Truecrypt 4.2a and Kernel 2.6.18 and 2.6.19 support

Posted by jaalto on Wed 20 Dec 2006 at 09:13

Update: This article is obsolete. It has been superceded by newer article: Using truecrypt-installer to help install Truecrypt for Debian

Truerypt(R) is Open Source disk encryption software which uses concept of containers to store encrypted data. It can also encrypt whole partitions. The nice thing with Truecrypt is that the containers (or volumes) can be read transparently under Linux and Windows.

The software is primarily developed as a Windows software and newest Linux support may be lagging behind. Communicating with the Truecrypt development team which is difficult because it seems to consider patches and fixes "unsolicited"[1]:

> Version 4.2a does not compile under Kernel 2.6.19.
> Here is patch to fix it.

This is a feature request tracker, not a patch/bug tracker.
File deleted (unsolicited/irrelevant).

Btw, truecrypt project does not have patch, bug or support tracker, so the response was a little surprising.

SUPPORT FOR NEW KERNELS

Latest truecrypt 4.2a was released 2006-07-03. Since then kernel 2.6.18 was released (2006-09-19) and 2.6.19 (2006-11-29). The following patch may interest those who want to upgrade their kernels and keep encryption working.

1. Download appropriate kernel

   apt-get install linux-source-2.6.x

2. unpack and make symlink

   cd /usr/src
   tar -zxvf linux-source-2.6.*.gz
   # Delete old symlink
   rm -f linux
   ln -s linux-source-2.6.* linux

3. Download 4.2a source code from http://www.truecrypt.org/

4. Unpack archive and apply patch[2]

   cd truecrypt-4.2a/
   patch -p1 < truecrypt-4.2a-*.patch

5. Go to unpacked Linux/ directory and run make

   cd  Linux/Kernel
   make KERNEL_SRC=/usr/src/linux NO_WARNINGS=1   

6. Dismount all truecrypt volumes

   truecrypt -d

7. Install kernel module

    cd ..      (that is: truecrypt-4.2a/Linux)
    sh install.sh

8. Reboot; just in case

DISCLAIMER

acronym: R = Registered Trademark

Truecrypt is registered trademark of David Tesarik (Czech Republic, Parague); See World Intellectual Property Organization registration number: IRN/925625 http://www.wipo.int/ipdl/en. This page is not sponsored by and has no association with The Truecrypt Foundation which is the legal entity of the Truecrypt disk encryption software.


[1] https://sourceforge.net/tracker/?func=detail&atid=686838&aid=1613242&group_id=120388

[2] The Patch.

--- truecrypt-4.2a/Linux/Kernel/Dm-target.c     2006-12-11 17:50:46.000000000 +0200
+++ truecrypt-4.2a.new/Linux/Kernel/Dm-target.c 2006-12-10 19:32:43.000000000 +0200
@@ -22,6 +22,35 @@
 #include "Tests.h"
 #include "Dm-target.h"

+/* http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.17-rc1
+ *
+ * commit 4ee218cd67b385759993a6c840ea45f0ee0a8b30
+ * Author: Andrew Morton 
+ * Date: Mon Mar 27 01:17:48 2006 -0800
+ *
+ * [PATCH] dm: remove SECTOR_FORMAT
+ *
+ * We don't know what type sector_t has. Sometimes it's unsigned long, sometimes
+ * it's unsigned long long. For example on ppc64 it's unsigned long with
+ * CONFIG_LBD=n and on x86_64 it's unsigned long long with CONFIG_LBD=n.
+ *
+ * The way to handle all of this is to always use unsigned long long and to
+ * always typecast the sector_t when printing it.
+ *
+ * Acked-by: Alasdair G Kergon 
+ * Signed-off-by: Andrew Morton 
+ * Signed-off-by: Linus Torvalds 
+ *
+ */
+
+#ifndef SECTOR_FORMAT
+#   ifndef CONFIG_LBD /* Large Block Device defined*/
+#     define SECTOR_FORMAT "%lu" /* No 32Bit uint */
+#   else
+#     define SECTOR_FORMAT "%llu" /* Yes 64Bit uint */
+#   endif
+#endif
+
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,5)
 #error Linux kernel 2.6.5 or later required
 #endif
@@ -29,6 +58,11 @@+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)
+#  define DM_MSG_PREFIX MSG_PREFIX
+#endif
+
 #define error(fmt, args...) printk(KERN_ERR MSG_PREFIX fmt, ## args)
 #define trace(level, fmt, args...) level <= trace_level && printk(KERN_DEBUG MSG_PREFIX fmt, ## args)
 #define dbg(fmt, args...) printk(KERN_DEBUG MSG_PREFIX fmt, ## args)
@@ -125,7 +159,11 @@
                        return p;

                trace (3, "blk_congestion_wait\n");
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+               congestion_wait (direction, HZ / 50);
+#else
                blk_congestion_wait (direction, HZ / 50);
+#endif
        }
 }

@@ -497,7 +535,11 @@
        while (!(bion = bio_alloc (GFP_NOIO | __GFP_NOMEMALLOC, bio_segments (bio))))
        {
                trace (3, "blk_congestion_wait\n");
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+               congestion_wait (bio_data_dir (bio), HZ / 50);
+#else
                blk_congestion_wait (bio_data_dir (bio), HZ / 50);
+#endif
        }

        bion->bi_bdev = tc->dev->bdev;
@@ -699,6 +741,12 @@
 module_param_named(trace, trace_level, int, 0);

 MODULE_AUTHOR("TrueCrypt Foundation");
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)
+MODULE_DESCRIPTION(DM_MSG_PREFIX " target for encryption and decryption of TrueCrypt volumes");
+#else
 MODULE_DESCRIPTION(DM_NAME " target for encryption and decryption of TrueCrypt volumes");
+#endif
+
 MODULE_PARM_DESC(trace, "Trace level");
 MODULE_LICENSE("GPL and additional rights"); // Kernel thinks only GPL/BSD/MPL != closed-source code

 int trace_level = 0;

 #define MSG_PREFIX "truecrypt: "

 

 


Posted by yarikoptic (165.230.xx.xx) on Wed 20 Dec 2006 at 18:44
[ Send Message ]
Some simple use case presented would greatly benefit

[ Parent | Reply to this comment ]

Posted by Anonymous (202.12.xx.xx) on Thu 21 Dec 2006 at 05:19
Another option is to use cryptsetup to create LUKS volumes (http://luks.endorphin.org/) on the Linux end, and FreeOTFE (http://www.FreeOTFE.org/) on the Windows end....

Rob

[ Parent | Reply to this comment ]

Posted by Anonymous (142.167.xx.xx) on Thu 21 Dec 2006 at 23:29
I use LUKS with FreeOTFE as well. I prefer these tools as the licenses are sane and stock debian kernels can be used.

[ Parent | Reply to this comment ]

Posted by Anonymous (62.24.xx.xx) on Thu 21 Dec 2006 at 09:18
Btw, truecrypt project does not have patch, bug or support tracker
Check the facts, before posting: http://www.truecrypt.org/bugs/ If you posted a bugfix in my feature request tracker, when bugs are to be posted elsewhere, I would be annoyed too.

[ Parent | Reply to this comment ]

Posted by Anonymous (81.224.xx.xx) on Thu 21 Dec 2006 at 12:30
But a pointer to where to drop pathes and bug reports would have been good, wouldn't it?

[ Parent | Reply to this comment ]

Posted by xens (62.24.xx.xx) on Fri 22 Dec 2006 at 12:58
[ Send Message ]
I love pricks like you, who can't even admit being wrong.

I opened the TrueCrypt man page and there's the standard chapter:

---quote---
REPORTING BUGS
Report bugs at <http://www.truecrypt.org/bugs/>.
---quote---


The readme.txt in the source code package also contains interesting information applying to hackers like you:

---quote---
III. Third-Party Developers
===========================

If you intend to implement a feature, please contact us first to make sure:

1) That the feature has not been implemented (we may have already implemented it, but haven't released the code yet).
2) That the feature is acceptable.
3) Whether we need help of third-party developers with implementing the feature.

Information on how to contact us can be found at:
http://www.truecrypt.org/contact.php
---quote---



Next time, check the facts before trolling.

[ Parent | Reply to this comment ]

Posted by hypatia (199.223.xx.xx) on Thu 21 Dec 2006 at 13:42
[ Send Message ]
I just went through this process on my Ubuntu box last week. It took a bit of googling to figure it out. But, alas, I did not think of posting a patch. Thanks for documenting it here. I feel like a schmuck for having done the work, but not "giving it back to the community".

Someone asked for a use case. I keep an encrypted container (and the Windows installer) on my USB thumb drive. I can carry lots of personal information and passwords with me everywhere I go and don't have to worry about loosing it.

Another use case I've is for off-site archival storage. Use rsync to move your archives of important info to remote, but untrusted, servers. I regularly ssh/rsync my containers from work to home. Or you can make your containers CD-ROM or DVD sized, so you can burn them onto disk, and mail the disks to some one who will store them for you.

The idea of encrypted partitions scares me. I have too much experience salvaging data from corrupted filesystems and damaged disks. I don't think dd-rescue and debugfs will work well on encrypted partitions. I consider small, easily manipulated containers a better option for my needs.

Thanks again for the article.

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Sun 18 Mar 2007 at 09:27
[ Send Message ]
FYI,

This article has now been superseded by "Using truecrypt-intaller to help install Truecrypt for Debian" http://www.debian-administration.org/articles/506

The installer project includes this patch and extends it to kernel 2.6.20 as well.

-- Jari Aalto

[ Parent | Reply to this comment ]

Sign In

Username:

Password:

[Register|Advanced]

 

Flattr

 

Current Poll

Which init system are you using in Debian?






( 1033 votes ~ 6 comments )