The Following User Says Thank You to jcolinzheng For This Useful Post: | ||
|
2011-05-17
, 18:41
|
Posts: 49 |
Thanked: 39 times |
Joined on May 2011
|
#2
|
|
2011-05-28
, 18:04
|
Posts: 3 |
Thanked: 0 times |
Joined on May 2011
|
#3
|
(I have not tried truecrypt, which is significantly less efficient than dm-crypt as it uses FUSE. But I don't see why we can't make it work with similarly hacks.)
We will do the following:
HOWEVER: Since the Titan kernel has no support(?) for framebuffer console, there is currently no way to enter the passphrase during boot. For now, I'm using a key-file saved as /etc/LUKS-key. This temporary workaround is insecure in theory, but should work well in practice, if you choose a cryptic name (instead of LUKS-key) and obfuscate the startup script that unlocks the encrypted partition.
In future, the key-file should be disabled using cryptsetup's luksRemoveKey command, as soon as we have framebuffer console. (See http://talk.maemo.org/showthread.php?t=40154 for a kernel with console support - but I couldn't give up titan's kernel for it )
************************************************** ****
NOTE: The hack works for the latest rootfs version (2010.36). Original data on /dev/mmcblk0p1 will be lost, so do a backup.
REQUIRED: cryptsetup from extra-devel, a kernel with dm_crypt support - eg Titan's kernel-power. Root access.
STEPS:
(NOTE: we need to wait for /dev/urandom to be seeded and for /home to be mounted)
If you have made to this point without any problem, reboot and check with "df". You should have something like
Last edited by jcolinzheng; 2010-12-15 at 21:29.