Author Topic: Encryped Filesystem Image  (Read 3726 times)

chaosjtu

  • Newbie
  • *
  • Posts: 8
    • View Profile
Encryped Filesystem Image
« on: September 16, 2006, 11:06:21 am »
To mount a encryped loopback filesystem image to store sensitive data, can we do it on Z?

bam

  • Hero Member
  • *****
  • Posts: 1213
    • View Profile
    • http://thegrinder.ws
Encryped Filesystem Image
« Reply #1 on: September 16, 2006, 06:09:40 pm »
losetup is compilable, but......currently I cannot get CryptoAPI to compile as amodules to support encryption, however you could ask Tetsu to compile his kernel with CryptoAPI support enabled, that way I believe you could use it, I couldnt compile the kernel onboard the z.
SL-C3100 current: Stock/Tetsu 18h
Socket BT CF Card
Linksys WCF-12 802.11b/Cheapie USB Ethernet

The Grinder

miskinis

  • Sr. Member
  • ****
  • Posts: 348
    • View Profile
    • http://
Encryped Filesystem Image
« Reply #2 on: September 16, 2006, 09:33:02 pm »
Quote
... I couldnt compile the kernel onboard the z. ...
[div align=\"right\"][a href=\"index.php?act=findpost&pid=141580\"][{POST_SNAPBACK}][/a][/div]

Hmm, I have never compiled the kernel for the Z even on another LINUX machine.
Due to the fact I recently found that the pdaXrom beta1 kernel for 5500, has the
"right-arrow-repeat-suspend" issue, *and* the fact that I would like to keep my
data secure on all my Zs, I would be willing to help out diagnosing the kernel
build issues, off or on the Z.

This is LINUX, and anything should be possible, right?
_John Miskinis_

bam

  • Hero Member
  • *****
  • Posts: 1213
    • View Profile
    • http://thegrinder.ws
Encryped Filesystem Image
« Reply #3 on: September 16, 2006, 10:07:33 pm »
I suppose....

I did peek around, it mentioned that gcc 2-95.3 is required for compiling, sadly I dont have it, so any ideas? I too have never compiled a kernel for the z although I did do it a few times for my linux box.
SL-C3100 current: Stock/Tetsu 18h
Socket BT CF Card
Linksys WCF-12 802.11b/Cheapie USB Ethernet

The Grinder

miskinis

  • Sr. Member
  • ****
  • Posts: 348
    • View Profile
    • http://
Encryped Filesystem Image
« Reply #4 on: September 17, 2006, 02:54:24 am »
Quote
I suppose....

I did peek around, it mentioned that gcc 2-95.3 is required for compiling, sadly I dont have it, so any ideas? I too have never compiled a kernel for the z although I did do it a few times for my linux box.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=141591\"][{POST_SNAPBACK}][/a][/div]

It's not uncommon (and somewhat sad) for a particular software entity to require an
older version of GCC.  I remember a while back when we were discussing a
native "Space Trader" for the Z, I followed some Qt development setup guide
(which also had some issues), but I was able to get  gcc295-2.95.3-0 and
gcc-cross-sa1100-2.95.2-0 setup on my Redhat 9 machine, piecefully coexisting with gcc-3.2.2-5.  All-in-all it was not too difficult to get a simple Qt app built, and then
running on the 5500's stock ROM.

I have compiled many a kernel for a few different machines, but only 2.0.36-2.4.* and
always for a PC of some type, so I've got experience in that realm, and will be trying to
learn more about the Z's specifics shortly, starting with the 5500.  

Now, for clarification, if we get a kernel to compile for the Z, on the Z, would that
be really helpful?  I assume that kernel-level modules are required to support an
encrypted filesystem, are they readily available with full kernel source code for the Z?
_John Miskinis_

Da_Blitz

  • Hero Member
  • *****
  • Posts: 1579
    • View Profile
    • http://www.pocketnix.org
Encryped Filesystem Image
« Reply #5 on: September 17, 2006, 04:06:28 am »
as far as i know its only 2.4 kernels that need gcc 2.xx, i have compiled a 2.6 kernel using gcc 4 and it worked alright

anyway i have done the entire crypto disk setup at home. and while losetup is nice i would greatly recomend dm mapper with crypto support, i am not sure what its status is with 2.4 but with 2.6 and the luks key setup it works a treat.

also if you are going to do it properly you might as well have / on lvm2, you already need an initrd to ask for the password so it would not be that much harder to identify and mount /

my home setup consists of:
Code: [Select]
disc <-> crypto <-\                    /---> /
                  [RAID 0]----> LVM <---|---> /home
disc <-> crypto <-/                    \---> /usr/local

so i need 2 passwords. i had a problem with setting up the keyboard at first (as i use a usb keyboard) and so had to fiddle with the modules. the best way to do it would be to use a file as the passphrase that is encrypted with gpg, so you need the device that holds the key and a password to boot the thing

it seems complicated but i found that the longest part for me was filling up my 2 drives (200G each)  with random data, it took almost a day to do  the rest such as setup and building the initrd took me about 20mins to do on a gentoo machine installing from stage 3.
« Last Edit: September 17, 2006, 04:12:03 am by Da_Blitz »
Personal Blog
Code
Twitter

Gemini Order: #95 (roughly)
Current Device: Samsung Chromebook Gen 3
Current Arm Devices Count: ~30
Looking to acquire: Cavium Thunder X2 Hardware