Talk:SECURITY System Encryption DM-Crypt with LUKS
From Gentoo Linux Wiki
[edit] ToDO
- Peer review of init script
- LVM support
- RAID support
- steganography support -- to retrieve hidden key(s)
- PKCS#11 cryptographic token support
- suspend2 filewriter support
- Add examples for other partitions beside root
- /etc/conf.d/cryptfs
- How to handle decryption of several partitions ?
- One way is having keyfiles stored on root
- Another way could be editing cryptfs implementation scripts to support retrieving keys from removable media, and having all keys encrypted in a gpg protected file.
- Fix some bugs/issues in the init script
- grub problem
[edit] Added example for automatic mounting of /home at startup
I've added an example (from my setup) of how to automatically mount /home at startup. I think this is needed as I found it confusing using /etc/conf.d/cryptfs, since the examples don't clearly indicate where to specify the underlying device or the mount point. It required me to trawl through the scripts to understand how they work. It is very simple though and anyone seeing the new example should be able to do it easily.
You could remove your note about whether it works for other encrypted volumes, in addition to swap and tmp. It does, my /home now mounts every boot :) Also note that I'm using serpent-cbc-essiv:sha256, so it also works with other ciphers. I didn't remove the note as requested in the discussion page, but rather posted here.
[edit] Re: Added example for automatic mounting of /home at startup
Thank you,
It's quite clear now, the cryptfs's implementation depends on the user passing the type argument and the fact that cryptsetup ignores the incorrect options assigned at line 20:
: ${options:='-c aes -h sha1'}
They could have added an if test to check whether the device is luks or not by using the isLuks option earlier, this avoids the incorrect options without depending on the user to supply options=' ' to workaround it.
Perhaps I'm missing something here, mm, don't know.
I knew about the error in the example cryptfs file that ships with cryptsetup, but I figured everybody would notice it and would get fixed soon, I guess I was wrong.
Somebody should post a bug about it.
Anyway, thanks.
Regards,
Reikinio 09:29, 29 May 2006 (UTC)
[edit] gnupg latest version 1.9.21 lacks the static flag
Gnupg latest version in portage no longer contains the static ebuild flag. Information here: http://gentoo-portage.com/app-crypt/gnupg
You must use version 1.4.4 of gnupg for this use flag. Under the heading GnuPG users: building statically linked gpg you should change echo "app-crypt/gnupg static" >> /etc/portage/package.use && emerge gnupg to USE="static" emerge -av =gnupg-1.4.4. This will then emerge version 1.4.4 statically..
Without it users will emerge the current version without the static flag and recive an error when building the iniramfs from the script.
Error: file /usr/bin/gpg not statically linked!
or not a valid executable.
This is just my opinion as i ran into that problem.. thanks
12:23, 6th of August 2006
[edit] Re: gnupg latest version 1.9.21 lacks the static flag
Thank you, changed the emerge command and wrote a note about it in the document.
Reikinio 18:14, 10 August 2006 (UTC)
gnupg-1.4.7-r1( 1.4.8-r1 is hard masked ) is currently the latest gnupg that supports the static build flag and is not hard masked. As 1.4.4 is no longer in portage I would recommend it is changed in the main document. -Mad 2:29, 5 February 2008 (EST)
[edit] DM-Crypt vulnerable to watermark attacks
I just found this LINK:http://mareichelt.de/pub/texts.cryptoloop.php (Why Mainline Cryptoloop Should Not Be Used)
I'd like to use an encrypted system, but it should be safe then. I don't know if the link still matters today. Maybe someone can check it out.
Thanks,
Calvin
luks doesn't utilize the cryptoloop device so this doesn't conflict with this guide. this guide uses the dm-crypt mapping not cryptoloop :D
[edit] Re: DM-Crypt vulnerable to watermark attacks
AFAIK using linux kernel > 2.6.10 and ESSIV should prevent it.
You might find more information in dm-crypt mailing list archives.
Reikinio 00:04, 25 August 2006 (UTC)
[edit] No guide on how to use uClibc
The guide recommend uClibc but doesn't provide any instructions on how to go about doing that.
I checked out the support thread over in the gentoo forums and found some information about this on the first post of page 5.
I tried the directions in the post but it didn't work out for me however at least it is a starting point. --Hadees 19:04, 25 September 2006 (UTC)
IMHO, uClibc should be removed from this HowTo. glibc works great, is much easier to use and the ramdisk gets freed anyway. Why should we use a tiny C library then?
[edit] too much details
your article contains to much details and it is therefore quite difficult to follow all steps. Things that are no so important should be moved to an appendix.
[edit] Supplement to "Filling the disk with random data"
DBAN might worth to be noted there.
[edit] Supplement TWO for "Filling the disk with random data"
what even works faster and is total secure [or as secure as luks ;-)] is to open the luksformated device and dd zero to it; the dm-crypt layer will encrypt that and this works even faster than /dev/urandom!
cryptsetup luksFormat ...... /dev/xyz
cryptsetup luksOpen /dev/xyz xyz
dd if=/dev/zero of=/dev/mapper/xyz
this is my way of doing the preparation; on a 1ghz pIII ~12h for 300GB
Isn't here the Problem that you are (very) vulnerable to a known plaintext attack?
[edit] Error: root missing.
A lot of people seem to be getting "Error: root missing." as an error after going through the guide. And the support thread on forums.gentoo.org there has been no reponse to this problem.
--Hadees 19:53, 20 November 2006 (UTC)
Yes, there is a answer in the thread.
And it says to change the init script, the whole parse_cmdl_args() function, as shown here:
parse_cmdl_args() {
local x
CMDLINE=`cat /proc/cmdline`
for param in $CMDLINE; do
case "${param}" in
rescue)
gv_shell_checkpoint=1
;;
root=*)
gv_root_device="${param##*=}"
;;
ro)
gv_root_mode="ro"
;;
splash=*)
gv_splash_theme="`echo "${param}" | sed 's/.*theme://' | sed 's/,.*//'`"
[ -n "`echo ${param} | grep silent`" ] && gv_splash_silent=1
;;
CONSOLE=*)
gv_splash_console="${param##*=}"
;;
is2)
# check if booting with noresume2
if [ -z "`grep noresume2 /proc/cmdline`" ]; then
gv_active_suspend2=1
else
gv_active_suspend2=0
fi
;;
ikmap=*)
gv_kmap="`echo "${param}" | cut -d'=' -f2 | cut -d':' -f1`"
gv_font="`echo "${param}" | cut -d':' -s -f2`"
;;
ichkpt=*)
gv_shell_checkpoint="${param##*=}"
;;
iswap=*)
gv_swap_device="${param##*=}"
;;
ikey_root=*)
x="${param##*=}"
gv_key_root_filepath="${x##*:}"
gv_key_root_mode="${x%%:*}"
x="${x%:*}"
gv_key_root_device="${x##*:}"
;;
ikey_swap=*)
x="${param##*=}"
gv_key_swap_filepath="${x##*:}"
gv_key_swap_mode="${x%%:*}"
x="${x%:*}"
gv_key_swap_device="${x##*:}"
;;
esac
done
}
Alinefr 03:08, 10 December 2007 (UTC)
[edit] bug in the init script (not load modules)
bug in the init script (not load modules)
at line 246:
Codice:
modprobe_group() {
local lv_group="$1"
local lv_mod
if [ -f "/etc/modules/${lv_group}" ]; then
for mod in `cat "/etc/modules/${lv_group}"`; do
modprobe "${lv_mod}" > /dev/null 2>&1
done
fi
}
Codice:
246: for mod in `cat "/etc/modules/${lv_group}"`; do
it should be
Codice:
246: for lv_mod in `cat "/etc/modules/${lv_group}"`; do
with this it load modules.
Nilo
[edit] New suspend2 path
For newer suspend2 versions path is /sys/power/suspend2/, not /proc/suspend2/.
[edit] RAID Support
It would be awesome if someone could invest some time and energy to let RAID work with all this. I think an encrypted root filesystem on a RAID 1 storing the key for the encrypted RAID 5 disks with all your data would be something really nice. ;)
I am implementing RAID,LVM2,EVMS currently and will update /init soon. --Likewhoa 04:01, 8 October 2007 (UTC)
Way to create software RAID: http://forums.gentoo.org/viewtopic-p-4956806.html#4956806
[edit] Badblocks unnecessary
If you always shred/urandom-dd the harddrive, why do you need the badblocks check before? Its only purpose is to let the harddrive reallocate the bad blocks automatically if I understood correctly.
[edit] Badblocks insecure
Here's an example
If you write to a device with the command...
/sbin/badblocks -c 10240 -s -w -t random -v /dev/loop0
... or somthing similar as recommended in many places.
Then...
xxd /dev/loop0
---SNIP---
002e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P..
002e810: 1a18 a663 0b58 0e53 054f b72f 8058 d7a1 ...c.X.S.O./.X..
002e820: a4f8 b5a5 c74e 0bf9 a11e 447b 6edd 5888 .....N....D{n.X.
002e830: f5fe ec00 56fa 535c 490b 8bc9 6363 6b07 ....V.S\I...cck.
002e840: 5b20 ac22 6eb7 1c0f d560 8a43 3de2 cc32 [ ."n....`.C=..2
002e850: e0b8 3236 b286 92fc 911e c5f4 8130 fbdc ..26.........0..
002e860: 50a7 ffbe 5f1b cd34 7b57 78b8 3944 ea19 P..._..4{Wx.9D..
002e870: fc1c 50ae a2e2 aa33 0070 2781 a022 5ef1 ..P....3.p'.."^.
002e880: ca5d af29 787d 5df3 d4d5 ab0e 1995 2715 .].)x}].......'.
002e890: b177 c454 5a6e 875a deaf dc7f d13a 709b .w.TZn.Z.....:p.
---SNIP---
Then... looking for the data at 0x002e800...
xxd /dev/loop0 | grep "214c 2113 01ce 9965 3253 134a da50 99dd"
You'll get
---SNIP--- 002e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 0a2e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 142e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 1e2e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 282e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 322e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 3c2e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 462e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 502e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 5a2e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 642e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. 6e2e800: 214c 2113 01ce 9965 3253 134a da50 99dd !L!....e2S.J.P.. ---SNIP---
Tell me if I'm wrong, but that kinda seems to defeat the purpose of randomizing the HDD
[edit] Swsusp2
Is the script in the article working if you plan on using swsusp2 and not having a swap partition but a file for it (stored on the root partition)?
[edit] New init script
the new init script http://wiki.suspend2.net/EncryptedSwapAndRoot is it a drop in replacement for the old script? it isn't very clear
that init script uses loop-aes which is not supported in Gentoo linux. cryptoloop will die eventually. --Likewhoa 04:03, 8 October 2007 (UTC)
It works: dmcrypt is the key word, and there is a bug with the gpg thing: --log-file should be --logger-file. Tm
[edit] Kernel option moved
Hi, the option "Initial RAM disk (initramfs/initrd) support" has been moved from Block devices to General setup. Maybe somebody can change that.
[edit] Bug in dm-crypt-start.sh when using gpg encrypted keys
cryptsetup-luks-1.0.3-r3 has a bug in the init scripts that prevents the reading of gpg passphrases from stdin when key="/path/to/keyfile:gpg" is configured in /etc/conf.d/cryptfs. I have added "--key-file -" to the cryptsetup options but that did not help. With this option the manual call of this script through /etc/init.d/checkfs stop/start is successfull, but does not fix the bug while booting. I have found a similar report on irc, but no solution yet:
I have some problems with dmcrypt and the init scripts. When I boot, checkfs calls cryptsetup which creates the device mappings. But I have to enter my passphrase somewhere, and it seems that no data from stdin reaches cryptsetup so the system just hangs halfways into the boot
[edit] Split
This page is too long. It is hard to navigate, I suggest splitting with an index page. --AnMaster 08:01, 22 October 2007 (UTC)
[edit] Performance
As the performance-link points to a broken wiki, we might as well collect some data here. Is someone knowledgeable enough to write a test script for different ciphers and key lengths?
Values for -c aes-cbc-essiv:sha256 -s 256:
AMD Athlon 1400: CPing a 700MB file from LUKS to /dev/null takes 40 seconds (thats 17.5 MB/s). DDing 719MB of /dev/zero onto the same LUKS partition takes 35 seconds, that makes almost 21MB/s.
Intel Core2 CPU 6600 @ 2.40GHz: DDing 700MB from /dev/zero to LUKS takes 10.7 seconds CPing 700MB from LUKS to /dev/null takes 10.3 seconds That makes almost 70MB/s, and both CPUs are saturated during en/decryption.
AMD Athlon64 X2 4600+ (2.4 GHz): 734003200 bytes (734 MB) copied, 10.7456 s, 68.3 MB/s
[edit] Update busybox and explain how to create busybox.links and the applets file
The current version of busybox is 1.9.1 and the config menu differ a bit from 1.2.1. Maybe the document could be updated to a recent version of busybox.
Version 1.9.1 of busybox doesn't seems to create busybox.links automatically. It should be mentioned how to do it:
# make busybox.links
Can't find or download from the site provided any applets file. As I couldn't get an answer created mine with (don't know if this ok):
# sed 's/\/bin\///g;s/\/sbin\///g' busybox.links > applets
Please explain how to generate this file. I have an unanswered post about this on the support thread
noisebleed 18:22, 3 March 2008 (UTC)
