Sorry to bother everybody's day again, but I had a question that again...I cannot answer myself.
I'm about to go about recompiling a kernel, but this time I've decided to take a default kernel config from the ones on
www.kernel.org instead of using the generic kernel as the backbone this time.
I've done this successfully before for LVM-only (with the root partition NOT as a part of the Volume Group), but I know that LUKS+LVM has some specific requirements, specifically cryptography requirements.
From lots of reading I've found that I need these for sure:
1. Device mapper support (built-in, done by default by both vanilla kernel and the generic one)
aka CONFIG_BLK_DEV_DM
2. Crypt target support (also built-in, also done by both vanilla kernel and generic one)
aka CONFIG_DM_CRYPT
3. SHA256 Encryption
4. AES Encryption
5. CBC Encryption
6. Root partition filesystem built as a module (in my situation it will be ext4)
I'm wondering two things:
First, am I missing anything specifically from the kernel for LVM+LUKS and what has to (or can) be a module while what has to (or can) be built-in?
Secondly, grepping the .config file for the generic kernel shows me a few things I don't quite understand:
Code:
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_X86_64=y
CONFIG_CRYPTO_AES_NI_INTEL=y
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
I realize I stated I know I needed AES cryptography, but I'm not entirely sure which one of these is what I need for sure. Although some kernel documentation reading shows that CONFIG_CRYPTO_DEV_PADLOCK_AES seems to be for hardware encryption so I'm assuming that's the one (but again, I'm asking because I'm unsure).
Same goes for CBC:
Code:
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_PCBC=y
CONFIG_CRYPTO_XCBC=m
There was only one when I looked for SHA256 and that was built-in, so I'll leave that alone.
In case anybody's wondering, I've already been to Google quite a lot and looked at the cryptsetup code.google.com documentation but I was unable to find anything that specifically states what modules I need from the kernel and if they can even be built-in or must be a module.
On a secondary note, I'll be using the /usr/share/mkinitrd/mkinitrd_generator_script.sh to aid me in this.
The system is currently setup as README_CRYPT.TXT guided me at the very bottom (on the LVM+LUKS combination part with different VG names) and my initrd.gz is working successfully with the generic kernel and I am able to hibernate. I'd like to just have the same function on my newer kernel. ^.^