The cryptoswap package supports building an encrypted swap partition when a system boots.
Cryptoswap.sh should be installed in /etc/init.d. During system boot, cryptoswap.sh should execute right before checkroot.sh. When shutting down, cryptoswap should execute after sysklogd.
This package also includes an initialization script for building loopback encrypted /tmp. This may be necessary if a system contains encrypted filesystems but / is not encrypted. A link from directories like /var/tmp to /tmp may be appropriate. There are a few other alternatives for systems such as these:
1. Tmpfs is a Linux kernel feature that allows /tmp to exist in memory. This is a good solution for systems with a lot of memory and/or (encrypted) swap.
2. If you have a system that uses encrypted home directories, per-user temporary directories inside $HOME could be used. This would ensure that user's data is protected but would require that all applications use $HOME/tmp instead of /tmp.
Finally, the project may be used to create an encrypted root filesystem. Doing so requires two special partitions. First, create a small partition to hold your kernel and initrd image, /dev/hdaX. Second create a large partition to contain the root of your filesystem, /dev/hdaY.
Next configure and install an initrd-based boot system:
1. Ensure romfs is compiled in your kernel (not a module).
2. Create a kernel-supported filesystem on /dev/hdaX and copy your kernel to /vmlinux.
3. Download busybox and extract it as initrd/busybox.
4. Update initrd/src/etc/modules.initrd to include any modules needed to boot.
5. Build cryptoswap's initrd image (cd initrd && make initrd) and copy it to the filesystem on /dev/hdaX at /initrd.img.gz.
6. Make sure you use literal = "root=/dev/ram0 init=/linuxrc rw" or LILO equivalent.
Finally, create a proper encrypted filesystem on /dev/hdaY:
1. Randomize the partition: dd if=/dev/urandom of=/dev/hdaY.
2. Set up a loopback device: openssl enc -d -aes-256-ecb -in initrd/src/etc/efsk | losetup -p0 -e aes /dev/loop0 /dev/hdaY.
3. Create the root filesystem: mkfs.ext2 /dev/loop0.
4. Mount your new root filesystem: mount /dev/loop0 .
5. Populate your new root filesystem.
What's New in This Release:
· Added initrd build environment.
· Documentation update.