Nelson wrote:
Cool, I'll look into it. If anyone offers to patch the *.py files I can do
the rest and specify what it needs to be done.
Sorry, I thought you ment look into support encryption directly on catalyst
:S.
Like I said, I think it's not possible without a patch. Yes, luks is
provided by genkernel, I wasn't sure how so I mentioned a (temp) hack. But
the compressed image cannot be touched by Catalyst now. The alternative is
make a neatly integrated support on it, with fields like encryption/seed.
There's at least one or two more LUKS-related patches/bugs in
bugzilla.
Considering that and the 2 loops requir., maybe it's better to stick to
loop-aes.
I made a simple picture, just for those not following, with a simple
correction (no need to do mksquashfs twice, we just dd it to the open loop):
----------------------------------------------
----------------------------------------------
---(X)---> means "mapped" to by X.
%%%%%%%%%%%%%
Crypt (luks):
Step 1: random_file (made with dd, same size as squashfs) ---(losetup)--->
/dev/loop1----(luks)----> /dev/mapper/root (this is the unencrypted dev
where we put the root)
step 2: image.squashfs ----(dd)----> /dev/mapper/root
%%%%%
Crypt (loop-aes)
step1:
random_file_as_above ----(loop+aes)----> /dev/loop0 (the unencrypted dev
where we put the root);
step2:
image.squashfs ----(dd)----> /dev/loop0
%%%%%%%%%%%%%
Uncrypt:
luks:
encrypted_squashfs ---(losetup)---> /dev/loop0 ---(luks)--->
/dev/mapper/cd_root
loop+aes:
encrypted_squashfs ---(losetup+aes)---> /dev/cd_root.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
--
[EMAIL PROTECTED] mailing list
