Cryptoswap allows encrypted swap partition creation during system boot.
The package also includes an initialization script for building loopback encrypted /tmp, which may be necessary for systems with encrypted filesystems but where / is not encrypted. It is appropriate to link directories like /var/tmp to /tmp. However, there are other alternatives for such systems. Tmpfs is a Linux kernel feature that allows /tmp to exist in memory, while for systems with encrypted home directories, per-user temporary directories inside $HOME could be used.
The project may also be used to create an encrypted root filesystem, which requires two special partitions. The first is a small partition to hold the kernel and initrd image, /dev/hdaX. The second is a larger partition containing the root of the filesystem, /dev/hdaY. The initrd-based boot system is configured and installed by compiling romfs into the kernel (not as a module). Next, a kernel-supported filesystem is created on /dev/hdaX, and busybox is downloaded and extracted as initrd/busybox. The modules necessary to boot are included in initrd/src/etc/modules.initrd. Additionally, the cryptoswap initrd image is built, and it's important to use the literal command "= root=/dev/ram0 init=/linuxrc rw" or the LILO equivalent.
Finally, set up a loopback device by randomizing the partition of /dev/hdaY and then use OpenSSL to encrypt it with 256-ecb, encrypting the file system using aes /dev/loop0 /dev/hdaY before setting a root filesystem with mkfs.ext2 /dev/loop0. After this, copy the root filesystem to /dev/loop0 and populate it with your new root filesystem. The latest release of cryptoswap comes with an added initrd build environment and documentation update.
Version 0.0.3: N/A