Encrypted File Systems

Linux lets you encrypt nonroot and swap file systems, allowing access only to those users with the appropriate encrypted password. You can apply encryption to both fixed and removable file systems such as USB devices. It is recommended that you use the Luks (Linux Unified Key Setup) encryption tools to encrypt file systems.You can use either the gnome-luks-format tool or cryptsetup directly to setup your encrypted file system. If available for your distribution, the easiest way to set up an encrypted file system is to use the tool. This tool lets you specify the file system, the encryption cipher and passphrase, and the file system type and name. Be sure the file system is not mounted. Once formatted, restart your system. You can then access the encrypted partition or removable drive. For a USB drive or disk, from the file system window double-click the USB drive icon. This opens a window in which you are prompted for a password with the option to forget, remember for the session, or always remember. A message tells you the device is encrypted. Once you enter your password, you can then mount and access the device (double-click it again). The volume name will appear with an icon on your desktop. HAL will handle all mounting and access for removable media. Use the same procedure for fixed partitions. Instead of restarting your system after the initialization and format, you can use luks-setup or crypsetup with the luksOpen option to open the encrypted file system. If you want to manage fixed drives manually, you can place entries in the /etc/ crypttab and /etc/fstab files for them.

Cryptsetup usage

Instead of using gnome-luks-format, you can use the cryptsetup command directly to

manually setup your encrypted file system. You first use the cryptsetup command with the luksFormat option to initialize and create an encrypted volume. You will be prompted to specify a key (or add the key file as an argument). Add an entry for the volume in the /etc/ crypttab file. Then either reboot or use the cryptsetup command with the luksOpen option to access the volume. You will be prompted for the key (or use --keyfile to specify the key). You can then format the file system, specifying its name and type. Place an entry for the new file system in the /etc/fstab file.

If you did not use Luks, you will have to specify an encryption method with the cipher option. Use the --cypher option with cryptsetup in the /etc/crypttab entry. For an ESSIV

cypher, you use aes-cbc-essiv:sha256. For a plain cypher, you use aes-cbc-plain.

Performance improvement of multi-core processors

Fig 1 and fig 2 shows architecture of processor “i7 and core to quad processor” respectively. By comparing i7 processor with previous processors we can conclude that cores in old processors shares there cache memory. This causes result in un efficient utilization of resources (cache), because when one core accessing cache memory then no other processor can access cache. He must have to wait until it is released by core. 

Fig 1.architecture of i7 processor

Fig 2.archtiecture of core to quad processor

 In i7 processor there is an independent local L2 cache memory for each core. These cache accessed by only their cores, not by others. Also there is one shared L3 cache memory of size 8mb which is shared among all four cores of i7 processor. I just think that shared memory is critical section area that means shared memory can be used by only one core at a time, these results in decreasing system performance.

Now I have an idea to overcome this is dividing shared cache in 4 same size caches as shown in fig 3. This result in when one core accessing an shared memory then other can access other shared memory thus one core does not have to wait for other core to release shared cache.

 fig3. Performance improvement of multi-core processors

 Above solution may causes deadlock. So we have to force them to use only one shared memory at a time so we can avoid deadlocks. But this approach will may result in program does not fit in that much of size.