| Commit message (Collapse) | Author | Age | Files |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Quoting /usr/share/doc/cryptsetup/README.keyctl :
The current state for dm-crypt in Linux is that it is single threaded, thus
every dm-crypt mapping only uses a single core for crypto operations. To
use the full power of your many-core processor it is thus necessary to
split the dm-crypt device. For Linux software raid arrays the easiest
segmentation is to just put the dm-crypt layer below the software raid
layer.
However, this seems no longer true since 2.6.38, cf.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714806
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c029772125594e31eb1a5ad9e0913724ed9891f2
http://kernelnewbies.org/Linux_2_6_38#head-49f5f735853f8cc7c4d89e5c266fe07316b49f4c
Therefore encrypting the array (instead of assembling an array of encrypted
disks) shouldn't cause a performance cost. Also, it makes the ramdisk much
easier to configure :-)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The non-blocking PRNG /dev/urandom doesn't block if it has been seeded
enough, sadly (e.g., if the entropy pool is empty). Reading a few bytes
from the *blocking* should ensure that "the kernel RNG has [...] reach
full entropy at least once, which guarantees cryptographic quality of
the rest of the /dev/urandom stream." -- Tor bug #10676
https://trac.torproject.org/projects/tor/ticket/10676
See also urandom(4).
|
|
|
|
|
| |
Tested with the IntelĀ® Desktop Board DH87RL, BIOS [RLH8710H.86A] version
0323.
|
| |
|
|
|
|
|
| |
To be clearer, and to follow the recommendation of the FSF, we include
a full header rather than a single sentence.
|
|
|
|
|
| |
Replaced [ -n "$string" ] with [ "$string" ], and [ -z "$string" ] with
[ ! "$string" ].
|
| |
|
|
|
|
|
| |
'syslog' is meant for the messages generated internally by syslogd,
whereas 'user' is for user-level messages.
|
| |
|
|
Move preseed-related stuff in ./preseed/, and vm-related stuff in
./virtualenv/.
|