Differences
This shows you the differences between the selected revision and the current version of the page.
howto:encrypted_partitions 2008/10/12 00:46 | howto:encrypted_partitions 2017/09/06 18:38 current | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Encrypted partitions for DNS-323 ====== | ====== Encrypted partitions for DNS-323 ====== | ||
- | It is possible to use losetup and friends to have encrypted partitions on your DNS 323. Currently, this is only possible for the 1.03 and 1.05 firmware, unless you fancy compiling your own kernel modules (see [[howto:crosscompile]]). | + | It is possible to use losetup and friends to have encrypted partitions on your DNS 323. Currently, this is only possible for the 1.03, 1.05, 1.10b7 firmware, unless you fancy compiling your own kernel modules (see [[howto:crosscompile]]). |
But be aware that this will have a huge impact on performance (expect to get about 10% the performance of normal disk access...) | But be aware that this will have a huge impact on performance (expect to get about 10% the performance of normal disk access...) | ||
+ | |||
+ | |||
+ | ===== Firmware dns323_FW_110b07_BETA.zip ===== | ||
+ | Looks like works both encrypted loopback (see instructions below) and dm-crypt + device-mapper (both modules already in kernel). | ||
+ | For work with dm-crypt you need to setup ffp, take all necessary encryption modules from page below (http://www.x-linked.de/dns323/fw105/cryptloop/modules/crypto/). | ||
+ | Using crosscompile (you can use DNS-323 ffp to compile all) compile LVM. Unfortunatly orignal 'install' form busybox does not recognize option -D but you can use workaround (move original symlink /bin/install to /tmp/x/install), put this script into /ffp/bin: | ||
+ | <code perl> | ||
+ | #!/ffp/bin/perl -w | ||
+ | |||
+ | $res="/tmp/x/install"; | ||
+ | $pre=""; | ||
+ | @AV=@ARGV; | ||
+ | #print ">'".$AV[$#AV-2]."'\n"; | ||
+ | |||
+ | if( $AV[$#AV-2] eq '-D' ){ | ||
+ | print "Find -D\n"; | ||
+ | $AV[$#AV-2] = ""; | ||
+ | $srcFileName=$AV[$#AV-1]; | ||
+ | $_=$AV[$#AV]; | ||
+ | if(/\/([^\/]+?)$/){ | ||
+ | #$dstPath=$`; | ||
+ | $shortDstName=$1; | ||
+ | $AV[$#AV-1]=$1; | ||
+ | if( $srcFileName ne $shortDstName ){ | ||
+ | $pre = "cp $srcFileName $shortDstName; "; | ||
+ | }; | ||
+ | }; | ||
+ | map { $res .= " $_" if ($_ ne ""); } @AV; | ||
+ | $res = $pre . $res; | ||
+ | } else { | ||
+ | map { $res .= " $_"; } @AV; | ||
+ | }; | ||
+ | `$res`; | ||
+ | # cat install | ||
+ | </code> | ||
+ | |||
+ | ffp packages what you need (from: http://www.inreto.de/dns323/fun-plug/0.5/): | ||
+ | * e2fsprogs-1.41.0-1.tgz | ||
+ | * vreadline-5.2-3.tgz | ||
+ | * kernel-headers-2.6.9.1-2.tgz | ||
+ | * make-3.81-3.tgz | ||
+ | * binutils-2.18.50.0.1-4.tgz | ||
+ | * gcc-4.1-2.tgz | ||
+ | * perl-5.10-2.tgz | ||
+ | * uclibc-0.9.29-7.tgz | ||
+ | * wget-1.12-2.tgz | ||
+ | * grep-2.5.3-2.tgz | ||
+ | |||
+ | Sources from original developers sites: | ||
+ | * LVM2.2.02.85.tgz | ||
+ | * libgcrypt-1.4.6.tar.gz | ||
+ | * cryptsetup-1.2.0.tar.gz | ||
+ | * libgpg-error-1.9.tar.gz | ||
+ | * popt-1.16.tar.gz | ||
+ | |||
+ | Configuration hint: | ||
+ | <code bash> | ||
+ | ./configure --build=arm-linux-uclibc --prefix=/ffp | ||
+ | </code> | ||
+ | |||
+ | Regarding cryptsetup looks like it is not nesessary because you can setup encrypted device using only device-mapper & dmsetup tool (see http://www.saout.de/misc/dm-crypt/) | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== Performance in case of dm-crypt ==== | ||
+ | It is really nightmare (if you think to move 1TB data from not encrypted disk to encrypted). F.E. DNS-323 use Samsung 1,5TB drive. | ||
+ | <code bash> | ||
+ | dd bs=10M if=/dev/zero of=zero count=149 | ||
+ | </code> takes ~9min (2MB/sec) for encrypted drive and 30s for normal drive (49MB/sec) | ||
+ | <code bash> | ||
+ | dd bs=10M if=zero of=/dev/null count=149 | ||
+ | </code> takes ~8min (3MB/sec) for encrypted drive and 30s for normal drive (49MB/sec) | ||
+ | |||
+ | From another point of view it is not so bad and you can see Full DH movies and play sound from DNS-323 in case if it is connected to your WiFi which is not faster than 2MB/sec. | ||