This is the method for creating and using a LUKS-encrypted partition
LUKS is the upcoming standard for Linux hard disk encryption. It is based on the linux device mapper, as Truecrypt. For the following method or for truecrypt, the default Nokia kernel is not sufficient. If you don't want to change your kernel, then look for user space tools like gpg.

You'll need
*The kernel sources
*A crossdev environment like scratchbox

For those who are not keen on compiling their own kernel, I've uploaded kernel + modules there. You can then skip to part 3.


1) Configuring the kernel
you need to generate a default .config as a starting point (at this point, if you start make, you'll get the same kernel as the one shipped, in theory)
Now we need dm support:

If you like make menuconfig rather than make config, patch the kernel with this:
http://www.internettablettalk.com/fo...26&postcount=8
dm support is quite far in the config so without menuconfig, you'll have to hit enter a hundred times or something. If you miss dm, you have to redo all again..

(first screenshot)
Go in device driver
Go in Multi-device support (RAID and LVM)

Select (*) Multiple devices driver support (RAID and LVM) (second screenshot)
Put Device mapper as (M)odule
Put Crypt target as (M)odule

Now Exit Exit
Go in Cryptographic options
Select SHA256 as (M)odule and AES as (M)odule (third screenshot)

Exit Exit Yes

2)Enough with playing, time for building!!
You now have the kernel in arch/arm/boot/zImage and modules:
find . -name "*.ko"
3)Flashing the kernel
Reboot (if you can hehe)

4)Upload the modules:
ssh-add to connect to your ssh-agent
copy the files:
5)Load the modules:
The order is important (otherwise, insmod will refuse insmoding)
Can't remember exactly but cryptomgr.ko then aes & sha then dm-mod then dm-crypt

6)Create a partition:
(search on the forum)
In the rest of this thread I'll call the partition /dev/blk0p1

7)Getting some user tools:
Now that the kernel is set up for dm support, you will need user-space tools to interact with
->cryptsetup for creating the encrypted partition
->mkfs.ext2 to create an ext2 fs inside or mkfs.vfat ,..
->pmount to easily mount the encrypted partition
I've uploaded them now to my repo. At the moment they won't be visible in application manager but apt-get will see them. I'll change that later to make them visible.
The tools come directly from standard sources. Pmount has been modified to fit the device (removed the "user" option which is unknown on busybox).

8)Make the partition a LUKS partition
Give passphrase twice.
/!\
If you forget this passphrase, say goodbye to your data.

(cryptsetup luksOpen devicename label)
This label is temporary, just give anything.

At this step, you will have an unformatted Luks partition in /dev/mapper/blk0p1 (or whatever label you used)

Now let's format it with a real Filesystem, like ext2
Close the device mapper association
We need a method to easily mount it. Either you go through cryptsetup luksOpen and stuffs or you can use "pmount" which is luks-aware (that's the only thing that we will use here, the fact that pmount can easily mount luks)

pmount stands for policy mount and usually operates on removable media (users are allowed to mount usb sticks or whatever and these devices don't need an entry in fstab, as you don't know by advance how they will be called). It will check in /sys if the device is really removable and will refuse to mount it if not. Unless it's whitelisted in /etc/pmount.allow. So edit this file and put a single line:
Let's try..

9) Mounting the encrypted partition:
<enter passphrase>

You now have an encrypted partition in /media/blk0p1!

I'm using this on Linux since about 3years everyday. I put all my data there in case somebody steals my laptop. Same for my n800 now.
If you have any trouble with the above method, PM me or answer to this post.

Happy hacking!