Google
  Web www.spinics.net

Re: loop-aes mount problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Unfortunately you may be out of luck.  You can try putting some
printk's in the loop module to see where it is failing, but to really
debug you need a serial console (maybe jtag).  The other problem is
that your kernel is tainted by the blackbox modules.  Tainted kernels
may have bugs introduced by the blackbox modules that are very
difficult to find and trace.  Maybe someone else here has more
expertise in this area, but debugging a tainted ARM9 kernel will
require a special skill set, and is something not many people will be
capable of helping you with.

Your best bet is to go with truecrypt in my opinion.  Since it is
userspace you miss the whole mess in the kernel.  I came to the same
conclusion as you w.r.t. the truecrypt licensing, and I use loop-aes
on my laptop to encrypt the root filesystem, but my laptop has well
understood hardware and open-source drivers and runs on an
x86-compatible Cyrix CPU.

Mike

On Tue, Jul 8, 2008 at 1:43 PM, GNUtoo <GNUtoo@xxxxxxxxxx> wrote:
> Hello,
> My system:
> ----------
> i've a pma430:
> it runs a custom 2.4.19-rmk7-omap1 linux kernel and has busybox...
> I can't change the kernel because it has proprietary modules such as the
> framebuffer,and that i don't know C yet so i can't port the hard-drive
> fpga based controller to a 2.6 kernel.
> I also can't change the compiler: gcc-2.95 because of a kernel bug:
> binaries created with another compiler than the custom gcc-2.95
> can't run with the custom 2.4.19-rmk7-omap1 kernel.
> The CPU runs at about 150Mhz and is an arm9(I know it because
> it has 74.34 bogomips), and it has 48 MB of ram that can be
> used(the other part of the 64MB of ram is used by the bootloader)
> It runs the openpma 0.2 distribution(svn with a custom kernel...see below)
>
> Why i've chosen loop-aes:
> -------------------------
> What i'd like to do is to have a strongly encrypted partition of about 30GB
> minus the space for the OS(at the beginning i'd like not to have
> the rootfs encrypted for simplicity),for now i've only
> made a small test partition
>
> Because LUKS is not available for a 2.4 kernel,and that i needed
> performance(truecrypt is in userspace...and truecrypt is not truly
> free(as in freedom) ),and that cryptoloop is subject to watermarking
> attack and no longer maintained ,i've chosen loop-aes...
>
> what i've done in order to install loop-aes:
> --------------------------------------------
> I've created a gpg key
> I've re-partitionned the pma's hdd(before it had a fat32
> partition(needed because it boots on a root filesystem that is inside it),
> and an ext2/3 partition(where lives the real os)) to add an ext2 encrypted
> partition of less than 5GB(I don't remember the exact size)
> I've added a test file to the new partition with nano
> I've encrypted the new partition with aespipe 2.3d using
> the following command:
> dd if=/dev/mydevice | aespipe -K key.gpg | dd of=/dev/mydevice
> I've re(cross)compiled the custom 2.4.19-rmk7-omap1 linux kernel
> and removed the loop module that is only needed if you install
> a new system...
> I've cross compiled the following programs or modules:
> -loop-aes v3.2c module(it lives at /lib/modules/2.4.19-rmk7-omap1/block/loop.o
> but i can only insmod it(not modeprobe it) in the image of the
> boot filesystem)
> -the patched(using the patch provided by loop-aes) linux-utils 2.12r
> -gpg 1.4.9
> I've copied the cross-compiled gpg,the patched linux-utils and the
> gpg key into my device at /media/linux-utils/ (/media is the mount
> point for the fat32 partition)
> i've made the following script to test the setup that i've
> copied into /media/linux-utils/:
> #!/bin/sh
> insmod /lib/modules/2.4.19-rmk7-omap1/block/loop.o
> export PATH="$PWD:$PATH"
> ./mount -t ext2 /dev/ahd/disc0/part3 /media/mnt/
> -o loop=/dev/loop/6,encryption=AES128,gpgkey=./key.gpg
> (in one line in the real script)
> The problem:
> ------------
> insmod works fine: dmesg shows: "loop: loaded(max 8 devices)"
> but the mount command doesn't work:
> it asks for the password, then use the cpu at 100% and it is used by
> system not application according to a qopia application named system
> info...but didn't give me back my prompt
>
> with the help of ##crypto in freenode i've tried the following command:
> losetup -e aes128 -K key.gpg /dev/loop/6 /dev/ahd/disc0/part3
> and again it asked for the password,used the cpu at 100%
> and didn't give me back my prompt...
>
> What could be the cause?
>
>
>
> -
> Linux-crypto:  cryptography in and on the Linux system
> Archive:       http://mail.nl.linux.org/linux-crypto/
>
>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Add to Google