WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] use of encrypted filesystem

To: xen-users@xxxxxxxxxxxxxxxxxxx, "Anand Gupta" <xen.mails@xxxxxxxxx>
Subject: Re: [Xen-users] use of encrypted filesystem
From: Michael Froh <michael.froh@xxxxxxxxxx>
Date: Wed, 27 Dec 2006 23:45:47 -0500
Delivery-date: Thu, 28 Dec 2006 03:04:11 -0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=Received:X-YMail-OSG:Mime-Version:In-Reply-To:References:Content-Type:Message-Id:From:Subject:Date:To:X-Mailer; b=nTgZoUqcR9Yqb4PIbrFjDOPv0OtowEnBbP33xM6aGuhhyvgcAme7MLnCrBWJXyTfBKCUwgPTcnlVv2+Y/p3548JY3rE+EtLkOGT5TpWRgH0QUhXJH5/6NXlP1MfFLy3YaVi+4GRs9sqylAm/vWlAs9PI0epIY+sbqjHVmrLA4fk= ;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <E1Gzi63-0005HQ-PH@host-192-168-0-1-bcn-london>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <E1Gzi63-0005HQ-PH@host-192-168-0-1-bcn-london>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
From: "Anand Gupta" <xen.mails@xxxxxxxxx>
Date: December 27, 2006 3:52:28 PM EST (CA)
Subject: [Xen-users] use of encrypted filesystem


I was wondering if there is a way to use encrypted filesystem inside a domU ? I tried to look around and whatever guides i found required me to patch the kernel.

I also found about cryptoloop, however when i try to use it inside domU, it gives me an error

losetup -e cryptoloop /dev/loop0 /dev/sda2
Password:
ioctl: LOOP_SET_STATUS: Invalid argument

I also tried various combinations

losetup -e des /dev/loop0 /dev/sda2
losetup -e aes128 /dev/loop0 /dev/sda2
losetup -e aes-256 /dev/loop0 /dev/sda2

The use of loop-aes requires the kernel module loop.o and the aes key to be fed 
using standard input and uuencoded.  The loop-AES.README is at 

An example from that document to fill an encrypted partition with random data is as follows:
    head -c 15 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 \
        | losetup -p 0 -e AES128 /dev/loop3 /dev/hda666
    dd if=/dev/zero of=/dev/loop3 bs=4k conv=notrunc 2>/dev/null
    losetup -d /dev/loop3

This example uses a random key with loop-aes, then a dd fill of zeros is converted 
to random ciphertext.  Note the uuencoding of /dev/urandom output and it being
piped into losetup.

Hope this helps,
Mike.


However all the above result in the same error.

How should i setup the encrypted fs ? Any help would be appreciated.

--
regards,

Anand Gupta


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users