| View previous topic :: View next topic |
| Author |
Message |
grae
n00b
Joined: 09 Apr 2007
Posts: 4
|
 Posted: Sun Oct 12, 2014 11:16 pm Post subject: Gentoo w/ Native Hardware Full Disk Encryption? |
 |
|
Anyone here like running with scissors? Stupid question. Everybody does! 
I've spent a little longer than I care to admit, coding up a small library and associated console tools to talk to TCG Opal compatible self-encrypting hard drives.
What's Opal? It's a rather large and unwieldy standard. Though, the short version is that it's an advanced set of security features that allow you to do all sorts of neat things including:
- Zero CPU overhead hardware cryptography
- Secure cryptographic wipe (Only a few seconds for TiB size drives)
- Individually lockable data partitions
- Secure pre-boot environments which resist bootkits and evil maids, and vanish on boot
TCG Opal is also one of the standards chosen as part of Microsoft eDrive standard, and is used by BitLocker for full disk encryption. Note that if BitLocker attaches to this interface (automatic in Windows 8 ), a format will NOT uninstall it. Most newer SSD's will natively sport these interfaces, so getting rid of Windows in the future could be a real pain.
This is where my little project steps in. It's a Linux native toolset that can talk to this interface, manipulate it's features, and restore a drive to original factory state when done. It's a functional alpha at best, and I plan to rewrite most of it. However, it works and I think it's the first of it's kind published. I figured it'd be fun to play with for the do-it-yourself-ers that helped me build my skills. Keep in mind not everything's properly documented, and there are no safeties. It's the best kind of dangerous, really.
The code is currently published on github, though you'll need an Opal compatible SATA drive to do anything with it. Your drive's documentation should say if it's supported. If not, check the label on the side for a 32 character PSID. If it's there, you're in luck.
If not, and you want to buy a supported drive, I'd suggest a Seagate Momentus Thin FDE, or Samsung 840 EVO / 850 Pro. The Crucial M500 / M550 seems to work, but I've seen it bug out before, and wouldn't use it for anything important.
Though the documentation's a bit poor at the moment, there's an overview that should walk you through checking out the code, building it, and running it. Hopefully you'll be twisting knobs and throwing levers like you were in Operating Impending Doom 1.
For example, here's some debug from my Seagate ST500LT025. It should give you an idea of what's available to play with.
| Code: | topaz-alpha$ sudo ./build/tp_admin -vvv /dev/sdc login
Probe libata configuration
Opening /dev/sdc ...
Probe ATA Identify
Serial: W0VHEBKA
Firmware: 0001SDM7
Model: ST500LT025-1A5142
Verifying ATA support
Searching for TPM Fingerprint
Probe TPM Security Protocols
(0x00) Security Protocol Discovery
(0x01) TCG Opal
(0x02) TCG Opal
(0xee) IEEE P1667
Establish Level 0 Comms - Discovery
Level0 Size: 192
Level0 Version: 0 / 1
Feature 0x0001 v1 (12 bytes): Trusted Peripheral (TPer)
Sync: 1
Async: 0
Ack/Nak: 0
Buffer Mgmt: 0
Streaming: 1
ComID Mgmt: 0
Feature 0x0002 v1 (12 bytes): Locking
Supported: 1
Enabled: 0
Locked: 0
Media Encryption: 1
MBR Enabled: 0
MBR Done: 0
Feature 0x0203 v1 (16 bytes): Opal SSC 2.0
Base ComID: 2046
Number of ComIDs: 2
Range cross BHV: 0
Max SP Admin: 4
Max SP User: 16
C_PIN_SID Initial: C_PIN_MSID
C_PIN_SID Revert: C_PIN_MSID
Feature 0x0201 v1 (12 bytes): Single User Mode
Locking Objects Supported: 16
Single User Presence: None
Ownership Policy: Admin
Feature 0x0202 v1 (12 bytes): Additional DataStore Tables
Max Tables: 16
Max Table Size: 52428800
Table Align: 4096
Feature 0xc001 v1 (24 bytes): Vendor Specific
Feature 0x0003 v1 (28 bytes): Geometry Reporting
Align Required: 1
LBA Size: 512
Align Granularity: 8
Lowest Align: 0
Reset ComID 0x7fe
Completed
Establish Level 1 Comms - Host Properties
Opal Call: 0:ff.0:ff01[]
Opal Return : 0:ff.0:ff01[['MaxMethods' = 1(u), 'MaxSubpackets' = 1(u), 'MaxPacketSize' = 17388(u), 'MaxPackets' = 1(u), 'MaxComPacketSize' = 17408(u), 'MaxResponseComPacketSize' = 17408(u), 'MaxSessions' = 1(u), 'MaxIndTokenSize' = 17352(u), 'MaxAuthentications' = 24(u), 'MaxTransactionLimit' = 1(u), 'DefSessionTimeout' = 0(u), 'MaxSessionTimeout' = 0(u), 'MinSessionTimeout' = 0(u), 'DefTransTimeout' = 0(u), 'MaxTransTimeout' = 0(u), 'MinTransTimeout' = 0(u), 'MaxComIDTime' = 0(u)]]
Received 17 items
Max ComPkt Size is 17408 (34 blocks)
Opal Call: 0:ff.0:ff02[15986(u), 205:1, 1(u)]
Opal Return : 0:ff.0:ff03[15986(u), 4294966316(u)]
Anonymous Session fffffc2c:3e72 Started
Opal Call: b:8402.6:16[[3(u) = 3(u), 4(u) = 3(u)]]
Opal Return : [[3(u) = 'MHPV16XU9H2AMDK8KTQV4TD09AZFQE92']]
Stopping TPM Session fffffc2c:3e72
Opal Call: 0:ff.0:ff02[15986(u), 205:1, 1(u), 0(u) = 'MHPV16XU9H2AMDK8KTQV4TD09AZFQE92', 3(u) = 9:6]
Opal Return : 0:ff.0:ff03[15986(u), 4294966317(u)]
Authorized Session fffffc2d:3e72 Started
Login credentials OK
Stopping TPM Session fffffc2d:3e72 |
And an idea of how fast the crypto wipe occurs ...
| Code: | topaz-alpha$ time sudo ./build/tp_wipe /dev/sdc
real 0m7.575s
user 0m0.006s
sys 0m0.008s |
Have fun! Just pay attention to the warnings in the quickstart, and don't try it on a drive with any of your important stuff on it. |
|
| Back to top |
|
 |
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Mon Oct 13, 2014 8:18 am Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? |
|
|
| grae wrote: | TCG Opal is also one of the standards chosen as part of Microsoft eDrive standard, and is used by BitLocker for full disk encryption. Note that if BitLocker attaches to this interface (automatic in Windows 8 ), a format will NOT uninstall it. Most newer SSD's will natively sport these interfaces, so getting rid of Windows in the future could be a real pain.
This is where my little project steps in. It's a Linux native toolset that can talk to this interface, manipulate it's features, and restore a drive to original factory state when done. It's a functional alpha at best, and I plan to rewrite most of it. However, it works and I think it's the first of its kind published. |
Nice work :-)
I don't have a drive it would work with, but I'm a bit wary of the TPM aspect. It seems that might open us up to other "DRM" on the platform?
| Quote: | And an idea of how fast the crypto wipe occurs ...
| Code: | topaz-alpha$ time sudo ./build/tp_wipe /dev/sdc
real 0m7.575s
user 0m0.006s
sys 0m0.008s |
|
Well I appreciate that's fast, but it strikes me a bit like the "btrfs can fill up a TB drive in 4 seconds" (or w/e it was) claim; not that useful in the overall scheme of things.
| Quote: | | Just pay attention to the warnings in the quickstart, and don't try it on a drive with any of your important stuff on it. |
(Leaving that there as it's important)
Do you have any links to documentation about the underlying technology? |
|
| Back to top |
|
|
grae
n00b
Joined: 09 Apr 2007
Posts: 4
|
| Posted: Mon Oct 13, 2014 1:30 pm Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? |
|
|
| steveL wrote: | | I'm a bit wary of the TPM aspect. It seems that might open us up to other "DRM" on the platform? |
Understandable concern. Though in this case, the TPM provides drive authentication and key management services. Once we take control of it, it works for us. Also, it doesn't start doing anything that we don't ask it to.
| steveL wrote: | | Well I appreciate that's fast, but it strikes me a bit like the "btrfs can fill up a TB drive in 4 seconds" (or w/e it was) claim; not that useful in the overall scheme of things. |
If btrfs is anything like ext4 (which I think they're done by the same guy), it's doing background inode allocation. The filesystem may span the whole drive, but not all blocks have been touched.
Crypto wipe occurs by changing the encryption key used for all the data on the drive, effectively randomizing everything. And I do mean mean everything, including bad and reallocated blocks. Disassembling a scrambled drive will give you the encrypted data, but the key to use it is long since gone.
| steveL wrote: | | Do you have any links to documentation about the underlying technology? |
There's hundreds of pages of documentation. Most of it isn't terribly useful, and I'm still trying to make heads or tails of some of the tables. Though there's a few that I might start with, for the interested.
First, the TCG has a Storage Working Group (SWG) which has defined a core specification which defines a binary syntax for TPM communication, packet encoding, and simple interactions with a session manager for creating authenticated login sessions.
Second, SWG has defined Opal which builds on the core specification, and provides functions and capabilities for multiple users, access control lists, a half dozen other things I haven't implemented.
Though the best is probably the Opal application note which contains annotated examples of some simple TPM interations, and what the results of those should be. This includes a description of the operation, high level pseudocode of the communications (the syntax), and the raw ATA packets which are being sent back and forth (broken down to each item and their encoding, no less). |
|
| Back to top |
|
|
Roman_Gruber
Advocate
Joined: 03 Oct 2006
Posts: 3846
Location: Austro Bavaria
|
| Posted: Mon Oct 13, 2014 3:27 pm Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? |
|
|
| grae wrote: |
TCG Opal is also one of the standards chosen as part of Microsoft eDrive standard, and is used by BitLocker for full disk encryption. Note that if BitLocker attaches to this interface (automatic in Windows 8 ), a format will NOT uninstall it. Most newer SSD's will natively sport these interfaces, so getting rid of Windows in the future could be a real pain.
|
Well who trusts Microsoft, sitting near the NSA?
I doubt that a firmware update / upgrade / downgrade will prevent the drive to get fully formatable again.
Another attempt from that company to lock out other OS. they started with the bios and the signed operation system idea and now they try on the other way around.
do not believe that any software used in ms windows will be NSA safe.
do not trust that any hardware encryption chip does not have a hidden backdoor or feature to unencrypt it quite fast on the fly.
do not trust your bios(sigh, ...) |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Mon Oct 13, 2014 9:56 pm Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? |
|
|
| grae wrote: | | steveL wrote: | | I'm a bit wary of the TPM aspect. It seems that might open us up to other "DRM" on the platform? |
Understandable concern. Though in this case, the TPM provides drive authentication and key management services. Once we take control of it, it works for us. Also, it doesn't start doing anything that we don't ask it to. |
Ok yeah, I see; it's only on the libata component: libata.allow_tpm=1
I'd still like to see an assessment of that from a black-hat ;)
| Quote: | | If btrfs is anything like ext4 (which I think they're done by the same guy), it's doing background inode allocation. |
No they're not; Ted T'so (MIT) is the ext2/3/4 developer; Chris Mason (Oracle) is the btrfs guy.
Not that it matters.
| Quote: | | Crypto wipe occurs by changing the encryption key used for all the data on the drive, effectively randomizing everything. And I do mean mean everything, including bad and reallocated blocks. Disassembling a scrambled drive will give you the encrypted data, but the key to use it is long since gone. |
Oh I see; so it just overwrites the key?
Surely it doesn't reencrypt everything? (That would take a lot more time, I'd imagine.)
| Quote: | There's hundreds of pages of documentation. Most of it isn't terribly useful, and I'm still trying to make heads or tails of some of the tables. Though there's a few that I might start with, for the interested.
...
Though the best is probably the Opal application note which contains annotated examples of some simple TPM interations, and what the results of those should be. This includes a description of the operation, high level pseudocode of the communications (the syntax), and the raw ATA packets which are being sent back and forth (broken down to each item and their encoding, no less). |
Nice one, thanks. |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Mon Oct 13, 2014 9:58 pm Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? |
|
|
| tw04l124 wrote: | do not believe that any software used in ms windows will be NSA safe.
do not trust that any hardware encryption chip does not have a hidden backdoor or feature to unencrypt it quite fast on the fly.
do not trust your bios(sigh, ...) |
and do not trust the mass of components in your box which were manufactured God-knows-where.. ;)
and never, ever trust a phone. |
|
| Back to top |
|
|
grae
n00b
Joined: 09 Apr 2007
Posts: 4
|
| Posted: Tue Oct 14, 2014 1:15 am Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? |
|
|
| steveL wrote: | | Ok yeah, I see; it's only on the libata component: libata.allow_tpm=1 |
As far as I know, that's actually in response to TCG guidance that users should be able to disable the TCG featureset, so the Linux kernel filters that command set by default. It's an opt-in process, saying you want to use those commands. Ticking that flag doesn't actually change anything in the drive, just allows the drive to see those commands and respond to them. The kernel actually has an interesting note about it as seen here.
| steveL wrote: | | No they're not; Ted T'so (MIT) is the ext2/3/4 developer; Chris Mason (Oracle) is the btrfs guy. |
Hrm, thought Ted Tso did both. Will defer to you.
| steveL wrote: | | Surely it doesn't reencrypt everything? (That would take a lot more time, I'd imagine.) |
There's actually a re-encrypt method you can call in the documentation, that you describe. Though it's not clear to me how you use it, or what purpose it serves. I don't use it, that's for sure. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
