My notes on making encrypted filesystems "Just Work(tm)"

David Zeuthen david at
Thu Dec 16 13:08:05 PST 2004

On Thu, 2004-12-16 at 21:35 +0100, Sjoerd Simons wrote:
> On Sun, Dec 12, 2004 at 09:47:53PM -0500, David Zeuthen wrote:
> > Finally, since the hal daemon understands the clear text block
> > devices, /dev/dm-0 and onwards, provided by dm and hal must knows how to
> > add hal device objects for these. Thus, if /dev/dm-0 is really the
> > decrypted version of /dev/sda1 then hald must create a hal device object
> > representing /dev/dm-0. This device object will be a sibling to the
> > device object representing /dev/sda1 and will have the same storage
> > device as a parent. 
> The current code in hal for dm detection is really ugly imho. 

Really ugly? It's extremely ugly!! Don't try this at home!

> I think the right
> way (tm) is to push the kernel people to put some more info in sysfs for dm
> devices. (I'm currently playing with the code to see how i can do that).

If the kernel could just store the name we pass to dmsetup it would be
sufficient. E.g. we just have the invariant that the crypto device is to
be called sesame_crypto_<uuid> and the extremly ugly code can be made
nice again.

> And obviously i'm interested in your sesame code :), so lemme know if the starts
> of it are available somewhere..

I'll dig it out.


hal mailing list
hal at

More information about the Hal mailing list