Debian Administration

Truecrypt 4.2a and Kernel 2.6.18 and 2.6.19 support

Update: This article is obsolete. It has been superceded by newer article: Using truecrypt-installer to help install Truecrypt for Debian

Truerypt(R) is Open Source disk encryption software which uses concept of containers to store encrypted data. It can also encrypt whole partitions. The nice thing with Truecrypt is that the containers (or volumes) can be read transparently under Linux and Windows.

The software is primarily developed as a Windows software and newest Linux support may be lagging behind. Communicating with the Truecrypt development team which is difficult because it seems to consider patches and fixes "unsolicited"[1]:

> Version 4.2a does not compile under Kernel 2.6.19.
> Here is patch to fix it.

This is a feature request tracker, not a patch/bug tracker.
File deleted (unsolicited/irrelevant).

Btw, truecrypt project does not have patch, bug or support tracker, so the response was a little surprising.

SUPPORT FOR NEW KERNELS

Latest truecrypt 4.2a was released 2006-07-03. Since then kernel 2.6.18 was released (2006-09-19) and 2.6.19 (2006-11-29). The following patch may interest those who want to upgrade their kernels and keep encryption working.

1. Download appropriate kernel

   apt-get install linux-source-2.6.x

2. unpack and make symlink

   cd /usr/src
   tar -zxvf linux-source-2.6.*.gz
   # Delete old symlink
   rm -f linux
   ln -s linux-source-2.6.* linux

3. Download 4.2a source code from http://www.truecrypt.org/

4. Unpack archive and apply patch[2]

   cd truecrypt-4.2a/
   patch -p1 < truecrypt-4.2a-*.patch

5. Go to unpacked Linux/ directory and run make

   cd  Linux/Kernel
   make KERNEL_SRC=/usr/src/linux NO_WARNINGS=1   

6. Dismount all truecrypt volumes

   truecrypt -d

7. Install kernel module

    cd ..      (that is: truecrypt-4.2a/Linux)
    sh install.sh

8. Reboot; just in case

DISCLAIMER

acronym: R = Registered Trademark

Truecrypt is registered trademark of David Tesarik (Czech Republic, Parague); See World Intellectual Property Organization registration number: IRN/925625 http://www.wipo.int/ipdl/en. This page is not sponsored by and has no association with The Truecrypt Foundation which is the legal entity of the Truecrypt disk encryption software.

[2] The Patch.

--- truecrypt-4.2a/Linux/Kernel/Dm-target.c     2006-12-11 17:50:46.000000000 +0200
+++ truecrypt-4.2a.new/Linux/Kernel/Dm-target.c 2006-12-10 19:32:43.000000000 +0200
@@ -22,6 +22,35 @@
 #include "Tests.h"
 #include "Dm-target.h"

+/* http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.17-rc1
+ *
+ * commit 4ee218cd67b385759993a6c840ea45f0ee0a8b30
+ * Author: Andrew Morton 
+ * Date: Mon Mar 27 01:17:48 2006 -0800
+ *
+ * [PATCH] dm: remove SECTOR_FORMAT
+ *
+ * We don't know what type sector_t has. Sometimes it's unsigned long, sometimes
+ * it's unsigned long long. For example on ppc64 it's unsigned long with
+ * CONFIG_LBD=n and on x86_64 it's unsigned long long with CONFIG_LBD=n.
+ *
+ * The way to handle all of this is to always use unsigned long long and to
+ * always typecast the sector_t when printing it.
+ *
+ * Acked-by: Alasdair G Kergon 
+ * Signed-off-by: Andrew Morton 
+ * Signed-off-by: Linus Torvalds 
+ *
+ */
+
+#ifndef SECTOR_FORMAT
+#   ifndef CONFIG_LBD /* Large Block Device defined*/
+#     define SECTOR_FORMAT "%lu" /* No 32Bit uint */
+#   else
+#     define SECTOR_FORMAT "%llu" /* Yes 64Bit uint */
+#   endif
+#endif
+
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,5)
 #error Linux kernel 2.6.5 or later required
 #endif
@@ -29,6 +58,11 @@+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)
+#  define DM_MSG_PREFIX MSG_PREFIX
+#endif
+
 #define error(fmt, args...) printk(KERN_ERR MSG_PREFIX fmt, ## args)
 #define trace(level, fmt, args...) level <= trace_level && printk(KERN_DEBUG MSG_PREFIX fmt, ## args)
 #define dbg(fmt, args...) printk(KERN_DEBUG MSG_PREFIX fmt, ## args)
@@ -125,7 +159,11 @@
                        return p;

                trace (3, "blk_congestion_wait\n");
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+               congestion_wait (direction, HZ / 50);
+#else
                blk_congestion_wait (direction, HZ / 50);
+#endif
        }
 }

@@ -497,7 +535,11 @@
        while (!(bion = bio_alloc (GFP_NOIO | __GFP_NOMEMALLOC, bio_segments (bio))))
        {
                trace (3, "blk_congestion_wait\n");
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+               congestion_wait (bio_data_dir (bio), HZ / 50);
+#else
                blk_congestion_wait (bio_data_dir (bio), HZ / 50);
+#endif
        }

        bion->bi_bdev = tc->dev->bdev;
@@ -699,6 +741,12 @@
 module_param_named(trace, trace_level, int, 0);

 MODULE_AUTHOR("TrueCrypt Foundation");
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)
+MODULE_DESCRIPTION(DM_MSG_PREFIX " target for encryption and decryption of TrueCrypt volumes");
+#else
 MODULE_DESCRIPTION(DM_NAME " target for encryption and decryption of TrueCrypt volumes");
+#endif
+
 MODULE_PARM_DESC(trace, "Trace level");
 MODULE_LICENSE("GPL and additional rights"); // Kernel thinks only GPL/BSD/MPL != closed-source code

 int trace_level = 0;

 #define MSG_PREFIX "truecrypt: "

Add Comment Printable version

 

<<< Debian Etch is now frozen prior to release Rescuing a system with massively broken filesystem permissions >>>