[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[dm-devel] Re: Filesystem Code - I'm bumping into you name frequenty. Was wondering about your thoughts on encrypting selected partitions on a block device vs encrypting in the filesystem.

On Fri, 2006-09-01 at 19:56 -0700, Andrew Morton wrote:
> On Fri, 01 Sep 2006 19:42:39 -0700
> Piet Delaney <piet bluelane com> wrote:
> > Hi Andrew:
> > 
> > Hope the kgdb momentum continues; wondering about getting a login on
> > vger and maybe I could help a bit.
> I don't detect any momentum.  trini has a new job and Amit remains silent.
> > I'm looking at the file-system code looking for a way to make a 
> > small hack to allow us to encrypt file-system data; everything,
> > including the root file-system. I first considered loop-back and
> > a crypto file system but was convinced that it wouldn't be as
> > secure because /root couldn't be encrypted.
> For encryption at the block device level you can use cryptoloop or dm-crypt.

Hi Andrew:

cryptoloop was discouraged and old so I tried dm-crypt. Seem Redhat owns
this and there appears to have been a change in the /dev interface. In
2.6.13 and linux-2.6.18-rc6-kgdb-testing I'm seeing a /dev/device-mapper

  crw-rw----  1 root root 10, 63 2006-09-12 21:33 /dev/device-mapper

Note NOT a directory.

The docs from Redhat device-mapper.0.96.03 thru device-mapper.1.02.09
all seem to say:

   "/dev/mapper was called /dev/device-mapper prior to 0.96.04.
    Consequently scripts/devmap_mknod.sh has been updated."

and seem to expect a DIRECTORY. Maybe this is a udev problem,
but I suspect it's a device-mapper problem. Perhaps I need
to go back before 0.96.03.

Thought maybe you might know whats going down.


> For encryption at the file level you can use ecryptfs, which is in -mm and
> I'm planning on merging it into 2.6.19.
Piet Delaney                                    Phone: (408) 200-5256
Blue Lane Technologies                          Fax:   (408) 200-5299
10450 Bubb Rd.
Cupertino, Ca. 95014                            Email: piet bluelane com

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]