[dm-devel] Re: Filesystem Code - I'm bumping into you name frequenty. Was wondering about your thoughts on encrypting selected partitions on a block device vs encrypting in the filesystem.

Piet Delaney piet at bluelane.com
Wed Sep 13 05:23:45 UTC 2006


On Fri, 2006-09-01 at 19:56 -0700, Andrew Morton wrote:
> On Fri, 01 Sep 2006 19:42:39 -0700
> Piet Delaney <piet at bluelane.com> wrote:
> 
> > Hi Andrew:
> > 
> > Hope the kgdb momentum continues; wondering about getting a login on
> > vger and maybe I could help a bit.
> 
> I don't detect any momentum.  trini has a new job and Amit remains silent.
> 
> > I'm looking at the file-system code looking for a way to make a 
> > small hack to allow us to encrypt file-system data; everything,
> > including the root file-system. I first considered loop-back and
> > a crypto file system but was convinced that it wouldn't be as
> > secure because /root couldn't be encrypted.
> 
> For encryption at the block device level you can use cryptoloop or dm-crypt.

Hi Andrew:

cryptoloop was discouraged and old so I tried dm-crypt. Seem Redhat owns
this and there appears to have been a change in the /dev interface. In
2.6.13 and linux-2.6.18-rc6-kgdb-testing I'm seeing a /dev/device-mapper
file. 

  crw-rw----  1 root root 10, 63 2006-09-12 21:33 /dev/device-mapper

Note NOT a directory.

The docs from Redhat device-mapper.0.96.03 thru device-mapper.1.02.09
all seem to say:

   "/dev/mapper was called /dev/device-mapper prior to 0.96.04.
    Consequently scripts/devmap_mknod.sh has been updated."

and seem to expect a DIRECTORY. Maybe this is a udev problem,
but I suspect it's a device-mapper problem. Perhaps I need
to go back before 0.96.03.

Thought maybe you might know whats going down.

-piet


> 
> For encryption at the file level you can use ecryptfs, which is in -mm and
> I'm planning on merging it into 2.6.19.
> 
-- 
Piet Delaney                                    Phone: (408) 200-5256
Blue Lane Technologies                          Fax:   (408) 200-5299
10450 Bubb Rd.
Cupertino, Ca. 95014                            Email: piet at bluelane.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20060912/dc220731/attachment.sig>


More information about the dm-devel mailing list