Mount the encrypted file system:
# mount /dev/mapper/encrypted_feisty /mnt/feisty
17. Now you can install Ubuntu into this mounted file system by following the
steps that we have used earlier in this book. After you complete installing
Ubuntu, unmount the file system.
18. Add the definition of the encrypted filesystem to /etc/crypttab directory:
encrypted_feisty /dev/mapper/encrypted_feisty none
check=ext3,retry=5
19. Add the device to the file systems that are mounted upon boot in
/etc/fstab:
/dev/mapper/encrypted-feisty /mnt/feisty ext3 defaults 0 2
20. When you reboot, you will be asked for the passphrase before the file
system can be mounted. Provide the passphrase and the file system will be
mounted. Now you can start up your Ubuntu guest domain using a domain
configuration file.
Chapter 7
[ 107 ]
What Just Happened?
The device mapper provides a mechanism to create VBDs based on real block
devices. We can put the VBDs through other things before letting the operating
system access it. In case of using dm-crypt, we route it through the cryptographic API
provided by the linux kernel, and apply high-level encryption to everything written
to our filesystem.
Device Mapper-Based Encryption Using
LUKS
Linux Unified Key Setup (LUKS) provides a standard format for encrypted
partitions and enables multiple users/passwords. It also provides effective password
revocation and security against low entropy attacks. In this section we will once
again use a device mapper-based encryption scheme, but enhance it using LUKS.
Pages:
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102