There are two main projects which add strong crypto support in the kernel: CryptoAPI and loop-aes. This howto uses loop-aes, since it has an extremely fast and highly optimized implementation of Rijndael in assembly language, and therefore provides maximum performance if you have an IA-32 (x86) CPU.
First of all, download and unpack the kernel sources:
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2
You also have to download and unpack:
http://loop-aes.sourceforge.net/loop-AES/loop-AES-v1.7e.tar.bz2
Then you must patch the kernel:
linux-2.4.22 $ patch -Np1 -i ../loop-AES-v1.7e/kernel-2.4.22.diff |
Next, configure your kernel; make sure the following options are set:
Block devices --->
<*> Loopback device support
[*] AES encrypted loop device support (NEW)
<*> RAM disk support
(4096) Default RAM disk size (NEW)
[*] Initial RAM disk (initrd) support |
Setup the keyboard map:
linux-2.4.22 $ dumpkeys | loadkeys -m - > drivers/char/defkeymap.c |
Compile the kernel, install it and reboot.
The losetup program, which is part of the util-linux package, must be patched and recompiled in order to add strong cryptography support.
Download and unpack:
http://ftp.cwi.nl/aeb/util-linux/util-linux-2.12pre.tar.gz
cd into util-linux-2.12pre and apply this patch:
$ patch -Np1 -i ../loop-AES-v1.7e/util-linux-2.12pre.diff |
To use passwords that are less than 20 characters, enter:
$ CFLAGS="-O2 -DLOOP_PASSWORD_MIN_LENGTH=12"; export CFLAGS |
If security is important, please do not enable passwords shorter than 20 characters. Security is not free, one has to 'pay' in form of long passwords.
Compile losetup and install it as root:
$ ./configure && make lib mount # cp mount/losetup /sbin # rm -f /usr/share/man/man8/losetup.8.gz # cp mount/losetup.8 /usr/share/man/man8 |