Dear gurus:
I'd like to modify the kernel to load a encrypted initrd. While
loading the initial ramdisk, kernel reads secret key from somewhere
else and decrypts initrd, and then continues the boot process.
However, I met a problem.
Since there are crypto libraries reside in kernel, I believe that's
the best resource for me to implement this mechanism. At first I
followed the interfaces found in crypto/api.c, but found it is loads
crypto-algorithms from modules. Even after I configured an algo as
build-in module (say, aes), I always failed at its initialization
stage. (crypto_alloc_blkcipher returns error)
Please give me suggestions. Am I on a right course?
--
Best regards,
Hong-Bin
blog: http://furseal.wordpress.com
msn: [email protected]
Tsai, Hong-Bin <[email protected]> wrote:
>
> I'd like to modify the kernel to load a encrypted initrd. While
> loading the initial ramdisk, kernel reads secret key from somewhere
> else and decrypts initrd, and then continues the boot process.
> However, I met a problem.
>
> Since there are crypto libraries reside in kernel, I believe that's
> the best resource for me to implement this mechanism. At first I
> followed the interfaces found in crypto/api.c, but found it is loads
> crypto-algorithms from modules. Even after I configured an algo as
> build-in module (say, aes), I always failed at its initialization
> stage. (crypto_alloc_blkcipher returns error)
>
> Please give me suggestions. Am I on a right course?
Have a look at dm-crypt. It's best if you just load a normal but
minimal initrd which then can use dm-crypt to load a larger and
encrypted file system (it could even be a loop back mount of a
file in the initial initrd).
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt