Scribd
Upload
29 views15 pages

Ubuntu Hacks: Virtual Virtual Devices: Encrypted RAID

This document summarizes a presentation about using the Linux device mapper framework to create layered virtual devices. The device mapper allows arbitrary features like encryption to be added to block devices. It describes how to use the cryptsetup module to encrypt a RAID device, creating an encrypted virtual block device. The presentation recommends encrypting with dm-crypt rather than older alternatives like cryptoloop or loop-AES due to advantages in security and performance. It provides steps to install required packages, create the layered devices using RAID and encryption, and mount the encrypted filesystem for use.

Uploaded by

sexyhackerboy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views15 pages

Ubuntu Hacks: Virtual Virtual Devices: Encrypted RAID

This document summarizes a presentation about using the Linux device mapper framework to create layered virtual devices. The device mapper allows arbitrary features like encryption to be added to block devices. It describes how to use the cryptsetup module to encrypt a RAID device, creating an encrypted virtual block device. The presentation recommends encrypting with dm-crypt rather than older alternatives like cryptoloop or loop-AES due to advantages in security and performance. It provides steps to install required packages, create the layered devices using RAID and encryption, and mount the encrypted filesystem for use.

Uploaded by

sexyhackerboy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Ubuntu Hacks

Virtual Virtual Devices:


Encrypted RAID
Jonathan Oxer

OSCON
July 26th, 2006
Device Mapper
New feature in 2.6 kernel to layer arbitrary features
on top of block devices


Snapshotting

Backups

Redirection

Encryption

Jonathan Oxer
Device Mapper Modules
Modules use the device-mapper framework to
implement specific functionality:


“dmraid” for software RAID

“cryptsetup” for block device encryption

Jonathan Oxer
Alternative Systems
Cryptoloop and loop-AES are older approaches to
filesystem encryption.

Cryptoloop has some disadvantages:


Known plaintext attacks

Watermark attacks

loop-AES is slower than dm-crypt and less flexible.

Jonathan Oxer
Caveats
Encrypted filesystems typically write faster than
they read!

Absolutely do not forget your password ;-)

Jonathan Oxer
Layering Virtual Devices

Jonathan Oxer
Layering Virtual Devices

Jonathan Oxer
Layering Virtual Devices

Jonathan Oxer
Layering Virtual Devices

Jonathan Oxer
Layering Virtual Devices

Jonathan Oxer
Layering Virtual Devices

Jonathan Oxer
Install Required Packages
Install device-mapper and cryptsetup packages:
sudo apt­get install cryptsetup

Jonathan Oxer
Create The Device Layers

Create the pair of RAID-0 devices:
mdadm ­­create /dev/md0 ­­level=0 \
­­raid­devices=2 /dev/sda1 /dev/sda2
mdadm ­­create /dev/md1 ­­level=0 \
­­raid­devices=2 /dev/sda3 /dev/sda4

Use those to create a RAID-1 device:
mdadm ­­create /dev/md2 ­­level=1 \
­­raid­devices=2 /dev/md0 /dev/md1

Create an encrypted virtual device:
cryptsetup create usb1 /dev/md2

Create a filesystem on the virtual device:
mkfs.ext2 /dev/mapper/usb1

Finally, mount it:
mount /dev/mapper/usb1 /mnt/usb1
Jonathan Oxer
Layering Virtual Devices

Jonathan Oxer
More Information

These slides are online at:


jon.oxer.com.au/talks

Ubuntu Hacks available now:


www.ubuntuhacks.com

Thanks for listening!

Jonathan Oxer

You might also like