There are many steps involved in the process. I will provide
Details
for these steps in the next section. I thought
it would
be nice to provide a summary first to provide reference (if you
are experienced with unix/linux you probably don't need the
details anyway). Here they are summarized as follows:
Download the newest international crypto patch (I used
'patch-int-2.2.10.4' at the time this document was written) from:
Run 'config' (or 'menuconfig' or 'xconfig') to configure
your
'MakeFile' for the new kernel. The options to enable encryption
are
scattered. First of all, before you will see any other options
you must
enable 'Prompt for development and/or incomplete code/drivers'
under 'Code
Maturity level options'. Under 'Crypto options' enable 'crypto
ciphers' and
'serpent'. Once again, this document assumes you are using
serpent, but try
whatever you want. Remember that DES is known to be incompatible
as of
2.2.10.4 - it may never be supported at all. There are several
important options to select under 'Block Devices'. These include
'Loopback
device support', 'Use relative block numbers as basis for
transfer functions
(RECOMMENDED)', and 'General encryption support'. DO NOT select
'cast 128' or
'twofish' encryption here. Also note that you don't need any of
the crypto
options under the various network categories. I will not go any
further into
configuration of the kernel, it is out of the scope of this
document and can
be found at the LDP site.
Compile the new kernel.
Edit '/etc/lilo.conf' to add the new kernel image. Run
'lilo -v' to
add the kernel to the boot loader.
Download the source for the newest 'util-linux' (I used
'util-linux-2.9v') package from:
Apply the corresponding patch found in your
'/usr/src/linux/Documentation/crypto/' directory.
CAREFULLY read the 'INSTALL' file! This package
contains the
sources for many system dependent files (important tools such as
'login', 'passwd', and 'init'). If you don't carefully edit the
MCONFIG
file before compiling these sources have a boot disk and/or
shotgun ready
because your system will be quite confused. Basically you want
to set almost
all of the 'HAVE_*' fields equal to yes so that the important
authentication
tools are not compiled and written over. The tools you do want
rebuilt
are 'mount' and 'losetup' to accommodate the new encryption
schemes. I
suggest that you refer to the
Details
section below
for this step.
Compile and install the 'util-linux' source
Reboot the machine with the new kernel.
Edit '/etc/fstab', adding an entry for your mount point
as follows: