Date: December 27, 2006 3:52:28 PM EST (CA) Subject: [Xen-users] use of encrypted filesystem
I was wondering if there is a way to use encrypted filesystem inside a domU ? I tried to look around and whatever guides i found required me to patch the kernel.
I also found about cryptoloop, however when i try to use it inside domU, it gives me an error
losetup -e cryptoloop /dev/loop0 /dev/sda2 Password: ioctl: LOOP_SET_STATUS: Invalid argument
I also tried various combinations
losetup -e des /dev/loop0 /dev/sda2 losetup -e aes128 /dev/loop0 /dev/sda2 losetup -e aes-256 /dev/loop0 /dev/sda2
The use of loop-aes requires the kernel module loop.o and the aes key to be fed using standard input and uuencoded. The loop-AES.README is at
An example from that document to fill an encrypted partition with random data is as follows: head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \ | losetup -p 0 -e AES128 /dev/loop3 /dev/hda666 dd if=/dev/zero of=/dev/loop3 bs=4k conv=notrunc 2>/dev/null losetup -d /dev/loop3
This example uses a random key with loop-aes, then a dd fill of zeros is converted to random ciphertext. Note the uuencoding of /dev/urandom output and it being piped into losetup.
Hope this helps, Mike. However all the above result in the same error.
How should i setup the encrypted fs ? Any help would be appreciated.
-- regards,
Anand Gupta
|