4. Select the Cryptographic options node in the kernel configuration:
Encryption
[ 104 ]
5. Select the AES cipher algorithms option. These algorithms are used for
encryption by dm-crypt:
6. Save changes to the configuration, compile the kernel, and install it:
make linux-2.6-xen0-build
make linux-2.6-xen0-install
7. Reboot to pick up the new changes.
8. Check to make sure that you have support for AES:
# cat /proc/crypto
9. Install the user space tools for using dm-crypt:
# apt-get install cryptsetup dmsetup
Chapter 7
[ 105 ]
10. We can display the names of the currently available targets by
using dmsetup:
# dmsetup targets
11. We will use a loopback file to store our encrypted file system. Create a file
that will contain the root file system for an Ubuntu Feisty installation:
# dd if=/dev/urandom of=/home/pchaganti/xen-images/
ubuntu_feisty_domU.img bs=1G count=6
12. Set the loopback file created above as a loop device:
# losetup ??“f /home/pchaganti/xen-images/ubuntu_feisty_domU.img
13. Create a logical volume using the loop device. This will ask you for a
passphrase. From this point on, whenever you mount this encrypted file, you
will need to provide the passphrase:
# cryptsetup -y create encrypted_feisty /dev/loop0
14. Check to make sure that the volume was created correctly by using dmsetup:
# dmsetup ls
Encryption
[ 106 ]
15. Create an ext3 file system on the encrypted file:
# mkfs.ext3 /dev/mapper/encrypted_feisty
16.
Pages:
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101