On Tue, 12 Jul 2011 08:16:07 -0600 Aaron Toponce <[email protected]> wrote:
> On Tue, Jul 12, 2011 at 07:59:06AM -0600, Paul N wrote: > > On Mon, Jul 11, 2011 at 3:39 PM, Charles Curley > > <[email protected]> wrote: > > > On Sun, 10 Jul 2011 17:59:53 -0600 > > > Charles Curley <[email protected]> wrote: > > > > > > So why would changing kernels bring back twofish encryption? > > > > IIRC, twofish is set in the kernel using CONFIG_CRYPTO_TWOFISH in > > the config file. The parameter probably wasn't set for your newer > > kernel. I think there's a way to see the config file inside the > > running kernel, or there could be a copy of it in /boot... Thanks, Paul. > > If you are running Ubuntu, which I think you are, Yes. > then you should > have a /boot/config-2.6.* for your kernel. That file will give you > all the compile-time flags for that specific kernel. > > For me on Debian, I have the following set with regards to Twofish: > > CONFIG_CRYPTO_TWOFISH=m > CONFIG_CRYPTO_TWOFISH_COMMON=m > CONFIG_CRYPTO_TWOFISH_586=m > > This means that it's compiled as a module, and I need to use > modprobe(8) to load it, and/or lsmod(8) to see if it is already > loaded: > > # modprobe twofish > # lsmod | grep twofish > twofish_generic 16569 0 > twofish_x86_64 12501 0 > twofish_common 20544 2 twofish_generic,twofish_x86_64 > > Hope that helps. Yes. So far so good. Using the older kernel, where twofish is available. root@dzur:/boot# grep TWOFISH config-2.6.3* config-2.6.35-30-generic:CONFIG_CRYPTO_TWOFISH=m config-2.6.35-30-generic:CONFIG_CRYPTO_TWOFISH_COMMON=m config-2.6.35-30-generic:CONFIG_CRYPTO_TWOFISH_X86_64=m config-2.6.38-8-generic:CONFIG_CRYPTO_TWOFISH=m config-2.6.38-8-generic:CONFIG_CRYPTO_TWOFISH_COMMON=m config-2.6.38-8-generic:CONFIG_CRYPTO_TWOFISH_X86_64=m root@dzur:/boot# lsmod | grep twofish twofish 5923 1 twofish_common 14655 1 twofish root@dzur:/boot# uname -a Linux dzur 2.6.35-30-generic #54-Ubuntu SMP Tue Jun 7 18:41:54 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux root@dzur:/boot# This is the older kernel; I will reboot to the newer one shortly and test that. On the older kernel, I have twofish with no modprobe that I know of. I don't see it in /etc/modules, nor does it show up in: root@dzur:/etc# find modprobe.d/ -type f | xargs grep twofish root@dzur:/etc# After rebooting to the newer kernel, I see it isn't there: root@dzur:~# lsmod | grep twofish root@dzur:~# uname -a Linux dzur 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:24 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux root@dzur:~# So it somehow got loaded for the older kernel, but not for the newer one. I added twofish to /etc/modules and it now shows up after a reboot: root@dzur:~# lsmod | grep twofish twofish_generic 16635 0 twofish_x86_64 12567 0 twofish_common 20919 2 twofish_generic,twofish_x86_64 and twofish shows up in the menu for ecryptfs. Aaron, thanks for the lucid explanation and example commands. I'll blog this later today in case anyone else hits it. There's probably a more elegant solution, but this works for me. -- Charles Curley /"\ ASCII Ribbon Campaign Looking for fine software \ / Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com / \ No M$ Word docs in email Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
signature.asc
Description: PGP signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
