Estel | # 31 | 2012-01-18, 04:08 | Report

Interesting. I wonder, if this does have anything to do with fact that Your modifications to osso-usb-mass-storage-enable.sh aren't working for me.

I've no friggin idea, why I'm able to hotswap mass-storage mounts - or, why my microSD partition was *never* dismounted from N900, when exported to desktop via mass-storage.

Anyway, thanks for link to interesting material. Yet, I've never had *any* problems with my "multimount" setup (speaking off microSD partition 1) - not even single vfat corruption, unlike many other people, that doesn't seem to have "multimount"

Filesystem checking - if started by hand or via backupmenu "FSCK all partitions" - always show perfectly fine filesystem. Just keep in mind, that I've never tried stupid things like simultaneous write from 2 devices, though.

Of course, If I ever encounter any problems related to mass-storage multimount, I'll report it ASAP.
---

In the meantime, I've prepared set of scripts, that should take care of enabling encrypted partitions with encrypted swap, and disabling it in favor of regular swap after "work". It also contains many checks and warnings, popping up - using Maemo notifications - if any stage fails (thus, user can feel relatively sure, that every command succeed, if no errors popped).

As a nice bonus for KP users, I've also upgraded actual encrypted swap creation, to make use of XTS + it's using stronger encryption as whole (when compared to original instructions by NIN101 - BTW, thanks for it, I would not be able to do it without Your research!).

I'll post it today - I'm trying to figure a nice way to allow user-defined patches to encrypted volumes, swaps etc + some filesystem option customization. No GUI yet, but simple config file - instead of modyfing raw script - would be nice beginning, I think.

/Estel

---

Last edited by Estel; 2012-01-18 at 04:11.

fareed_xtreme | # 32 | 2012-01-18, 17:11 | Report

I use a custom made TrueCrypt Script which doesn't work no more. However, these are the Icons that I used to use for it. . Hope you might find these useful. Great work on this Project BTW...

Attached Images

   

---

Last edited by fareed_xtreme; 2012-01-18 at 17:37.

NIN101 | # 33 | 2012-01-18, 17:55 | Report

Oops, accidentally skipped it. Excuse me.

Ohm..., no, I don't remember that, but let's forget it.

The point of my greps and cuts is that you can't know the name of the new mapper. Sure, if you only mount one, it is likely to be /dev/mapper/truecrypt1, but if you have multiple volumes, it's better to get it from TC output (especially if the order you mount them is not always the same).
I also think (and know) that typing something like ./tcmasstorage is faster and more convenient than the command with the per-defined /dev/mapper/truecryptX

Well, that's a good idea.

More details on that?

The icons are good imho (if not under some evil copyright :P) .

fareed_xtreme | # 34 | 2012-01-18, 21:56 | Report

To Begin with, I created these icons myself :P (Except for the first one, a rip off from google :P)... So I do not know who could sue us for Original Development through Photoshop.

Secondly, The script I use is attached. Well it is something that I created long ago and it never required me to run it as root. But now I believe it needs to run as root to execute. Error relates to Kernel not supporting something...

Attached Files

TrueCrypt.zip (5.1 KB, 77 views)

Estel | # 35 | 2012-01-18, 22:32 | Report

fareed_xtreme, thanks a lot for the icons! I also like them, will surely put it to good use.

NIN101, for sure many people may benefit from Your grepping command, that's why I've put both into tutorial I think we agree, that's it's up to personal preferences, so no conflict here.

Sorry for delay in posting set of script for encryption, got extremely busy day. Will *try* to polish them and publish after midnight.

/Estel

woody14619 | # 36 | 2012-01-19, 02:53 | Report

Personally, I modified my scripts to pre-test to see if it's mounted, and if so it bumps the number of devices up to 3 and puts the encrypted volume up as a separate drive.

No reason to fuss with the other devices that way.

Deltas are below.

...

---

Last edited by woody14619; 2012-01-19 at 02:59.

NIN101 | # 37 | 2012-01-19, 17:56 | Report

Makes perfect sense. You can't load modules as a user, therefore the script complains. You could otoh add "sudo" before "truecrypt ...", then i would work.

Oh, I just noticed, those sudo rules are a HUGE security threat. For example, it could be possible for an attacker to overwrite /dev/mmcblk*. Sure, killing the user data is possible with the normal user, but this is another level. Your device could be made unbootable, then one of your few options would be to to reflash EMMC. But anyway, you can gain root access on 90%(guess) of the maemo installations just by running the command "root". Still, this should be removed for the next build.

woody14619 | # 38 | 2012-01-19, 18:33 | Report

Not exactly. Sudo can restrict not only the program called, but the options passed to it. You can, for example, allow the command:
And the user can mount any thing at all. But if you put in:
it will only allow the user to mount that particular partition on that particular mount point with that particular OS. So if you want the user to be able to mount a specific module, all you need to do it name that module as part of the allowed string. Several installs do just that if you look in the sudo.d folder, depending on what you have installed.

NIN101 | # 39 | 2012-01-19, 19:30 | Report

I know that. Doesn't matter here. The TC package comes with the following rule:
and this rule allows to mess with every file on the system. That simple.

woody14619 | # 40 | 2012-01-19, 20:20 | Report

Right, but you can easily edit the file and insert the parameters to allow it to do just the one thing you want it to do. But that then gives away the location of a container if you're "hiding" it.

Personally, I don't encrypt things to "hide" them. I put them there to prevent others from getting casual access to them. I don't care if people scroll off a photo and into my vacation album. But the more "fun" bachelor party photos require a partition be mounted, which is only enabled if I intend to show those photos to someone.