Difference between revisions of "Enable Encrypted Partitions for LS-VL"

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search
m (fixed Categories)
m (fixed link to category)
Line 31: Line 31:
 
== Benchmark results ==
 
== Benchmark results ==
  
On a [[:Categorie:LS-WVL|LS-WVL]] using aes-cbc-essiv:sha256 over a RAID-1
+
On a [[:Category:LS-WVL|LS-WVL]] using aes-cbc-essiv:sha256 over a RAID-1
  
 
  Version      1.96  ------Sequential Output------ --Sequential Input- --Random-
 
  Version      1.96  ------Sequential Output------ --Sequential Input- --Random-

Revision as of 12:45, 23 September 2011

This page is work in progress. While all relevant information is already present, the description is not yet complete. Please have a look here again in a few days.

Contents

What will you get?

This how-to guides you to set up Encrypted Partitions for LW-VL using dm-crypt / LUKS. Partitions may even be on a RAID.


What you need beforehand

You have to be able to use the root account on the NAS. You can follow Open Stock Firmware LS-VL.

The Guide

  1. Check whether the kernel support dm_crypt (kernel 2.6.31.8 from Firmware 1.40 and 1.41 is known to be okay.)
# grep dm_crypt /proc/kallsyms
c0021f74 t dm_crypt_init
c0027e74 t __initcall_dm_crypt_init6
c033bbd0 t dm_crypt_bio_destructor
  1. Install the package cryptsetup
apt-get install cryptsetup
  1. Follow the instructions at <http://en.gentoo-wiki.com/wiki/Root_filesystem_over_LVM2,_DM-Crypt_and_RAID> to setup the encryption.
  2. Set up an Initrd for Raid-Boot, using linuxrc-cryptsetup.txt shown at that page.
  3. Install this initrd to /boot and reboot.

Todo

  • Describe a working way to enter the key via network since LS-VL does not have a serial console connector.

Benchmark results

On a LS-WVL using aes-cbc-essiv:sha256 over a RAID-1

Version      1.96   ------Sequential Output------ --Sequential Input- --Random-
                    -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--
Machine        Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  /sec %CP
unencrypted    480M   243  98 71879  34 33253  29   656  99 106898  74 296.7  11
Latency             37950us     344ms     154ms   25967us   10634us     159ms
encrypted      480M   238  95  7241   3  3392   0   577  94  7930   0 252.0   9
Latency             32721us    5407ms    3331ms   34872us   78536us     969ms
                    ------Sequential Create------ --------Random Create--------
                    -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--
files:max:min        /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP
unencrypted      16   124   2 +++++ +++   129   2   134   3 +++++ +++   121   1
Latency               267ms     554us     292ms     306ms     371us     305ms
encrypted        16   218   1 +++++ +++   196   1   188   2 +++++ +++   222   1
Latency               333ms     528us     200ms     209ms     123us     210ms