Re: [Xen-users] use of encrypted filesystem

[Michael Froh <michael.froh@xxxxxxxxxx>]

From: "Anand Gupta" <xen.mails@xxxxxxxxx>

Date: December 27, 2006 3:52:28 PM EST (CA)

To: "Xen Users" <Xen-users@xxxxxxxxxxxxxxxxxxx>

Subject: [Xen-users] use of encrypted filesystem

I was wondering if there is a way to use encrypted filesystem inside a domU ? I tried to look around and whatever guides i found required me to patch the kernel.

I also found about cryptoloop, however when i try to use it inside domU, it gives me an error

losetup -e cryptoloop /dev/loop0 /dev/sda2
Password:
ioctl: LOOP_SET_STATUS: Invalid argument

I also tried various combinations

losetup -e des /dev/loop0 /dev/sda2
losetup -e aes128 /dev/loop0 /dev/sda2
losetup -e aes-256 /dev/loop0 /dev/sda2

The use of loop-aes requires the kernel module loop.o and the aes key to be fed 

using standard input and uuencoded.  The loop-AES.README is at 

http://loop-aes.sourceforge.net/loop-AES.README

An example from that document to fill an encrypted partition with random data is as follows:

    head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \

        | losetup -p 0 -e AES128 /dev/loop3 /dev/hda666

    dd if=/dev/zero of=/dev/loop3 bs=4k conv=notrunc 2>/dev/null

    losetup -d /dev/loop3

This example uses a random key with loop-aes, then a dd fill of zeros is converted 

to random ciphertext.  Note the uuencoding of /dev/urandom output and it being

piped into losetup.

Hope this helps,

Mike.

However all the above result in the same error.

How should i setup the encrypted fs ? Any help would be appreciated.

--
regards,

Anand Gupta

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users