MATCH_STEALTH=m 368c371 < CONFIG_IP_NF_MATCH_DCCP=m - --- | # CONFIG_IP_NF_MATCH_DCCP is not set 386c389 < # CONFIG_IP_NF_NAT_SNMP_BASIC is not set - --- | CONFIG_IP_NF_NAT_SNMP_BASIC=m 391d393 < CONFIG_IP_NF_NAT_PPTP=m 399,400c401,402 < # CONFIG_IP_NF_TARGET_CONNMARK is not set < # CONFIG_IP_NF_TARGET_CLUSTERIP is not set - --- | CONFIG_IP_NF_TARGET_CONNMARK=m | CONFIG_IP_NF_TARGET_CLUSTERIP=m 403,405c405,407 < CONFIG_IP_NF_ARPTABLES=y < CONFIG_IP_NF_ARPFILTER=y < CONFIG_IP_NF_ARP_MANGLE=y - --- | CONFIG_IP_NF_ARPTABLES=m | CONFIG_IP_NF_ARPFILTER=m | CONFIG_IP_NF_ARP_MANGLE=m 451,454c453,459 < # CONFIG_NET_CLS_FW is not set < # CONFIG_NET_CLS_U32 is not set < # CONFIG_NET_CLS_RSVP is not set < # CONFIG_NET_CLS_RSVP6 is not set - --- | CONFIG_NET_CLS_FW=m | CONFIG_NET_CLS_U32=m | CONFIG_CLS_U32_PERF=y | CONFIG_NET_CLS_IND=y | CONFIG_CLS_U32_MARK=y | CONFIG_NET_CLS_RSVP=m | CONFIG_NET_CLS_RSVP6=m 456,457c461,468 < # CONFIG_NET_CLS_ACT is not set < # CONFIG_NET_CLS_POLICE is not set - --- | CONFIG_NET_CLS_ACT=y | CONFIG_NET_ACT_POLICE=m | CONFIG_NET_ACT_GACT=m | CONFIG_GACT_PROB=y | CONFIG_NET_ACT_MIRRED=m | CONFIG_NET_ACT_IPT=m | CONFIG_NET_ACT_PEDIT=m | # CONFIG_NET_ACT_SIMP is not set 492,498c503 < CONFIG_PARPORT=y < CONFIG_PARPORT_PC=y < # CONFIG_PARPORT_SERIAL is not set < # CONFIG_PARPORT_PC_FIFO is not set < # CONFIG_PARPORT_PC_SUPERIO is not set < # CONFIG_PARPORT_GSC is not set < # CONFIG_PARPORT_1284 is not set - --- | # CONFIG_PARPORT is not set 509c514 < # CONFIG_ISAPNP is not set - --- | CONFIG_ISAPNP=y 518d522 < # CONFIG_PARIDE is not set 528c532 < # CONFIG_BLK_DEV_RAM is not set - --- | CONFIG_BLK_DEV_RAM=y 529a534,535 | CONFIG_BLK_DEV_RAM_SIZE=4096 | CONFIG_BLK_DEV_INITRD=y 619c625 < # CONFIG_CHR_DEV_ST is not set - --- | CONFIG_CHR_DEV_ST=m 635c641 < # CONFIG_SCSI_SPI_ATTRS is not set - --- | CONFIG_SCSI_SPI_ATTRS=y 684,685d689 < # CONFIG_SCSI_PPA is not set < # CONFIG_SCSI_IMM is not set 688,690c692 < CONFIG_SCSI_IPR=m < # CONFIG_SCSI_IPR_TRACE is not set < # CONFIG_SCSI_IPR_DUMP is not set - --- | # CONFIG_SCSI_IPR is not set 737,738c739,740 < CONFIG_DM_MULTIPATH_EMC=y < CONFIG_BLK_DEV_DM_BBR=y - --- | # CONFIG_DM_MULTIPATH_EMC is not set | # CONFIG_BLK_DEV_DM_BBR is not set 852d853 < # CONFIG_NET_POCKET is not set 894d894 < # CONFIG_PLIP is not set 957d956 < # CONFIG_SERIO_PARKBD is not set 988,991d986 < CONFIG_PRINTER=y < # CONFIG_LP_CONSOLE is not set < # CONFIG_PPDEV is not set < # CONFIG_TIPAR is not set 1002c997 < # CONFIG_HW_RANDOM is not set - --- | CONFIG_HW_RANDOM=y 1198d1192 < # CONFIG_USB_USS720 is not set 1250,1254c1244,1245 < CONFIG_EXT2_FS_XATTR=y < CONFIG_EXT2_FS_POSIX_ACL=y < CONFIG_EXT2_FS_SECURITY=y < CONFIG_EXT2_FS_XIP=y < CONFIG_FS_XIP=y - --- | # CONFIG_EXT2_FS_XATTR is not set | # CONFIG_EXT2_FS_XIP is not set 1264,1265c1255,1257 < # CONFIG_REISERFS_PROC_INFO is not set < # CONFIG_REISERFS_FS_XATTR is not set - --- | CONFIG_REISERFS_PROC_INFO=y | CONFIG_REISERFS_FS_XATTR=y | CONFIG_REISERFS_FS_POSIX_ACL=y 1283c1275,1276 < # CONFIG_ZISOFS is not set - --- | CONFIG_ZISOFS=y | CONFIG_ZISOFS_FS=y 1290,1294c1283,1284 < CONFIG_FAT_FS=y < CONFIG_MSDOS_FS=y < CONFIG_VFAT_FS=y < CONFIG_FAT_DEFAULT_CODEPAGE=437 < CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" - --- | # CONFIG_MSDOS_FS is not set | # CONFIG_VFAT_FS is not set 1329,1341c1319,1320 < CONFIG_NFS_FS=y < # CONFIG_NFS_V3 is not set < # CONFIG_NFS_V4 is not set < # CONFIG_NFS_DIRECTIO is not set < CONFIG_NFSD=y < # CONFIG_NFSD_V3 is not set < CONFIG_NFSD_TCP=y < CONFIG_LOCKD=y < CONFIG_EXPORTFS=y < CONFIG_NFS_COMMON=y < CONFIG_SUNRPC=y < # CONFIG_RPCSEC_GSS_KRB5 is not set < # CONFIG_RPCSEC_GSS_SPKM3 is not set - --- | # CONFIG_NFS_FS is not set | # CONFIG_NFSD is not set 1429,1430c1408,1409 < CONFIG_PAX_EI_PAX=y < CONFIG_PAX_PT_PAX_FLAGS=y - --- | # CONFIG_PAX_EI_PAX is not set | # CONFIG_PAX_PT_PAX_FLAGS is not set 1445,1446c1424,1425 < CONFIG_PAX_NOELFRELOCS=y < CONFIG_PAX_KERNEXEC=y - --- | # CONFIG_PAX_NOELFRELOCS is not set | # CONFIG_PAX_KERNEXEC is not set 1471c1450 < CONFIG_GRKERNSEC_PROC_MEMMAP=y - --- | # CONFIG_GRKERNSEC_PROC_MEMMAP is not set 1473c1452 < CONFIG_GRKERNSEC_MODSTOP=y - --- | # CONFIG_GRKERNSEC_MODSTOP is not set 1479c1458 < # CONFIG_GRKERNSEC_ACL_HIDEKERN is not set - --- | CONFIG_GRKERNSEC_ACL_HIDEKERN=y 1518,1519c1497,1498 < # CONFIG_GRKERNSEC_TIME is not set < # CONFIG_GRKERNSEC_PROC_IPADDR is not set - --- | CONFIG_GRKERNSEC_TIME=y | CONFIG_GRKERNSEC_PROC_IPADDR=y 1525c1504 < CONFIG_GRKERNSEC_EXECVE=y - --- | # CONFIG_GRKERNSEC_EXECVE is not set 1536,1539c1515 < CONFIG_GRKERNSEC_SOCKET=y < # CONFIG_GRKERNSEC_SOCKET_ALL is not set < # CONFIG_GRKERNSEC_SOCKET_CLIENT is not set < # CONFIG_GRKERNSEC_SOCKET_SERVER is not set - --- | # CONFIG_GRKERNSEC_SOCKET is not set 1552c1528,1529 < # CONFIG_KEYS is not set - --- | CONFIG_KEYS=y | CONFIG_KEYS_DEBUG_PROC_KEYS=y 1555c1532 < # CONFIG_SECURITY_CAPABILITIES is not set - --- | CONFIG_SECURITY_CAPABILITIES=y 1565c1542 < CONFIG_CRYPTO_NULL=m - --- | # CONFIG_CRYPTO_NULL is not set 1592,1593c1569 < CONFIG_CRYPTO_DEV_PADLOCK=m < CONFIG_CRYPTO_DEV_PADLOCK_AES=y - --- | # CONFIG_CRYPTO_DEV_PADLOCK is not set 1599c1575 < CONFIG_CRC16=m - --- | # CONFIG_CRC16 is not set 1602c1578 < CONFIG_ZLIB_INFLATE=m - --- | CONFIG_ZLIB_INFLATE=y - -- http://rayservers.com/ 607-546-7300 PGP/GPG: https://rayservers.com/keys/0x12430522.asc Skype: rayservers GDCA: http://www.gdcaonline.org/members/rayservers.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD60D/WdkW/RJDBSIRAlKBAJ0ZBFKesVzLJ3KoNiqEGf5rOWiuLgCeOP8/ W+IShdL2dZ2WvW4qtX/HaDc= =uKGj -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Feb 10 20:52:33 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F7eJh-0006Na-4R; Fri, 10 Feb 2006 20:52:29 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Fri, 10 Feb 2006 20:51:34 +0100 (CET) Received: from smtprelay03.ispgateway.de ([80.67.18.15]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F7eIb-0006HG-AE for linux-crypto@nl.linux.org; Fri, 10 Feb 2006 20:51:21 +0100 Received: (qmail 25801 invoked from network); 10 Feb 2006 19:51:16 -0000 Received: from unknown (HELO host1) (362582@[84.168.145.109]) (envelope-sender ) by smtprelay03.ispgateway.de (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 10 Feb 2006 19:51:16 -0000 From: "Leo Bogert" To: Subject: Need AES benchmark of P4 775 64bit Date: Fri, 10 Feb 2006 20:51:29 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcYue0eGLOsnD8QfSXiU7BC2a1K3rA== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-OpenPGP-Key-Fprint: 7988 9EF5 7305 A934 5FD9 F1FB 502A CB24 442F CA05 X-OpenPGP-Key-URL: http://www.bogert.de/gnupg.key X-Relayed-By: GPGrelay Version 0.959 (Win32) Message-Id: Received-SPF: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_40,MSGID_FROM_MTA_ID autolearn=no version=3.0.1 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: leo@bogert.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Hi, can someone please benchmark the AES speed of his Pentium 4 Sockel 775 64bit? Easiest way to do that: $ openssl OpenSSL> speed aes-256-cbc I got a Celeron 64bit 2800MHz and it does 78700.54k on 8kb blocks. I'm just trying to figure out whether upgrading to a dualcore P4 would make sense. Please give me your whole openssl output. Thanks, Leo Bogert - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Feb 12 01:09:06 2006 Received: from localhost ([127.0.0.1] helo=humbolt) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F84nO-0000pE-Iu; Sun, 12 Feb 2006 01:08:54 +0100 Received: with ECARTIS (v1.0.0; list linux-crypto); Sun, 12 Feb 2006 01:08:03 +0100 (CET) Received: from romy.inter.net.il ([192.114.186.66]) by humbolt.nl.linux.org with esmtp (Exim 4.22) id 1F84mH-0000nX-Va for linux-crypto@nl.linux.org; Sun, 12 Feb 2006 01:07:46 +0100 Received: from user-9vkapco571 ([213.8.76.202]) by romy.inter.net.il (MOS 3.7.3-GA) with ESMTP id DNX51915 (AUTH zza10); Sun, 12 Feb 2006 02:07:13 +0200 (IST) Organization: ZaptaClub Reply-To: club@zapta.co.il Message-ID: <3a4c6c071cf71a9ec4b944b0bf47ea43@user-9vkapco571> From: "ZaptaClub" To: Subject: =?windows-1255?Q?=F0=EE=E0=F1_=EC=EB=ED_=EC=F9=EC=ED_=EE=E7=E9=F8=E9=ED_=E9=F7=F8=E9=ED_=F2=E1=E5=F8_=F9=E9=E7=E5=FA_=E1=E8=EC=F4=E5=F0=E9=ED_=E4=F0=E9=E9=E3=E9=ED_?__=EE=E6=F4=E8=E4_+_=F7=EC=E0=E1_1__Club?= Date: Sun, 12 Feb 2006 01:57:57 +0200 MIME-Version: 1.0 Content-Type: text/html; charset="windows-1255" Content-Transfer-Encoding: quoted-printable Received-SPF: X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on humbolt.nl.linux.org X-Spam-Level: ** X-Spam-Status: No, score=2.2 required=5.0 tests=AWL,BAYES_50, DNS_FROM_AHBL_RHSBL,HTML_80_90,HTML_MESSAGE,MIME_HTML_ONLY, URIBL_WS_SURBL autolearn=no version=3.0.1 X-ecartis-version: Ecartis v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: club@zapta.co.il Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto

=F0=EE=E0=F1 = =EC=EB=ED =EC=F9=EC=ED =EE=E7=E9=F8=E9=ED =E9=F7=F8=E9=ED=20 =F2=E1=E5=F8 =F9=E9=E7=E5=FA =E1=E8=EC=F4=E5=F0=E9=ED = =E4=F0=E9=E9=E3=E9=ED ?

=FA=F0=E5 = =EC=F0=E5 =EC=EE=F6=E5=E0 =EC=EB=ED =E0=FA =E4=E3=E9=EC=20 =E4=E8=E5=E1 =E1=E9=E5=FA=F8.

=E6=F4=E8=E4 = =E1=F9=E9=FA=E5=F3 =EE=E5=F2=E3=E5=EF =E4=F6=F8=EB=F0=E9=ED=20 =F7=EC=E0=E1=20 </