[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Crypted filesystem



Hi!

I got two questions related to crypted filesystems:

1)

I use crypted filesystem on a laptop with dualboot for securing data in the
case of getting it stolen.

hdd0: W2K with crypted filesystem
hdd1: SuSE 8.2 with cryptofs provided by SuSE for /home only

This leads to following problem:

The original bootloader (grub) is replaced by the security driver and I had
to use W2K bootloader instead.

I followed the steps discribed on
http://portal.suse.com/sdb/de/1997/06/nt.html and it worked for me before
installing the bootdriver for the hddcrypting using "dd if=/dev/hda0
of=/root/bootsek.lin byte=512 count=1". After installing the security
bootdrivers it fails to boot with the W2K bootloader. Afaik grub only needs
to know where stage2 is and that is said in stage1 which is placed in the
mbr in this case in the bootimage I made. Booting with floppy does work with
the same bootimage placed on the floppy. Any hints for copying the image
from the floppy?

2)

I want to crypt a filesystem on another machine (dual PII 350/512MB ram)
with lvm and don't want to have performanceloss because of /dev/loop. I
first tested this with cryptofs provided by SuSE but I had a great
performanceloss as you can see here:

with cryptofs max. 2MB/s over samba
w/o cryptofs max. 6-9 MB/s over samba

Is there a possibility to directly mount a crypted filesystem within kernel
and is there any stable kernelmodule for that purpose (des 128bit would be
"secure enough" for me).

Philippe


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here