Time for Action??”by Extending dm-crypt
Since we will be using a device mapper-based encyption scheme as in the previous
section, a lot of our initial steps will be same as the previous section, the main
difference being that we will use the LUKS format for the hard disk encryption.
1. As described previously, ensure that you compile your kernel to have all the
required modules. Also install the dmsetup and cryptsetup packages. In order
to use LUKS, the kernel will need to support SHA-256 algorithm. Select this
option and compile it as a module or include it in the kernel. You can either
insert the module into the running kernel or reboot if you include it in, to get
the changes.
Encryption
[ 108 ]
2. We will once again use a loopback file to store our encrypted file system.
Create a file that will contain the root file system for an Ubuntu
Feisty installation:
# dd if=/dev/urandom of=/home/pchaganti/xen-images/
ubuntu_feisty_domU.img bs=1G count=6
3. Set the loopback file created above as a loop device:
# losetup ??“f /home/pchaganti/xen-images/ubuntu_feisty_domU.img
4. Create a logical volume using the loop device. This will ask you for a
passphrase. From this point on, whenever you mount this encrypted file, you
will need to provide the passphrase:
# cryptsetup luksFormat /dev/loop0
5. Now create a device mapper for the loopback device:
# cryptsetup luksOpen /dev/loop0 encrypted_feisty_luks
Chapter 7
[ 109 ]
6. Create an ext3 file system on the encrypted file:
# mkfs.
Pages:
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103