source: postlfs/security/cryptsetup.xml@ b278caaf

trunk
Last change on this file since b278caaf was b278caaf, checked in by Bruce Dubbs <bdubbs@…>, 8 weeks ago

PAckage updates
Update to:

cryptsetup-2.3.6
gnutls-3.7.2
nss-3.66
vsftpd-3.0.4

  • Property mode set to 100644
File size: 9.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cryptsetup-download-http "&kernel-dl;/linux/utils/cryptsetup/v&cryptsetup-minor;/cryptsetup-&cryptsetup-version;.tar.xz">
8 <!ENTITY cryptsetup-download-ftp " ">
9 <!ENTITY cryptsetup-md5sum "504d1ab22cbc4d1a59a8d8c7ee5ed3bf">
10 <!ENTITY cryptsetup-size "11 MB">
11 <!ENTITY cryptsetup-buildsize "29 MB (add 113 MB for tests)">
12 <!ENTITY cryptsetup-time "0.2 SBU (add 14 SBU for tests)">
13]>
14
15<sect1 id="cryptsetup" xreflabel="cryptsetup-&cryptsetup-version;">
16 <?dbhtml filename="cryptsetup.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>cryptsetup-&cryptsetup-version;</title>
23
24 <indexterm zone="cryptsetup">
25 <primary sortas="a-cryptsetup">cryptsetup</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to cryptsetup</title>
30
31 <para>
32 cryptsetup is used to set up transparent encryption of block devices
33 using the kernel crypto API.
34 </para>
35
36 &lfs101_checked;
37
38 <bridgehead renderas="sect3">Package Information</bridgehead>
39 <itemizedlist spacing="compact">
40 <listitem>
41 <para>
42 Download (HTTP): <ulink url="&cryptsetup-download-http;"/>
43 </para>
44 </listitem>
45 <listitem>
46 <para>
47 Download (FTP): <ulink url="&cryptsetup-download-ftp;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download MD5 sum: &cryptsetup-md5sum;
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download size: &cryptsetup-size;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Estimated disk space required: &cryptsetup-buildsize;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated build time: &cryptsetup-time;
68 </para>
69 </listitem>
70 </itemizedlist>
71
72<!-- No longer needed with 2.3.2.
73 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
74 <itemizedlist spacing="compact">
75 <listitem>
76 <para>
77 Required patch:
78 <ulink url="&patch-root;/cryptsetup-&cryptsetup-version;-upstream_fixes-1.patch"/>
79 </para>
80 </listitem>
81 </itemizedlist>
82-->
83
84 <bridgehead renderas="sect3">cryptsetup Dependencies</bridgehead>
85
86 <bridgehead renderas="sect4">Required</bridgehead>
87 <para role="required">
88 <xref linkend="json-c"/>,
89 <xref linkend="lvm2"/>, and
90 <xref linkend="popt"/>
91 </para>
92
93 <bridgehead renderas="sect4">Optional</bridgehead>
94 <para role="optional">
95 <xref linkend="libpwquality"/>,
96 <ulink url="https://github.com/P-H-C/phc-winner-argon2">argon2</ulink>, and
97 <ulink url="http://www.openwall.com/passwdqc/">passwdqc</ulink>
98 </para>
99
100
101 <para condition="html" role="usernotes">User Notes:
102 <ulink url="&blfs-wiki;/cryptsetup"/>
103 </para>
104 </sect2>
105
106 <sect2 role="kernel" id="cryptsetup-kernel">
107 <title>Kernel Configuration</title>
108
109 <para>
110 Encrypted block devices require kernel support. To use it, the
111 appropriate kernel configuration parameters need to be set:
112 </para>
113
114<screen><literal>Device Drivers ---&gt;
115 [*] Multiple devices driver support (RAID and LVM) ---&gt; [CONFIG_MD]
116 &lt;*/M&gt; Device mapper support [CONFIG_BLK_DEV_DM]
117 &lt;*/M&gt; Crypt target support [CONFIG_DM_CRYPT]
118
119Cryptographic API ---&gt;
120 &lt;*/M&gt; XTS support [CONFIG_CRYPTO_XTS]
121 &lt;*/M&gt; SHA224 and SHA256 digest algorithm [CONFIG_CRYPTO_SHA256]
122 &lt;*/M&gt; AES cipher algorithms [CONFIG_CRYPTO_AES]
123 &lt;*/M&gt; User-space interface for symmetric key cipher algorithms
124 [CONFIG_CRYPTO_USER_API_SKCIPHER]
125 For tests:
126 &lt;*/M&gt; Twofish cipher algorithm [CONFIG_CRYPTO_TWOFISH]</literal></screen>
127
128 <indexterm zone="cryptsetup cryptsetup-kernel">
129 <primary sortas="d-cryptsetup">cryptsetup</primary>
130 </indexterm>
131
132 </sect2>
133
134 <sect2 role="installation">
135 <title>Installation of cryptsetup</title>
136
137<!-- No longer needed with 2.3.2
138 <para>
139 First, apply a patch to fix a build problem caused by API changes in
140 <xref role="nodep" linkend="json-c"/>:
141 </para>
142
143<screen><userinput remap="pre">patch -Np1 -i ../cryptsetup-&cryptsetup-version;-upstream_fixes-1.patch</userinput></screen>
144-->
145
146 <para>
147 Install <application>cryptsetup</application> by running the following
148 commands:
149 </para>
150
151<screen><userinput>./configure --prefix=/usr &amp;&amp;
152make</userinput></screen>
153
154 <para>
155 To test the result, issue as the <systemitem
156 class="username">root</systemitem> user: <command>make check</command>.
157 Some tests will fail if appropriate kernel configuration options are not
158 set. Some additional options that may be needed for tests are:
159 CONFIG_SCSI_LOWLEVEL,
160 CONFIG_SCSI_DEBUG,
161 CONFIG_BLK_DEV_DM_BUILTIN,
162 CONFIG_CRYPTO_USER,
163 CONFIG_CRYPTO_CRYPTD,
164 CONFIG_CRYPTO_LRW,
165 CONFIG_CRYPTO_XTS,
166 CONFIG_CRYPTO_ESSIV,
167 CONFIG_CRYPTO_CRCT10DIF,
168 CONFIG_CRYPTO_AES_TI,
169 CONFIG_CRYPTO_AES_NI_INTEL,
170 CONFIG_CRYPTO_BLOWFISH,
171 CONFIG_CRYPTO_CAST5,
172 CONFIG_CRYPTO_SERPENT,
173 CONFIG_CRYPTO_SERPENT_SSE2_X86_64,
174 CONFIG_CRYPTO_SERPENT_AVX_X86_64,
175 CONFIG_CRYPTO_SERPENT_AVX2_X86_64, and
176 CONFIG_CRYPTO_TWOFISH_X86_64.
177 <!--I still had 5 of 19 tests fail after adding the above crypto options in the
178 kernel. bdubbs -->
179 </para>
180
181 <para>
182 Now, as the <systemitem class="username">root</systemitem> user:
183 </para>
184
185<screen role="root"><userinput>make install</userinput></screen>
186
187 </sect2>
188
189 <!--sect2 role="commands">
190 <title>Command Explanations</title>
191
192 </sect2-->
193
194 <sect2 role="configuration">
195 <title>Configuring cryptsetup</title>
196
197 <para>
198 Because of the number of possible configurations, setup of encrypted
199 volumes is beyond the scope of the BLFS book. Please see the
200 configuration guide in the cryptsetup <ulink
201 url="https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#2-setup">
202 FAQ</ulink>.
203 </para>
204
205 </sect2>
206
207 <sect2 role="content">
208 <title>Contents</title>
209
210 <segmentedlist>
211 <segtitle>Installed Programs</segtitle>
212 <segtitle>Installed Libraries</segtitle>
213 <segtitle>Installed Directories</segtitle>
214
215 <seglistitem>
216 <seg>
217 cryptsetup,
218 cryptsetup-reencrypt,
219 integritysetup, and
220 veritysetup
221 </seg>
222 <seg>
223 libcryptsetup.so
224 </seg>
225 <seg>
226 None
227 </seg>
228 </seglistitem>
229 </segmentedlist>
230
231 <variablelist>
232 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
233 <?dbfo list-presentation="list"?>
234 <?dbhtml list-presentation="table"?>
235
236 <varlistentry id="cryptsetup-prog">
237 <term><command>cryptsetup</command></term>
238 <listitem>
239 <para>
240 is used to setup dm-crypt managed device-mapper mappings
241 </para>
242 <indexterm zone="cryptsetup cryptsetup-prog">
243 <primary sortas="b-cryptsetup">cryptsetup</primary>
244 </indexterm>
245 </listitem>
246 </varlistentry>
247
248 <varlistentry id="cryptsetup-reencrypt">
249 <term><command>cryptsetup-reencrypt</command></term>
250 <listitem>
251 <para>
252 is a tool for offline LUKS device re-encryption
253 </para>
254 <indexterm zone="cryptsetup cryptsetup-reencrypt">
255 <primary sortas="b-cryptsetup-reencrypt">cryptsetup-reencrypt</primary>
256 </indexterm>
257 </listitem>
258 </varlistentry>
259
260 <varlistentry id="integritysetup">
261 <term><command>integritysetup</command></term>
262 <listitem>
263 <para>
264 is a tool to manage dm-integrity (block level integrity) volumes
265 </para>
266 <indexterm zone="cryptsetup integritysetup">
267 <primary sortas="b-integritysetup">integritysetup</primary>
268 </indexterm>
269 </listitem>
270 </varlistentry>
271
272 <varlistentry id="veritysetup">
273 <term><command>veritysetup</command></term>
274 <listitem>
275 <para>
276 is used to configure dm-verity managed device-mapper mappings.
277 Device-mapper verity target provides read-only transparent integrity
278 checking of block devices using kernel crypto API
279 </para>
280 <indexterm zone="cryptsetup veritysetup">
281 <primary sortas="b-veritysetup">veritysetup</primary>
282 </indexterm>
283 </listitem>
284 </varlistentry>
285
286 </variablelist>
287
288 </sect2>
289
290</sect1>
Note: See TracBrowser for help on using the repository browser.