LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   System encryption with dm-crypt and luks? (http://www.linuxquestions.org/questions/slackware-14/system-encryption-with-dm-crypt-and-luks-471661/)

Zmyrgel 08-07-2006 01:36 PM

System encryption with dm-crypt and luks?
 
Hi,

Again I'm switching distros. I had windows on my laptop first time in two months and now it's broken again... Blue Screen of Death and all...

My question is this, can I encrypt my whole system as in the gentoo documentation.

I was planning to make it with gentoo but not too happy to compile again whole system from scracth.

I am planning to make that with LVM2... I found tutorial for that in somewhere on these forums and it was quite difficult compared to gentoos version so I'm asking here can I follow the gentoo guide with slackware or how should I proceed?

Any way, is it possible to install using lvm2, dm-drypt and luks, a fully encrypted system using slackware.

A side note, does that encryption reduce performance, for instance in desktop use?

Daga 08-08-2006 01:02 PM

Yes, it is possible to encrypt the harddrive in Slackware -- it's a kernel function. I haven't tried doing this yet (want to :)), but it seems that you will have to extract the crypto modules from the slackware/a/kernel-modules-2.4.31-i486-1.tgz package on the CD and insert them into the kernel on the install CD. I don't know about the utilities to create a crypto filesystem, though. There isn't a cryptsetup utility for Slackware, and it's been a while since I have created an encrypted loopback device.

This will slow down the system a little depending on which encryption method you choose. I don't know how much for each file system. Also you will have to either recompile the kernel with the crypto modules in the kernel, or create an initramfs/initrd image with those modules. The Gentoo page goes into a little more detail about it.

HTH

Zmyrgel 08-08-2006 01:23 PM

Yeah, I'd figure out that something complicated was behind this.

I have no idea on how to begin, except I need to use the 2.6 series kernel to have support for my sata-drives as I have new laptop...

So what should the process be like?

-I'd boot with slack cd and choose test26.s
-make the /ram directory mounted in memory and copy /sbin and /bin into it to save space
-extract crypto thingys from kernel-2.6-modules
-get some crypto program similar to cryptsetup?
-mount partitions and encrypt them...


Any idea on how to do this more specificly?

titopoquito 08-08-2006 02:23 PM

http://axljab.homelinux.org/Encryption_-_dm-crypt has a good howto for cryptsetup-luks. You will see it is written for Gentoo but worked good for my Slackware install. I don't have it actually installed and cannot help much with this, but managed to create an encrypted loop device with this.

You will have to install cryptsetup with luks (http://luks.endorphin.org/dm-crypt), hashalot (you can find it with google, but at the moment there seems to be a server problem) and the device-mapper (I used alienbob's slackbuild or precompiled package, see http://www.slackware.com/~alien/slackbuilds/ ). Cryptsetup-luks was very easy to build: ./configure --prefix=/usr && make && make install ---- maybe with DESTDIR to package it. hashalot was the same I think.

Zmyrgel 08-09-2006 02:04 AM

But how can I do this as I intend to encrypt my whole disk so I need to have the support in the CD. Does basic slackware 10.2 CD offer the support needed for such an operation?

bl0tt0 08-20-2006 02:04 AM

Just thought I'd throw in a little bit of interesting info on this thread. I looked in the Distro Support Status section of the LUKS website, and at the very end they mention Nemonico, which is apparently nearly completely stock Slackware except for the installer which allows you to create encrypted partitions with LUKS. Interesting stuff.

Daga 08-20-2006 11:25 AM

Here's the address, since it isn't on the first page or two of Google: http://sourceforge.net/projects/nemonico

Zmyrgel 08-21-2006 01:24 AM

Hey, that seems quite interresting. I might just give this a shot when the 11.0 is released.
If this time I get this to work :)

Thanks bl0tt0 for pointing this out.

Zmyrgel 08-21-2006 04:44 AM

About Nemonico, does it support LVM-partitions? I didn't find any info from the page. I'll download the nemonico either case but it would be nice to know.

bl0tt0 09-02-2006 10:40 AM

Also, I just did a little bit of googling on LUKS and Slackware and found this thread in the linuxpackages forum: http://www.linuxpackages.net/forum/v...b97bf6aeb688e0. It might not be exactly what you are looking for, but they do talk about properly building the initramfs for an encrypted Slackware installation.


All times are GMT -5. The time now is 09:37 AM.