A Kernel with ecryptfs Support

[splitbrain]

Hi,

I'd like to use ecryptfs to easily encrypt the /home dir (without the need for repartitioning or creating a huge container). Unfortunately the needed kernel module is not available on the bubba3 kernel. Could you provide an updated bubba-modules package?

Andi

[RandomUsername]

That's something I'd be quite interested in for my Bubba 2 so consider this a +1.

I'm Using an encrypted LVM partition that has to be mounted at boot time at the moment.

[splitbrain]

Could we get a no/yes/possibly from an Excito staff member?

[ryz]

I guess that in the mean time you could cross compile your own module in the same way some users cross compiled the needed modules for nfs on Bubba 2 before it was included in an update from Excito.
There should be an how-to on that in the forums which I guess could be used as starting point on how to do it for the ecryptfs module.

[RandomUsername]

Actually, I'm slightly curious as to how ecryptfs would work on a server. I have it enabled on my desktop box and the files are decrypted when the user logs on by using the user's password to decrypt the encryption key.

How would it work in a server environment where users don't typically log on? Can you make it decrypt the files whenever someone connects via samba or something?

[splitbrain]

The automatic decryption on a Desktop-System works through a PAM module. You could probably setup up this PAM module for Samba and SSH access as well.

Personally I plan to write a simple webinterface for unlocking. The point of the encryption in my case is to secure the data when someone breaks into my house steals takes the B3 with him not to secure my data against other Bubba users.

[Ubi]

If that's your goal, why not bolt down the bubba. My guess is very few burglars recognize the machine for what it is nor will they be willing to spend two minutes prying it loose. As an added bonus you still have your stuff.

[willem2]

Personally I plan to write a simple webinterface for unlocking. The point of the encryption in my case is to secure the data when someone breaks into my house steals takes the B3 with him not to secure my data against other Bubba users.

Suggestion:

For that purpose I installed Truecrypt on my Bubba (Two).
I have a permanently mounted Truecrypt container which I mount manually after a restart or power failure.

I installed the latest Truecrypt version following the HowTo elsewhere in this forum.

[RandomUsername]

Personally I plan to write a simple webinterface for unlocking. The point of the encryption in my case is to secure the data when someone breaks into my house steals takes the B3 with him not to secure my data against other Bubba users.

Suggestion:

For that purpose I installed Truecrypt on my Bubba (Two).
I have a permanently mounted Truecrypt container which I mount manually after a restart or power failure.

I installed the latest Truecrypt version following the HowTo elsewhere in this forum.

That's exactly what I've done but using an encrypted LVM volume rather than truecrypt.

[splitbrain]

That's exactly what I've done but using an encrypted LVM volume rather than truecrypt.

That's sounds interesting, can you recommend any tutorial for that?

[RandomUsername]

It was a while ago now but I started with this post as the springboard - http://forum.excito.net/viewtopic.php?f ... &hilit=lvm

And then lots of Googling.

I don't have any of the pages I used bookmarked anymore and the first two pages of Google searching for "luks encrypted partition" didn't ring any bells as to any page being more helpful than any of the others. That said, there look to be quite a few decent tutorials.

Basically, what I did is create a 100 G lv and encrypted it using luks, mounted it to /home/encrypted/ and symlinked my user's home directories to that volume - I don't bother doing that with /home/storage because it's pointless encrypting my photos and mp3 collection.

When my B2 reboots I can't access anything in /home/encrypted until I issue these commands (as root):

Code: Select all

cryptsetup luksOpen /dev/mapper/bubba-encrypted encrypted
[prompts for passphrase which is 64 character random ascii in my case]
mount /dev/mapper/encrypted /home/encrypted

[splitbrain]

Okay, got it working. Here is how: http://www.splitbrain.org/blog/2010-11/ ... _on_the_b3

[RandomUsername]

That looks great. Nice work. I also like the theme your blog uses.