is it safe to use loop-aes-utils v. 2.13-1 on debian lenny/testing?

Max Vozeler xam at debian.org
Mon Oct 15 20:36:55 UTC 2007 

Hi Gregor,

On Mon, Oct 15, 2007 at 04:33:51PM +0200, Gregor Zattler wrote:
> I want to install a debian lenny system on a notebook and would
> like to encrypt root and swap in the most transparent and debian
> like way (especially with respect to kernel updates and
> hibernation). 

To be honest, I'm not sure about hibernation.

There is a setup described on [1] for suspend2+loop-AES, so
there should be no fundamental problems. I haven't tried it 
myself though, at least not yet :-)

[1] http://wiki.tuxonice.net/EncryptedSwapAndRoot

If you try the above, or a different setup, it would be great
if you could send a quick note to e.g. this list. If it turns 
out to be more involved, we could try to include the required
steps in the Debian documentation.

For encrypting root, please let us know if the instructions
work for you (or not) and about any questions left unanswered
by the documentation. The initramfs-tools scripts have not 
been in wide(er) use as far as I know, and there is sure to 
be room for improvement. 

As a safety measure, please make sure to keep a copy of your
keyfile used to encrypt the root encryption somewhere outside
the root partition itself; In case anything goes wrong during
a kernel upgrade or initramfs update, you can still access the
partition to recover.

> The version of loop-aes-utils in lenny is frocen since the 
> etch release (why is it frozen after etchs release?).

It is still frozen because it builds an udeb (mount-aes-udeb) 
for use in debian-installer. Such packages building udebs are
in a sort of permanent freeze and so they need manual approval
and hinting for testing propagation.

When I last looked (a few weeks back), util-linux 2.13 wasn't
ready for testing, so I held back asking for loop-aes-utils so
as to avoid too different upstream versions in testing. Now 
that 2.13 is in testing, I'll ask for unblocking.

> Do you think it's safe to build loop-aes-utils from unstable on
> the lenny system and use it? 

Yes.

> I'm unsure which public forum would be appropriate for questions
> regarding the installation and maintenance of loop-aes for debian
> systems (linux-crypto mailing list?).  Please feel free to answer
> to such public forum if you consider this to be of public interest.

Actually, I think you've found a good place in this mailinglist.
It is publically archived and everything involing loop-AES and 
Debian is on-topic here. Sometimes Debian-specific things get
dicussed on linux-crypto, too. I personally think it is often not
very interesting for the general audience there, but YMMV.

	Max

More information about the Pkg-loop-aes-maint mailing list