CGD Setup

General Information

CGD info:

This report describes how to setup an encrypted filesystem on NetBSD/i386. adidas chaussures air jordan pour homme pas cher All partitions (except root) shall be encrypted on an existing installation.

  • NetBSD Guide
  • I want my CGD
  • CryptoGraphic Disk Driver

Configuration

ONE

Take a record of the present disk setup:

 df -h | lpr mount | lpr cat /etc/fstab | lpr disklabel wd0 | lpr fdisk > fdisk-output vi fdisk-output 

Edit and remove the control characters at the “bootmenu” entries. adidas ace adidas zx flux This was required to print out on my Brother HL-1430.

 cat fdisk-output | lpr 

TWO

Recompile the kernel with cgd support:

 mkdir /usr/obj vi /usr/src/sys/arch/i386/conf/GENERIC 

Uncomment “psuedo-device cgd 4”

 cd /usr/src/ ./build.sh tools kernel=GENERIC cd /usr/src/sys/arch/i386/compile/obj/GENERIC make install reboot 

THREE

I used a OpenBSD/sparc64 host (ultra5) to store my backups. basket air jordan soldes Create a directory on that box with enough space for the data (and set correct permissions).

Dump the existing filesystems:

 cd / dump -0f - /usr | ssh -o 'EscapeChar none' swm@ultra5 "cat > /usr/dumps/usr.fs" dump -0f - /var | ssh -o 'EscapeChar none' swm@ultra5 "cat > /usr/dumps/var.fs" dump -0f - /home | ssh -o 'EscapeChar none' swm@ultra5 "cat > /usr/dumps/home.fs" 

FOUR

Boot into single user mode and mount root read/write.

 shutdow now mount /dev/wd0a / 

Delete the disklabel entries for swap usr, var and home.

 disklabel -i -I wd0 

Use “P” to print out the current disklabel.

Use “P” to print out the current disklabel.
Using the printouts from step ONE – I had to delete partitions wd0b, wd0e, wd0f and wd0g.
Type “b”. ugg pas cher Then type “unused”, then “0”, “0”.
Type “e”. nike air pegasus Then type “unused”, then “0”, “0”.
Type “f”. nike air max command soldes Then type “unused”, then “0”, “0”.
Type “g”. nike air max command soldes Buy Blade and Soul Gold Then type “unused”, then “0”, “0”.
This will select each label entry, set it unused, and init the values to “0”.
If you type “P” again you’ll see the disklabels have been deleted.
Create a new disklabel for the CGD. nike air max pas cher timberland homme I used “wd0e”.
Type “e”, then “ccd”, then “a”, then “$”. This will create a label for wd0e which starts after the root label (wd0a) and uses the remaining space.
Type “P” again to make sure everything is correct. cheap ffxiv gil adidas stan smith When happy “W” then “Q” to exit.

FIVE

Scrub the wd0e partition:

 cgdconfig -s cgd0 /dev/wd0e aes-cbc 128 < /dev/urandom dd if=/dev/zero of=/dev/rcgd0d bs=32k cgdconfig -u cgd0 

SIX

Create the CGD:

 cd /etc/ mkdir cgd chmod 700 cgd cgdconfig -g -V disklabel -o /etc/cgd/wd0e aes-cbc 256 cgdconfig -V re-enter cgd0 /dev/wd0e 

[Enter a passphrase.]

SEVEN

Make new disklabels within the cgd device:

 disklabel -i -I cgd0 

Press "a", then "unused", "0", "0".
Press "b", then "swap", "0", "250M".
Press "e", then "4.2BSD", "b", "500M".
Press "f", then "4.2BSD", "e", "2000M".
Press "g", then "4.2BSD", "f", "$".
Press "P" to check layout is correct. louboutin homme new balance pas cher Then "W" and "Q" to commit. nike air max 95

EIGHT

Create new filesystems on the CGD:

 newfs /dev/rcgd0e newfs /dev/rcgd0f newfs /dev/rcgd0g 

NINE

Edit configuration files.

The new "/etc/fstab" should read:

 /dev/wd0a / ffs rw 1 1 /dev/cgd0b none swap sw 0 0 /dev/cgd0b /tmp mfs rw,-s=250m /dev/cgd0e /var ffs rw,softdep 1 2 /dev/cgd0f /home ffs rw,softdep 1 2 /dev/cgd0g /usr ffs rw,softdep 1 2 

The "/etc/cgd/cgd.conf" file needs:

 cgd0 /dev/wd0e 

And "/etc/rc.conf" must be modified:

 cgd=YES 

Of course, at this stage only "/bin" and "/sbin" are available - which means no "vi" or "ssh".

Ashamed of my "ed" line editor skillset - I wrote those files while ssh'd into the OpenBSD server via a laptop. adidas femme I used "rcp" to ferry them back onto the NetBSD box. bottes ugg pas cher The broadband modem was casually switched off at this stage.

On the OpenBSD/sparc64 server:

 # vi /etc/rc.conf inetd=YES 

 # vi /etc/inetd.conf shell stream tcp nowait root /usr/libexec/rshd rshd -L 

 # vi /etc/hosts.equiv + + 

 reboot 

To bring up the network (on the NetBSD box) while in single-user:

 cd /etc/rc.d ./network start 

Upload the required files to the server for editing:

 cd /etc/ rcp fstab swm@ultra5:/usr/dumps/fstab rcp rc.conf swm@ultra5:/usr/dumps/rc.conf cd /etc/cgd rcp cgd.conf swm@ultra5:/usr/dumps/cgd.conf 

Then edit using "vi" on the server.

Transfer the files back into place:

 cd /etc/ rcp swm@ultra5:/usr/dumps/fstab fstab rcp swm@ultra5:/usr/dumps/rc.conf rc.conf cd cgd rcp swm@ultra5:/usr/dumps/cgd.conf cgd.conf 

TEN

Restore the data from the dumps

 mount -a cd /var rcp swm@ultra5:/usr/dumps/var.fs var.fs cat var.fs | restore -rf - rm var.fs ; rm rest* cd /home rcp swm@ultra5:/usr/dumps/home.fs home.fs cat home.fs | restore -rf - rm home.fs ; rm rest* cd /usr rcp swm@ultra5:/usr/dumps/usr.fs usr.fs cat usr.fs | restore -rf - rm usr.fs ; rm rest* 

Check everything is where it should be. Then reset the NetBSD box:

 reboot 

CryptoGraphic Disk setup is now comlete and a passphrase is required at boot-time to access the disks.


REFERENCE

For your information:

 # cat /etc/fstab /dev/wd0a / ffs rw 1 1 /dev/cgd0b none swap sw 0 0 /dev/cgd0b /tmp mfs rw,-s=250m /dev/cgd0e /var ffs rw,softdep 1 2 /dev/cgd0f /home ffs rw,softdep 1 2 /dev/cgd0g /usr ffs rw,softdep 1 2 kernfs /kern kernfs rw /dev/cd0a /home/swm/cd cd9660 ro,noauto 0 0 procfs /emul/linux/proc procfs ro,linux # df -h Filesystem Size Used Avail Capacity Mounted on /dev/wd0a 242M 26M 204M 11% / /dev/cgd0e 485M 16M 444M 3% /var /dev/cgd0g 5.9G 2.5G 3.0G 45% /usr mfs:316 242M 3.0K 230M 0% /tmp /dev/cgd0f 1.9G 4.6M 1.8G 0% /home kernfs 1.0K 1.0K 0B 100% /kern procfs 4.0K 4.0K 0B 100% /usr/pkg/emul/linux/proc # disklabel wd0 # /dev/rwd0d: type: unknown disk: Maxtor 5T020H2 label: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 38792 total sectors: 39102336 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg/sgs] a: 512064 20480000 4.2BSD 1024 8192 42672 # (Cyl.  Adidas Superstar 20317*- 20825*) c: 18622336 20480000 unused 0 0 # (Cyl. adidas chaussures pas cher 20317*- 38791) d: 39102336 0 unused 0 0 # (Cyl.  air max homme asics france asics gel quantum 360 0 - 38791) e: 18110272 20992064 ccd # (Cyl. air max homme ugg soldes 2017 20825*- 38791) # disklabel cgd0 disklabel: Invalid signature in mbr record 0 # /dev/rcgd0d: type: cgd disk: cgd label: fictitious flags: bytes/sector: 512 sectors/track: 2048 tracks/cylinder: 1 sectors/cylinder: 2048 cylinders: 8842 total sectors: 18110272 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 7 partitions: # size offset fstype [fsize bsize cpg/sgs] b: 512000 0 swap # (Cyl. bottes ugg pas cher 0 - 249) d: 18110272 0 unused 0 0 # (Cyl. bottes ugg pas cher 0 - 8842*) e: 1024000 512000 4.2BSD 1024 8192 46552 # (Cyl.  asics chaussures timberland pas cher 250 - 749) f: 4096000 1536000 4.2BSD 2048 16384 27560 # (Cyl. nike air max soldes asics basket 750 - 2749) g: 12478272 5632000 4.2BSD 2048 16384 26216 # (Cyl. 2750 - 8842*) 

This setup was done on a ~20GB disk shared with a Debian GNU/Linux distribution:

 # fdisk Disk: /dev/rwd0d NetBSD disklabel disk geometry: cylinders: 38792, heads: 16, sectors/track: 63 (1008 sectors/cylinder) total sectors: 39102336 BIOS disk geometry: cylinders: 1023, heads: 240, sectors/track: 63 (15120 sectors/cylinder) total sectors: 39102336 Partition table: 0: NetBSD (sysid 169) bootmenu: start 20480000, size 18622336 (9093 MB, Cyls 1354/119/24-2586/32/1), Active 1: Linux native (sysid 131) bootmenu: start 63, size 979902 (478 MB, Cyls 0-64/195/1) 2: Linux swap or Prime or Solaris (sysid 130) bootmenu: start 979965, size 1959930 (957 MB, Cyls 64/195/1-194/105/1) 3: Extended partition (sysid 5) start 2939895, size 17526915 (8558 MB, Cyls 194/105/1-1353/150/1) Extended partition table: E0: Linux native (sysid 131) start 2939958, size 1959867 (957 MB, Cyls 194/105/1-324/15/1) E1: Linux native (sysid 131) start 4899888, size 1959867 (957 MB, Cyls 324/15/1-453/165/1) E2: Linux native (sysid 131) start 6859818, size 2923767 (1428 MB, Cyls 453/165/1-647/15/1) E3: Linux native (sysid 131) start 9783648, size 10683162 (5216 MB, Cyls 647/15/1-1353/150/1) Bootselector disabled.    

Speak Your Mind

*