[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Device mapping & LUKS
From: |
Ludovic Courtès |
Subject: |
Re: Device mapping & LUKS |
Date: |
Fri, 19 Sep 2014 14:36:14 +0200 |
User-agent: |
Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux) |
I’ve now documented the thing, copied below.
Device mapping happens after dmd is started, so it doesn’t work yet,
e.g., for the root file system, but I’ll fix it.
Ludo’.
6.2.3 Mapped Devices
--------------------
The Linux kernel has a notion of "device mapping": a block device, such
as a hard disk partition, can be "mapped" into another device, with
additional processing over the data that flows through it(1). A typical
example is encryption device mapping: all writes to the mapped device
are encrypted, and all reads are deciphered, transparently.
Mapped devices are declared using the ‘mapped-device’ form:
(mapped-device
(source "/dev/sda3")
(target "home")
(type luks-device-mapping))
This example specifies a mapping from ‘/dev/sda3’ to ‘/dev/mapper/home’
using LUKS—the Linux Unified Key Setup
(http://code.google.com/p/cryptsetup), a standard mechanism for disk
encryption. The ‘/dev/mapper/home’ device can then be used as the
‘device’ of a ‘file-system’ declaration (*note File Systems::). The
‘mapped-device’ form is detailed below.
-- Data Type: mapped-device
Objects of this type represent device mappings that will be made
when the system boots up.
‘source’
This string specifies the name of the block device to be
mapped, such as ‘"/dev/sda3"’.
‘target’
This string specifies the name of the mapping to be
established. For example, specifying ‘"my-partition"’ will
lead to the creation of the ‘"/dev/mapper/my-partition"’
device.
‘type’
This must be a ‘mapped-device-kind’ object, which specifies
how SOURCE is mapped to TARGET.
-- Scheme Variable: luks-device-mapping
This defines LUKS block device encryption using the ‘cryptsetup’
command, from the same-named package. This relies on the
‘dm-crypt’ Linux kernel module.
---------- Footnotes ----------
(1) Note that the GNU Hurd makes no difference between the concept of
a “mapped device” and that of a file system: both boil down to
_translating_ input/output operations made on a file to operations on
its backing store. Thus, the Hurd implements mapped devices, like file
systems, using the generic "translator" mechanism (*note
(hurd)Translators::).