On Tue, 07 Aug 2007, Alistair Crooks wrote:
> On Tue, Aug 07, 2007 at 12:26:44PM +0200, Alan Barrett wrote:
> > None of our GENERIC* or INSTALL* kernels include support for cgd (the
> > encrypted disk driver).  What is the reason for this (e.g. legal
> > concerns, kernel size concerns, software quality concerns, nobody has
> > got around to enabling it yet)?
> 
> In the past, it's been because we don't ship crypto by default,
> just in case it makes it to one of the proscribed countries I
> suppose.

That was true long ago, but nowadays we ship crypto sources and binaries
by default.  Most kernels don't have options IPSEC, but a few do; I was
told that the omission was for speed rather than due to legal concerns.

> What do other operating systems do about this?

FreeBSD has gbde(4) and geli(4).  Both are shipped as loadable modules,
or can be compiled into a custom kernel.

OpenBSD has crypto in the vnd(4) driver, enabled by default.

I found some web pages that say Linux needs kernel patches, and others
that say you have to load some modules.

--apb (Alan Barrett)