Author: robert Date: 2008-10-25 22:02:33 -0600 (Sat, 25 Oct 2008) New Revision: 1469
Modified: branches/Onward/downloads/patches.txt branches/Onward/kernel-config.txt branches/Onward/temporary_system/linux-kernel.txt branches/Onward/temporary_system/util-linux-ng.txt Log: Added Loop-AES. Modified: branches/Onward/downloads/patches.txt =================================================================== --- branches/Onward/downloads/patches.txt 2008-10-26 03:12:29 UTC (rev 1468) +++ branches/Onward/downloads/patches.txt 2008-10-26 04:02:33 UTC (rev 1469) @@ -68,6 +68,10 @@ # Linux frandom patch: http://www.linuxfromscratch.org/patches/downloads/linux/linux-2.6.24.7-frandom-1.patch +# Loop-AES patch: +# http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.2c.tar.bz2.sign +http://loop-aes.sourceforge.net/loop-AES/loop-AES-v3.2c.tar.bz2 + # Ncurses Coverity patch: http://www.linuxfromscratch.org/patches/downloads/ncurses/ncurses-5.6-coverity_fixes-1.patch @@ -77,3 +81,7 @@ # Perl assertion bug fix patch: http://www.linuxfromscratch.org/~robert/new/patches/perl-5.10.0-assertion_fix.diff +# Util-linux-ng Loop-AES patch: +# http://loop-aes.sourceforge.net/updates/util-linux-ng-2.14.1-20081015.diff.bz2.sign +http://loop-aes.sourceforge.net/updates/util-linux-ng-2.14.1-20081015.diff.bz2 + Modified: branches/Onward/kernel-config.txt =================================================================== --- branches/Onward/kernel-config.txt 2008-10-26 03:12:29 UTC (rev 1468) +++ branches/Onward/kernel-config.txt 2008-10-26 04:02:33 UTC (rev 1469) @@ -14,6 +14,10 @@ CONFIG_SECURITY_CAPABILITIES CONFIG_SECURITY_FILE_CAPABILITIES +Enable Loop-AES for encrypted swap: + BLK_DEV_LOOP_AES + BLK_DEV_LOOP_KEYSCRUB + All the Grsec and PaX options can be enabled, but some should be disabled for the best security. Modified: branches/Onward/temporary_system/linux-kernel.txt =================================================================== --- branches/Onward/temporary_system/linux-kernel.txt 2008-10-26 03:12:29 UTC (rev 1468) +++ branches/Onward/temporary_system/linux-kernel.txt 2008-10-26 04:02:33 UTC (rev 1469) @@ -5,6 +5,14 @@ zcat ../grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz | patch -p1 && patch -p1 -i ../linux-2.6.24.7-frandom-1.patch && +# Patch for Loop-AES. This is optional, and intended for encrypted swap. This +# is relevant even on servers because the swap space is vulnerable to anyone +# who can read the device file: + +tar xf ../loop-AES-v3.2c.tar.bz2 && +rm -fv ./drivers/block/loop.c ./include/linux/loop.h && +patch -p1 -i loop-AES-v3.2c/kernel-2.6.24.diff && + mkdir -v obj/ && cd obj/ && make -C ../ mrproper && Modified: branches/Onward/temporary_system/util-linux-ng.txt =================================================================== --- branches/Onward/temporary_system/util-linux-ng.txt 2008-10-26 03:12:29 UTC (rev 1468) +++ branches/Onward/temporary_system/util-linux-ng.txt 2008-10-26 04:02:33 UTC (rev 1469) @@ -1,5 +1,10 @@ # Temporary tools - Util-linux-ng +# Patch for Loop-AES: +# Fixme: This && doesn't work because of the | pipe. + +bzcat ../util-linux-ng-2.14.1-20081015.diff.bz2 | patch -p1 && + mkdir -v obj/ && cd obj/ && -- http://linuxfromscratch.org/mailman/listinfo/hlfs-book FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
