Google
  Web www.spinics.net

Re: Linux distro w/loop-aes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Rudolf Deilmann <rudolf.deilmann@xxxxxxxxx> wrote:
> Hi Peter,
> I don't take a look to ubuntu 7.10 yet, because it is still beta or
> even alpha. But I'm familiar with ubuntu 7.04 and earlier. So I don't
> know, if my comments apply to 7.10.

You are right. I looked at recent distros to see which parts are built-in and what´s not. The approaches mentioned by you are interesting and encouraging! 

> It's easier to install Ubuntu in the normal way and then encrypt the devices with aespipe,....

That´s the way I do it and for which I need statically linked gpg and aespipe.

> The last time, I checked it, Ubuntu's loop-aes package just provide
> cryptoloop functionality. It don't include multi-key support or
> something like this.

As far as I remember the universe package provides loop-aes modules with version 3 format / multi-key support.

> That's wrong. You can boot from USB-Memory in Ubuntu without any
> problems. You must create an inital ramdisk with initramfs-tools,
> install syslinux on your usb-stick and copy the kernel, the initial
> ramdisk and your syslinux.cfg to your stick. That's all. And you have
> to create an initial ramdisk in any case, if you want to use full-disk
> encryption,.... 

Sure, by means of an initial ramdisk you may boot from every device. The point is that the initrd for loop-aes has to be small in size, 2-3 kb. That´s why I always included thinks like ext3, vfat, serial ata and usb into the kernel which ends up at 1,8 MB in size. It might be worth an effort to try loading modules from usb memory. However, I didn´t try so far. The think is, before modules are loaded the usb memory is mounted (as /lib) which in turn requires the kernel to comprise usbcore, usbstorage,... and vfat of course.
Back to recent distros:
Kubuntu 7.04 and 7.10 don´t have usbcore, usbstorage or vfat built-in. So a  kernel recompile is needed. Since I am not familiar with debian/ubuntu scripts it would be fine to understand your steps towards full disk-encryption a little better. Especially how to build an initial ramdisk for booting from usb memory without build-initrd.sh would be nice to learn.

Best regards,
Peter
-- 
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Add to Google