cryptsetup-2.3.3
Kernel
Configuration
Encrypted block devices require kernel support. To use it, the
appropriate kernel configuration parameters need to be set:
Device Drivers --->
[*] Multiple devices driver support (RAID and LVM) ---> [CONFIG_MD]
<*/M> Device mapper support [CONFIG_BLK_DEV_DM]
<*/M> Crypt target support [CONFIG_DM_CRYPT]
Cryptographic API --->
<*/M> XTS support [CONFIG_CRYPTO_XTS]
<*/M> SHA224 and SHA256 digest algorithm [CONFIG_CRYPTO_SHA256]
<*/M> AES cipher algorithms [CONFIG_CRYPTO_AES]
<*/M> User-space interface for symmetric key cipher algorithms
[CONFIG_CRYPTO_USER_API_SKCIPHER]
For tests:
<*/M> Twofish cipher algorithm [CONFIG_CRYPTO_TWOFISH]
Installation of cryptsetup
Install cryptsetup by running the
following commands:
./configure --prefix=/usr &&
make
To test the result, issue as the root
user: make
check. Some tests may fail if the kernel
configuration parameters above are not set.
Now, as the root
user:
make install
Configuring cryptsetup
Because of the number of possible configurations, setup of
encrypted volumes is beyond the scope of the BLFS book. Please see
the configuration guide in the cryptsetup
FAQ.
Contents
Installed Programs:
cryptsetup, cryptsetup-reencrypt,
integritysetup, and veritysetup
Installed Libraries:
libcryptsetup.so
Installed Directories:
None
Short Descriptions
cryptsetup
|
is used to setup dm-crypt managed device-mapper mappings.
|
cryptsetup-reencrypt
|
is a for offline LUKS device re-encryption.
|
integritysetup
|
is a tool to manage dm-integrity (block level integrity)
volumes.
|
veritysetup
|
is used to configure dm-verity managed device-mapper
mappings. Device-mapper verity target provides read-only
transparent integrity checking of block devices using
kernel crypto API.
|
Last updated on 2020-08-16 21:26:53 -0700