However, file system encryption will keep any
unauthorized person from booting up the system.
We will use the following methods of file system encryption:
Plain device mapper-based encryption.
Key based-device mapper encryption using LUKS.
Device Mapper-Based Encryption
A device mapper enables the definition of new partitions or logical volumes by
specifying ranges of sectors on existing block devices. The ranges specified are then
mapped to targets according to a mapping table. dm-crypt is a package that provides
a target that can be used to transparently encrypt block devices using the kernel
cryptoAPI. This is available only in the Linux 2.6 kernel series. The older kernels
used cryptoloop to provide similar support, but that package has been deprecated. In
this section we will learn how to use a simple device mapper-based encryption using
the dm-crypt package.
??? ???
Encryption
[ 102 ]
Time for Action??”Encrypting Block Devices
We will first prepare our kernel with all the needed modules and options to support
the encryption. Then we will create the file backed virtual block device that will hold
our guest domain and install Ubuntu to it.
1. Select the kernel options for the Device Drivers.
2. Select the Multi-device support (RAID and LVM) option.
Chapter 7
[ 103 ]
3. Select the options??”Device mapper support and Crypt target support. Select
them to be compiled in to the kernel. You can also choose to make them
modules. If you do so, please make sure that you have them included in your
initrd image.
Pages:
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100