Root/
1 | dm-crypt |
2 | ========= |
3 | |
4 | Device-Mapper's "crypt" target provides transparent encryption of block devices |
5 | using the kernel crypto API. |
6 | |
7 | Parameters: <cipher> <key> <iv_offset> <device path> \ |
8 | <offset> [<#opt_params> <opt_params>] |
9 | |
10 | <cipher> |
11 | Encryption cipher and an optional IV generation mode. |
12 | (In format cipher[:keycount]-chainmode-ivopts:ivmode). |
13 | Examples: |
14 | des |
15 | aes-cbc-essiv:sha256 |
16 | twofish-ecb |
17 | |
18 | /proc/crypto contains supported crypto modes |
19 | |
20 | <key> |
21 | Key used for encryption. It is encoded as a hexadecimal number. |
22 | You can only use key sizes that are valid for the selected cipher. |
23 | |
24 | <keycount> |
25 | Multi-key compatibility mode. You can define <keycount> keys and |
26 | then sectors are encrypted according to their offsets (sector 0 uses key0; |
27 | sector 1 uses key1 etc.). <keycount> must be a power of two. |
28 | |
29 | <iv_offset> |
30 | The IV offset is a sector count that is added to the sector number |
31 | before creating the IV. |
32 | |
33 | <device path> |
34 | This is the device that is going to be used as backend and contains the |
35 | encrypted data. You can specify it as a path like /dev/xxx or a device |
36 | number <major>:<minor>. |
37 | |
38 | <offset> |
39 | Starting sector within the device where the encrypted data begins. |
40 | |
41 | <#opt_params> |
42 | Number of optional parameters. If there are no optional parameters, |
43 | the optional paramaters section can be skipped or #opt_params can be zero. |
44 | Otherwise #opt_params is the number of following arguments. |
45 | |
46 | Example of optional parameters section: |
47 | 1 allow_discards |
48 | |
49 | allow_discards |
50 | Block discard requests (a.k.a. TRIM) are passed through the crypt device. |
51 | The default is to ignore discard requests. |
52 | |
53 | WARNING: Assess the specific security risks carefully before enabling this |
54 | option. For example, allowing discards on encrypted devices may lead to |
55 | the leak of information about the ciphertext device (filesystem type, |
56 | used space etc.) if the discarded blocks can be located easily on the |
57 | device later. |
58 | |
59 | Example scripts |
60 | =============== |
61 | LUKS (Linux Unified Key Setup) is now the preferred way to set up disk |
62 | encryption with dm-crypt using the 'cryptsetup' utility, see |
63 | http://code.google.com/p/cryptsetup/ |
64 | |
65 | [[ |
66 | #!/bin/sh |
67 | # Create a crypt device using dmsetup |
68 | dmsetup create crypt1 --table "0 `blockdev --getsize $1` crypt aes-cbc-essiv:sha256 babebabebabebabebabebabebabebabe 0 $1 0" |
69 | ]] |
70 | |
71 | [[ |
72 | #!/bin/sh |
73 | # Create a crypt device using cryptsetup and LUKS header with default cipher |
74 | cryptsetup luksFormat $1 |
75 | cryptsetup luksOpen $1 crypt1 |
76 | ]] |
77 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9