Some encryption-related projects
Russell Coker
russell at coker.com.au
Wed Dec 8 15:24:31 UTC 2004
On Monday 15 November 2004 06:16, "W. Michael Petullo" <mike at flyn.org> wrote:
> 2. Encrypted root filesystem.
>
> Red Hat Bug #182479 discusses adding support for an encrypted root
It's #124789.
> filesystem to Fedora. The bug contains a patch for mkinird that
> facilitates this. Eventually it would be nice to see support in anaconda
> for this, but #182479 is the first step.
One thing you miss in the latest patch is support for an encrypted root device
on top of an LVM volume.
With your patch the code does the following starting at about line 730 in
mkinitrd:
if [ "$kernelmajor" == "2.4" ]; then
# kernel 2.4.x LVM stufff
elif [ -n "$root_enc" ]; then
# crypto-root stuff
else
# kernel 2.6.x LVM stuff
fi
What you really want is to have the crypto root stuff occurring outside the if
statement in question. Also inside the "if [ -n "$root_enc" ]; then" block
you want to have "if [ -z $root_lvm ]; then" around the "mkdmnod" bit so that
mkdmnod doesn't get called twice.
Also in recent kernels the AES module is aes-i586 (maybe we should have an
alias in the module-init-tools config).
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list