guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Device mapping & LUKS


From: Ludovic Courtès
Subject: Re: Device mapping & LUKS
Date: Fri, 19 Sep 2014 14:36:14 +0200
User-agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux)

I’ve now documented the thing, copied below.

Device mapping happens after dmd is started, so it doesn’t work yet,
e.g., for the root file system, but I’ll fix it.

Ludo’.


6.2.3 Mapped Devices
--------------------

The Linux kernel has a notion of "device mapping": a block device, such
as a hard disk partition, can be "mapped" into another device, with
additional processing over the data that flows through it(1).  A typical
example is encryption device mapping: all writes to the mapped device
are encrypted, and all reads are deciphered, transparently.

   Mapped devices are declared using the ‘mapped-device’ form:

     (mapped-device
       (source "/dev/sda3")
       (target "home")
       (type luks-device-mapping))

This example specifies a mapping from ‘/dev/sda3’ to ‘/dev/mapper/home’
using LUKS—the Linux Unified Key Setup
(http://code.google.com/p/cryptsetup), a standard mechanism for disk
encryption.  The ‘/dev/mapper/home’ device can then be used as the
‘device’ of a ‘file-system’ declaration (*note File Systems::).  The
‘mapped-device’ form is detailed below.

 -- Data Type: mapped-device
     Objects of this type represent device mappings that will be made
     when the system boots up.

     ‘source’
          This string specifies the name of the block device to be
          mapped, such as ‘"/dev/sda3"’.

     ‘target’
          This string specifies the name of the mapping to be
          established.  For example, specifying ‘"my-partition"’ will
          lead to the creation of the ‘"/dev/mapper/my-partition"’
          device.

     ‘type’
          This must be a ‘mapped-device-kind’ object, which specifies
          how SOURCE is mapped to TARGET.

 -- Scheme Variable: luks-device-mapping
     This defines LUKS block device encryption using the ‘cryptsetup’
     command, from the same-named package.  This relies on the
     ‘dm-crypt’ Linux kernel module.

   ---------- Footnotes ----------

   (1) Note that the GNU Hurd makes no difference between the concept of
a “mapped device” and that of a file system: both boil down to
_translating_ input/output operations made on a file to operations on
its backing store.  Thus, the Hurd implements mapped devices, like file
systems, using the generic "translator" mechanism (*note
(hurd)Translators::).



reply via email to

[Prev in Thread] Current Thread [Next in Thread]