Encrypted Swap

Hello. I need someone with more linux knowledge then I do. I've been stuck at the same point for a few days now and I have made no progress what so ever. I tried the #fedora channel on irc but... i get "this is not a linpus support channel", so, not a whole lot of help there. I don't know what to do or research past this point. I am trying to follow this guide:

http://linux.ioerror.us/2006/09/encrypt ... dora-core/

I am up to the point of when I try to run the command line:
cryptsetup -d /dev/random create swap /dev/sda2
I get the following...

Command failed: Failure to communicate with kernel device-mapper driver.

So, after some googling I deduce that the kernel does not have device-mapper source and try to install it from source, which I was told by some irc folks that I already have. *shrugs*, So I downloaded and untared the sources and read in the install file that 2.6 kernels should already have device-mapper in them. My only other guess is that maybe some isnt loaded or turned on. I tried modprobe dm-mod and it says the module isnt installed. So thats two points going for me having device mapper, and two points for me not having it. I get the feeling that I have device-mapper but linpus is doing something screwy.

Thanks for any help in advanced!

 

There is no logical volume management support in the Linpus distribution. It doesn't have the kernel bits or the user-space tools. cryptsetup specifically works on managed logical volumes, as I recall, not on raw disk partitions.

To do what you're trying to do, you'd need to compile the missing kernel bits, install the user-space tools, and configure volume management. To be honest, my gut feeling is that this is one of those situations where it would actually be quicker to install a different Linux distribution.

If you have enough RAM, you could just turn the swap off completely, and that would avoid the problem

Of course, if your security needs are stringent enough to encrypt your swap, you probably need to encrypt _everything_, right?

 

No, I've accepted the fact that trying to encrypt the entire system volume is going to be quite a bit of trouble. Anything I want secured in unencrypted space I have encrypted at the application level, its just the caching out and temp space that I'm worried about. /tmp is another thing I've been concerned with and will eventually also create as an encrypted directory. This thing is small and I just want to make sure if anything ever happens to it that I have some degree of confidence none of my financial data or passwords can be recovered. Assuming the gangster who stole it is somehow also a linux guru who can pull data out of cached space on the hard drive. But... just in case, you never know, linux is getting pretty popular, maybe even amongst gangsters. Gangster OS. Got a ring to it.

Currently I have swap off, and it works much faster (8gb SSD), but I keep hitting that line where the whole system begins to slow down a crawl. I'm still waiting to solve the wireless issue before I install the 1gb stick of ram in case of any visible warranty voiding on DISMANTLING THE WHOLE F*ING THING JUST TO INSTALL A STICK OF RAM!!! *breathes deep*

I will probably get bored one night and attempt to tackle the challenge of doing what you said, thats just the kinda fruit I am. Could you be kind enough to be more specific in what I need to do? Like provide a semi-detailed list. You don't have to break out the commands from beginning to end, unless you feel so inspired to do so , but just a rough step by step would be good. I've already set things up to recompile the kernel.

Thank you for your response!

 

To be honest, I don't think I can. I normally disable the logical volume stuff in my Linux machines because I don't need it. In my view, I think it would be easier just to install a version of Linux (e.g., Fedora 9) that uses LVM by default, and then it will all get set up at install time and the approach you've already taken would work.

Personally, I wouldn't even attempt to recompile the kernel bits unless you have a way to module version symbols line up between the version of the kernel and the bits you are compiling. It's not rocket science, but it is fiddly, and easy to end up with a system that won't boot at all (e.g., ext2 filesystem module won't load into the kernel -- ouch!)

I appreciate that this isn't what you want to here, but it's what I would do in your situation. I'm sure there must be other folks around here with suggestions.

PS. On the AAO /tmp is in RAM, so that, at least, shouldn't be a worry (unless you leave the unit laying around in sleep mode rather than switched off).

PPS. Personally, I wouldn't assume that anything except a fully-encrypted filesystem is going to do what you want. Applications leave temporary files laying around all over the place, not just in /tmp. Even the venerable `vi' does this.

 

You don't need lvm support to use cryptsetup. However the kernel does need dm_crypt support as well as support for the encryption protocols you plan to use. I do not believe the linpus kernel has dm_crypt compiled either in the kernel or in a module. You will have to compile your own kernel to get this working. (I'm not sure if they have the source code from the kernel they used available)

 

Thats ok, I really do appreciate the information you have given me and the time you have taken to answer my query.

Good to know.

[/quote]
PPS. Personally, I wouldn't assume that anything except a fully-encrypted filesystem is going to do what you want. Applications leave temporary files laying around all over the place, not just in /tmp. Even the venerable `vi' does this.
[/quote]

I'm aware of this, but 40% of my butt hanging out is less than 100%. I have a feeling im going to the alternative distro path inevitably. But I would like to stick with this one as far as I can because everything is already set up driver-wise and everything.

So far I've followed this guide in reference to kernel compiling.

http://the.taoofmac.com/media/Acer/Aspi ... notes.html

According to the dm-crypt website it should already be there. I''ve tried installing the device-mapper source but I cant quite figure out how to install it, I got as far as ./configuration.

update:
I‘ve gotten further, for one I found this thread: viewtopic.php?f=39&t=1993 which looks like everything I might need, so I will be toying with that tonight. As of now I just did the 'make install'... see where I am in a few.