This is the method for creating and using a LUKS-encrypted partition
LUKS is the upcoming standard for Linux hard disk encryption. It is based on the linux device mapper, as Truecrypt. For the following method or for truecrypt, the default Nokia kernel is not sufficient. If you don't want to change your kernel, then look for user space tools like gpg.

You'll need
*The kernel sources
*A crossdev environment like scratchbox

For those who are not keen on compiling their own kernel, I've uploaded kernel + modules there. You can then skip to part 3.


1) Configuring the kernel
you need to generate a default .config as a starting point (at this point, if you start make, you'll get the same kernel as the one shipped, in theory)
Now we need dm support:

If you like make menuconfig rather than make config, patch the kernel with this:
http://www.internettablettalk.com/fo...26&postcount=8
dm support is quite far in the config so without menuconfig, you'll have to hit enter a hundred times or something. If you miss dm, you have to redo all again..

(first screenshot)
Go in device driver
Go in Multi-device support (RAID and LVM)

Select (*) Multiple devices driver support (RAID and LVM) (second screenshot)
Put Device mapper as (M)odule
Put Crypt target as (M)odule

Now Exit Exit
Go in Cryptographic options
Select SHA256 as (M)odule and AES as (M)odule (third screenshot)

Exit Exit Yes

2)Enough with playing, time for building!!
You now have the kernel in arch/arm/boot/zImage and modules:
find . -name "*.ko"
3)Flashing the kernel
Reboot (if you can hehe)

4)Upload the modules:
ssh-add to connect to your ssh-agent
copy the files:
5)Load the modules:
The order is important (otherwise, insmod will refuse insmoding)
Can't remember exactly but cryptomgr.ko then aes & sha then dm-mod then dm-crypt

6)Create a partition:
(search on the forum)
In the rest of this thread I'll call the partition /dev/blk0p1

7)Getting some user tools:
Now that the kernel is set up for dm support, you will need user-space tools to interact with
->cryptsetup for creating the encrypted partition
->mkfs.ext2 to create an ext2 fs inside or mkfs.vfat ,..
->pmount to easily mount the encrypted partition
I've uploaded them now to my repo. At the moment they won't be visible in application manager but apt-get will see them. I'll change that later to make them visible.
The tools come directly from standard sources. Pmount has been modified to fit the device (removed the "user" option which is unknown on busybox).

8)Make the partition a LUKS partition
Give passphrase twice.
/!\
If you forget this passphrase, say goodbye to your data.

(cryptsetup luksOpen devicename label)
This label is temporary, just give anything.

At this step, you will have an unformatted Luks partition in /dev/mapper/blk0p1 (or whatever label you used)

Now let's format it with a real Filesystem, like ext2
Close the device mapper association
We need a method to easily mount it. Either you go through cryptsetup luksOpen and stuffs or you can use "pmount" which is luks-aware (that's the only thing that we will use here, the fact that pmount can easily mount luks)

pmount stands for policy mount and usually operates on removable media (users are allowed to mount usb sticks or whatever and these devices don't need an entry in fstab, as you don't know by advance how they will be called). It will check in /sys if the device is really removable and will refuse to mount it if not. Unless it's whitelisted in /etc/pmount.allow. So edit this file and put a single line:
Let's try..

9) Mounting the encrypted partition:
<enter passphrase>

You now have an encrypted partition in /media/blk0p1!

I'm using this on Linux since about 3years everyday. I put all my data there in case somebody steals my laptop. Same for my n800 now.
If you have any trouble with the above method, PM me or answer to this post.

Happy hacking!

thanks for sharing this- well put together and just plain cool

you have ascended to level of uber geek status in my short term memory for this

Thanks pipeline. You also did a good job with your sdl applications and emelfm and probably a lot of others. Keep on going!

So TrueCrypt is built. Took about 30 seconds..

But I'm not sure I can distribute it, as is, due to license incompatibility with the Debian Guide. Probably several hours/days of work...
Not sure I'm interested to do it as I have personnally no use of TrueCrypt. I'll see the amount of work needed.

In any case, there is and will be no GUI for TrueCrypt. At least not from me.

It is now possible to build TrueCrypt and use it with a standard OS2008 kernel. It requires the loading of the kernel module dm-mod.ko - which I've included in the deb. So if anyone would like to try it out, on the understaning that there's no promise it will work, or even that it won't break stuff, then the files needed are here http://mike.saunby.googlepages.com/truecryptforn800

I should probably add that my motivation was somewhat different, sharing encrypted FAT volumes between Windows and N810. So I've tested for quite different things. I say a bit more on my blog at http://mike.saunby.net and will post updates when I get more time to look at this. Could be days, could be months....

Then I'll stop building mine. Please open another thread about TrueCrypt. This one will be for LUKS.

Done.

I'll follow how you get on with this as the two problems clearly have some shared characteristics. I did initially build and install a custom kernel, but as I have both N800 and N810 I thought I'd just try it with the standard kernel, and to my surprise it worked.

Thanks
Which problem?
This thread is almost finished. I'm using luks on the n800 since two weeks or something.
I didn't know default kernel would work with dm. I didn't even try actually. From the menuconfig I thought the Multiple device stuff was linked in the kernel.

Note that LUKS partitons can be opened in windows also.

The main problem that concerns me is that failing to dismount a truecrypt volume before removing the card (or use USB cable) will make it impossible to remount the card.

The other problem/opportunity I'd like to consider is some sort of interface to file manager - since it supports internal filesystem, memory cards, bluetooth and samba it ought to be possible to add truecrypt volumes.

I'll have to read up on LUKS too.

So many things to do, so little time.....

Surprising as it uses linux device mapper, the truecrypt volume is seen like any other linux device. As long as the OS has synced to disk it should be fine? Or is it linked to FAT filesystem?
Anyway, removing an sd card without unmounting is looking for trouble.. Operating system bufferize disk access. I've "broken" FAT filesystem on a poorly designed usb stick like this in windows XP.
LUKS uses standard pmount which is used by KDE and HAL. I'll have a look at how pipeline's emelfm2 handles this.

Don't forget that truecrypt is not fully free of use and there are some restrictions in the license if your application is mainly using TrueCrypt. I'm not a lawyer so I'm rather happy if you maintain it