[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] use of encrypted filesystem


  • To: xen-users@xxxxxxxxxxxxxxxxxxx, "Anand Gupta" <xen.mails@xxxxxxxxx>
  • From: Michael Froh <michael.froh@xxxxxxxxxx>
  • Date: Wed, 27 Dec 2006 23:45:47 -0500
  • Delivery-date: Thu, 28 Dec 2006 03:04:11 -0800
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=Received:X-YMail-OSG:Mime-Version:In-Reply-To:References:Content-Type:Message-Id:From:Subject:Date:To:X-Mailer; b=nTgZoUqcR9Yqb4PIbrFjDOPv0OtowEnBbP33xM6aGuhhyvgcAme7MLnCrBWJXyTfBKCUwgPTcnlVv2+Y/p3548JY3rE+EtLkOGT5TpWRgH0QUhXJH5/6NXlP1MfFLy3YaVi+4GRs9sqylAm/vWlAs9PI0epIY+sbqjHVmrLA4fk= ;
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

From: "Anand Gupta" <xen.mails@xxxxxxxxx>
Date: December 27, 2006 3:52:28 PM EST (CA)
Subject: [Xen-users] use of encrypted filesystem


I was wondering if there is a way to use encrypted filesystem inside a domU ? I tried to look around and whatever guides i found required me to patch the kernel.

I also found about cryptoloop, however when i try to use it inside domU, it gives me an error

losetup -e cryptoloop /dev/loop0 /dev/sda2
Password:
ioctl: LOOP_SET_STATUS: Invalid argument

I also tried various combinations

losetup -e des /dev/loop0 /dev/sda2
losetup -e aes128 /dev/loop0 /dev/sda2
losetup -e aes-256 /dev/loop0 /dev/sda2

The use of loop-aes requires the kernel module loop.o and the aes key to be fed 
using standard input and uuencoded.  The loop-AES.README is at 

An example from that document to fill an encrypted partition with random data is as follows:
    head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \
        | losetup -p 0 -e AES128 /dev/loop3 /dev/hda666
    dd if=/dev/zero of=/dev/loop3 bs=4k conv=notrunc 2>/dev/null
    losetup -d /dev/loop3

This example uses a random key with loop-aes, then a dd fill of zeros is converted 
to random ciphertext.  Note the uuencoding of /dev/urandom output and it being
piped into losetup.

Hope this helps,
Mike.


However all the above result in the same error.

How should i setup the encrypted fs ? Any help would be appreciated.

--
regards,

Anand Gupta


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.