Cpu

Thursday, August 25 2011

Encrypted Filesystems in Squeeze
[04:05:36] matt [wronka.org]/Psi.generay dm-crypt (and device-mapper) has replaced losetup.
A fresh install of squeeze makes this very easy, but unfortunately, with a VIA C7 this is painful as the install disk doesn't have kernel modules for the CPU's in-built AES/SHA/RNG support.

To do it by hand, basically follow:
http://www.hermann-uwe.de/blog/howto-disk-encryption-with-dm-crypt-luks-and-debian

And finally, update /etc/crypttab. If you're doing this on a remote system, you want 'luks,noauto' as the option. You can leave out noauto from /etc/fstab so that once you cryptdisks_start {device} you can just do mount -a.