Uptodate page!

Note: This page is horribly out of date.
You can find the current pages for the dm-crypt project (the Linux kernel part) here: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt and the project page for the command line tool cryptsetup (with Linux Unified Key Setup - LUKS) here: https://gitlab.com/cryptsetup/cryptsetup.

Old page:

About

Device-mapper is a new infrastructure in the Linux 2.6 kernel that provides a generic way to create virtual layers of block devices that can do different things on top of real block devices like striping, concatenation, mirroring, snapshotting, etc... The device-mapper is used by the LVM2 and EVMS 2.x tools.
dm-crypt is such a device-mapper target that provides transparent encryption of block devices using the new Linux 2.6 cryptoapi. The user can basically specify one of the symmetric ciphers, a key (of any allowed size), an iv generation mode and then the user can create a new block device in /dev. Writes to this device will be encrypted and reads decrypted. You can mount your filesystem on it as usual. But without the key you can't access your data.
It does basically the same as cryptoloop only that it's a much cleaner code and better suits the need of a block device and has a more flexible configuration interface. The on-disk format is also compatible. In the future you will be able to specify other iv generation modes for enhanced security (you'll have to reencrypt your filesystem though).

I've set up a Wiki.
There's a mailing list at . If you want to subscribe, use the mailman web interface or its archive.
Gmane provides a NNTP interface and also a web archive for this mailing list.

Download

There is support for dm-crypt in the latest official kernel 2.6.4 which you can find on kernel.org. Please use the mirrors for downloads.
There is a HIGHMEM cryptoapi bug in kernels before 2.6.4-rc2, please upgrade if you were using such a kernel.
The latest version of the native userspace setup tool is cryptsetup 0.1.
Clemens Fruhwirth is maintaining an enhanced version of cryptsetup with the LUKS extension that allows you to have an on-disk block of metadata which is superior to the current mechanism and was my long term plan anyway but I didn't find the time to implement that yet...

A solid red light usually indicates an incompatible firmware version or a failed flash. You must repeat the USB pinout method to flash a compatible firmware repair package.

This is widely considered the safest method, as it involves no firmware changes.

Power the device off for 30 seconds and then back on to clear the temporary cache.

using custom firmware lets you bypass strict carrier locks, access hidden network settings, and pick any data provider worldwide. Many units come locked to specific providers, like Free Libyana or Vodafone, turning your device into an expensive paperweight if you change networks.

Flashing firmware can damage your router if done incorrectly. Proceed with caution and ensure the router is not turned off during the process. Risks and Precautions

Select your computer’s network card from the network adapter dropdown list.

If your router's default firmware allows manual code entry, an IMEI unlock is the safest method as it does not carry any risk of bricking the device. Step 1: Locate Your Router's IMEI

: Navigate to 192.168.8.1 in your browser and log in with your admin credentials.

Unlike simple "unlock codes" that work for older devices, modern LTE routers like the B311221 often require a firmware flash to remove the carrier lock. Here is why unlocking the firmware is the best route:

If you have installed custom firmware, you can now explore the advanced features, such as enabling Telnet, setting up ad-blocking, or configuring a VPN.

These tools often require a paid license (like credits for DC-Unlocker) but offer a graphical interface or straightforward command-line instructions.

hardware, explains the advantages of flashing modded exclusive firmware, and provides a clear walkthrough for safely unlocking your router. 📊 Technical Profiles: Huawei B311-221 Huawei B311-221

Migration from cryptoloop and compatibility

The on-disk layouts used by the current 2.6 cryptoloop are supported by dm-crypt.
Cryptoloop also uses cryptoapi so the name of the ciphers are the same. Cryptoloop also supports ECB and CBC mode. Use <cipher>-ecb and <cipher>-plain accordingly with dm-crypt. If you didn't explicitly specify either -ecb or -cbc before you don't need it now, the default plain IV generation will be used. There will be additional (incompatible, but more secure) possibilites in the future because the unhashed sector number as IV is too predictible.

You'll need to figure out how your passphrase was turned into a key to use for losetup. There are several patches floating around doing things differently. But usually cryptsetup will provide a working solution to recreate the same key from your passphrase.

If you want to migrate from 2.4 cryptoloop please take a look at Clemens Fruhwirth's Cryptoloop Migration Guide. He describes the differences between 2.4 and 2.6 cryptoapi (or basically the bugs in 2.4 cryptoapi...). If you need to cut the key size you can use the -s option instead of playing with dd.
(BTW: Clemens has a i586 optimized version of the aes and serpent cipher on his page, about twice as fast as the kernel implementation.)

Why

Why dm-crypt?
Originally it started as a fun project because I wanted to play with the new Linux 2.6 internals. I got a lot of great help from the device-mapper guys at Sistina (now Redhat). Thank you very much!
It turned out that this implementation worked great and is very clean compared to the hacked loop device. The device-mapper core provides much better facilities to stack block devices. dm-crypt uses mempools to assure we never run into out-of-memory deadlocks when allocating buffers.
Also the device-mapper configuration interface provides much more flexibility than the losetup ioctl. And you can create as many devices as you want with any names you want and combine them with other dm targets. Online device resizing is also possible, e.g. if you use dm-crypt on top of a logical volume. There might perhaps even be LVM or EVMS support for device encryption in the future.

Huawei Router B311221 Unlock Firmware Exclusive -

A solid red light usually indicates an incompatible firmware version or a failed flash. You must repeat the USB pinout method to flash a compatible firmware repair package.

This is widely considered the safest method, as it involves no firmware changes.

Power the device off for 30 seconds and then back on to clear the temporary cache.

Flashing firmware can damage your router if done incorrectly. Proceed with caution and ensure the router is not turned off during the process. Risks and Precautions

Select your computer’s network card from the network adapter dropdown list.

If your router's default firmware allows manual code entry, an IMEI unlock is the safest method as it does not carry any risk of bricking the device. Step 1: Locate Your Router's IMEI A solid red light usually indicates an incompatible

: Navigate to 192.168.8.1 in your browser and log in with your admin credentials.

If you have installed custom firmware, you can now explore the advanced features, such as enabling Telnet, setting up ad-blocking, or configuring a VPN. Power the device off for 30 seconds and

These tools often require a paid license (like credits for DC-Unlocker) but offer a graphical interface or straightforward command-line instructions.

hardware, explains the advantages of flashing modded exclusive firmware, and provides a clear walkthrough for safely unlocking your router. 📊 Technical Profiles: Huawei B311-221 Huawei B311-221

Huawei Router B311221 Unlock Firmware Exclusive -

Uptodate page!

About

Download

Migration from cryptoloop and compatibility

Why

Huawei Router B311221 Unlock Firmware Exclusive -

Questions, suggestions, criticism?