Notes about crypto integration into the kernel There are 2 implementations : - loop-AES (uses i586 optimisations) - cryptoapi (many algorithms) Both are usable at the same time. A) loop-AES ----------- 1) get loop-AES-xxx.tar.bz2 on kernel.org, xxx >= 1.7b 2) extract it, and use kernel-2.4.* to patch the kernel B) cryptoapi ------------ 1) get cryptoapi from www.kerneli.org 2) extract it 3) duplicate a kernel tree 4) touch new_kernel_tree/.config 5) if applied to 2.4.21-preXX, do this in cryptoapi dir : ln -s kbuild-2.4.20 patches/linux-2.4/kbuild-2.4.21 6) make patch-kernel KDIR=where_you_put_the_kernel 7) rm new_kernel_tree/kbuild-2.4.21 8) diff old new ==== extract from cryptoapi ==== Migrating from loop-AES to CryptoAPI ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you want to move from using the loop-AES filesystem encryption to CryptoAPI it only requires a small tweak. After loading cryptoapi and loading the cipher-aes module use the following line when setting up your loopback device: $ losetup -e aes -k 256 -P sha512 /dev/loop0 /dev/ Then proceed to mount your loop device as you normall would. Here is the table for mapping loop-AES to cryptoapi losetup flags: loop-AES cryptoapi ============================================================ -e aes128 -H rmd160 -e aes -k 128 -e aes128 -H sha256 -e aes -k 128 -P sha256 -e aes128 -H sha384 -e aes -k 128 -P sha384 -e aes128 -H sha512 -e aes -k 128 -P sha512 -e aes256 -H rmd160 -e aes -k 256 -e aes256 -H sha256 -e aes -k 256 -P sha256 -e aes256 -H sha384 -e aes -k 256 -P sha384 -e aes256 -H sha512 -e aes -k 256 -P sha512 -e aes128 -e aes -k 128 -P sha256 -e aes192 -e aes -k 192 -P sha384 -e aes256 -e aes -k 256 -P sha512