Encryption details

Let_Me_Be · July 9, 2011, 1:24pm

I can’t find any information about the technical details involved in the LVM encryption that I used during install.

Since I want to fine tune the encryption and make use of the AES-NI instruction I would like to determine what is used during the installation, and whether I need to manually create and tune the partitions.

ab · July 9, 2011, 2:06pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This may be a useful starting place.

http://en.opensuse.org/SDB:Encrypted_root_file_system

Want to yell at me in person?
Come in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOGERKAAoJEF+XTK08PnB5Q7AQALqTmF12AMvfXxaqadKhfwA7
EhVdAe3Wf+G6tKlWItqxMg2Q2ftyOHrJajcVa+M84bYC/4Pnu6kwIAsZtmcvaOAF
Cc5EM42+srtFCt0iG/ihIz8FcUGFi5Cz7/PwvRPSFP/aCuIukKwz3rIgtw092Cb+
ndE4ukFjN4p6jv6K3W2LZZL9eAm8ki+9y/9ZrKQwhV9U/idbSgMfJyGtO5/Z0Wu7
NXr3P1jxi2WbOkrCVsqG2eaz+I3jCYhXO75eNNF7S/vE42E7dYb3ko4EUAI3nRNo
/rXXZVomciPGaJhTkF4OrtcW7YSGtPCJbcbfE8NyCI0gB/99VZ/fpe2Rq9XW4Ie2
MPZawsS1Rpoc/0WYQZ8+aQO0WEbaQH6mShI7yc6SA9Dk2gm3WeLU8Q9F+6hxDyeg
CFymuhmcBk/CTpGHjBHgBEBP1+vBIYcesMI0E+EV9cQPvS+0FYXZ29Lude1eJ8eb
jFT0f5JcaTsVDbSTq2HCBCnM2OPVTqJ8nF3NDIy3BD6vJXRvrK6RAEh2QYrXjLhj
XJIzUamXPS0t092s1N5rrktV3uUL7iSVw/lyD8ahnfGz8b0JaOkYI1vJqDZOLjxT
xliI1NajGQ/2W7ij987YJ/9D77JqvpRsiazTOTMvYm15HbvquMLX/fJ6WyWvOi5V
dDmznjxyPG673knIG9rf
=x5RY
-----END PGP SIGNATURE-----

nrickert · July 9, 2011, 2:40pm

As far as I know, it uses LUKS, which in turn uses dm-crypt. You can use google to find more information on those.

The encryption is setup via the “cryptsetup” command, so


man cryptsetup

will give you information on what options are available if you decide to setup encryption yourself. You presumably do that setup by booting a live CD, after which you would have to reinstall.

It is possible, however, that you don’t need to reinstall. You might only need to make sure that the padlock-sha and/or padlock-aes kernel modules are loaded. You could perhaps experiment with using those with mounting your LVM from a live CD boot. If that will solve the problem, then you would presumably need to remake the initrd that is used to load modules during boot.

Let_Me_Be · July 9, 2011, 2:51pm

And where is the relevant information? I can’t find anything regarding the technical details. All I found is just trivial user documentation with no details whatsoever.

robin_listas · July 11, 2011, 10:03pm

On 2011-07-09 13:36, Let Me Be wrote:
> Since I want to fine tune the encryption and make use of the AES-NI
> instruction I would like to determine what is used during the
> installation, and whether I need to manually create and tune the
> partitions.

You can find out the used system by running “file -s /dev/device” on the
device holding your filesystem. Then, going further and knowing the
technical details is difficult.

Some links:


>
> http://en.opensuse.org/SDB:Using_the_Crypto_File_System
> http://encryptionhowto.sourceforge.net/   (Last modified: Oct 04, 2000. )
> http://en.opensuse.org/Encrypted_Root_File_System                       <===
> http://www.suse.de/~lnussel/hdencryption/hdencryption.html              <--- the suse way
> http://localhost/usr/share/doc/manual/opensuse-manual_en/manual/cha.cryptofs.html
> http://luks.endorphin.org/                                              (LUKS - Linux Unified Key Setup )
> http://www.saout.de/misc/dm-crypt/
> http://www.saout.de/tikiwiki/tiki-index.php                             (Welcome to the dm-crypt wiki)
> http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS                   (Linux Unified Key Setup)

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)