Tiny Core Linux
dCore Import Debian Packages to Mountable SCE extensions => dCore X86 => Topic started by: sm8ps on September 10, 2018, 03:54:55 AM
-
Hi friends!
I have been trying to implement some encrypted part of my home as a safe place for sensitive data. However, none of my attempts have succeeded. I have tried with EcryptFS, LUKS as well as Ext4-encryption.
After loading the ecryptfs-utils or cryptsetup package for EcryptFS or LUKS, respectively, there is no module ecryptfs or dm-crypt, respectively, that can be loaded. I recall long time reading something about kernel modules requiring special care when it comes to dCore.
As far as Ext4-encryption is concerned, tune2fs does not accept the option for the encryption feature. Maybe it has to do with the kernel version 4.2.9 (Xenial)?
I have used EncFS on another machine but I would like to use some faster encryption method. I have yet to try GocryptFS which looks like a promising alternative.
Does anybody see a reason why EcryptFS and LUKS do not work on dCore? Does anybody have a working set-up providing an encrypted folder?
-
Is Ext4 encryption enabled in the Kernel?
-
For some reason CONFIG_EXT4_ENCRYPTION=m is set in the kernel config for dCore-xenial instead of CONFIG_EXT4_ENCRYPTION=y, and that option can't be modularized I have read. All other dCore ports, x86 and x86_64, have the option set correctly to y. I will fix this in the coming days.
-
vmlinuz-xenial has been rebuilt for ext4 encryption support. Please download and test from:
http://tinycorelinux.net/dCore/x86/release_candidates/dCore-xenial/
-
First off: thank you very much for your immediate help, Jason! I ran the new kernel only to find out that ext4-encryption needs needs a newer version of e2fsprogs than Xenial provides. I must admit that rather than compiling these I shall upgrade to Bionic(32) which I had intended anyways. (Another THANK YOU for providing this release for the 32-bit architecture!) I just tried ext4-encryption on Bionic64 and AFAICT from the short test it does work.
The more I read on the subject, however, the more I am inclined to work with device encryption. As stated, LUKS does not work, presumably because the necessary kernel module dm-crypt is not available. Is there a way to make it available or can I build it by myself? I would also like to evaluate EcryptFS as possible candidate for which the same applies with respect to the module ecryptfs. Bionic(32) and Bionic64 would be the versions I shall be using.
This all is quite beyond my scope so I am very thankful for guidance and/or help. Once I get it working, I shall include an article in the wiki on the subject because I think it is very important for dCore to have a way for encrypting some part of one's home directory (or should I say: one's private parts? :) ).
Cheers!
-
Hi sm8ps. I am on dCore-bionic now and I am able to modprobe dm-crypt, the results are below. The dm-crypt module is in the package raid-dm-4.14.10-tinycore.
root@box:/# modprobe dm-crypt
root@box:/# lsmod | grep dm_crypt
dm_crypt 24576 0
dm_mod 61440 1 dm_crypt
root@box:/# find usr/local/lib/modules/ -name dm-crypt*
usr/local/lib/modules/4.14.10-tinycore/kernel/drivers/md/dm-crypt.ko
root@box:/#
-
For dCore-bionic, the package ecryptfs-4.14.10-tinycore has been uploaded. It contains the ecryptfs kernel module. Please test.
-
I have upgraded to dCore-bionic64 and both modules are indeed available. I am still in the midst of getting things working and shall report back in the forum with my results which I intend to put in the wiki.
For the moment just many thanks again for your great help, Jason!