Hello,
Following loosely this document:
http://www.sdc.org/~leila/usb-dongle/readme.html
I have set up (or tried) to encrypt my swap partition (/dev/hda2).
Here is what I did:
* create /usr/local/sbin/crypto-swap (modified!)
#!/bin/sh
# Run this script somewhere in your startup scripts _after_
# random number generator has been initialized and /usr has
# been mounted. (md5sum, uuencode, tail and head programs usually
# reside in /usr/bin/)
+# insert cypher module into kernel
+ modprobe aes
# encrypted swap partition
SWAPDEVICE=/dev/hda2
# loop device name
LOOPDEV=/dev/loop6
MD=`dd if=${SWAPDEVICE} bs=4k count=10 2>/dev/null | md5sum`
for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do
dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 \
conv=notrunc 2>/dev/null
sync
done
UR=`dd if=/dev/urandom bs=18 count=1 2>/dev/null \
|uuencode -m - | head -n 2 | tail-n 1`
+echo ${MD}${UR} | losetup -p 0 -e aes -k 256 ${LOOPDEV}${SWAPDEVICE} -echo
${MD}${UR} | losetup -p 0-e aes-256-cbc${LOOPDEV} ${SWAPDEVICE}
MD=
UR=
dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2>/dev/null sync
mkswap ${LOOPDEV}
sync
swapon ${LOOPDEV}
--> chmod 700 /usr/local/sbin/crypto-swap
* wipe -k /dev/hda2
* crypto-swap --> works!
* edit /etc/init.d/checkroot.sh:
+ outcomment:
[ "$VERBOSE" != no ] && echo "Activating swap."
swapon -a 2> /dev/null
+ REPLACE WITH:
[ "$VERBOSE" != no ] && echo "Activating CRYPTO-swap."
/usr/local/sbin/crypto-swap
Upon inspection of dmesg I see the following:
>Adding 1461904k swap on /dev/loop6. Priority:-1 extents:1
Looks good, no?
However, a little further I read:
>Unable to find swap-space signature
'cat /proc/swaps' gives me this output:
>Filename Type Size Used Priority
>/dev/loop6 partition 1461904 0 -1
I would greatly appreciate if someone could give me any insight into
whether I now have encrypted swap or not.
Also: do people have benchmarks how much this procedure might slow
things down? Is the encryptionloop significantly slower than
diskwrite/read speed?
Thanks for any hints -
Joh
