[Support] System Encryption DM-Crypt with LUKS

[Reikinio]

Support thread for: System Encryption DM-Crypt with LUKS
http://gentoo-wiki.com/SECURITY_System_ ... _with_LUKS

[rainbow flag]

Well,

since i am a linux-newbie i have no idea of the most things related to linux, to gentoo, to encryption and to LUKS.

but i tried to create an encrypted root partition (mostly) like this tutorial ( http://gentoo-wiki.com/SECURITY_System_ ... _with_LUKS / http://forums.gentoo.org/viewtopic-t-37 ... a7199c4b5f ) explained.

doing so, i encountered the following problems:

1. after reboot and entering the correct LUKS passphrase

Code: Select all

 
...
Enter LUKS passphrase:
failed to setup dm-crypt mapping
failed to read from key storage
Command failed: No key available with this passphrase
mount: special device -dev-mapper-root does not exist
umount: /root: not mounted
Command failed: no such device
Enter LUKS passphrase:

2. The tutorial explains about linuxrc "Basically its job will be to set up dm-crypt, ..."; but i really do not understand where this script does so. So i decided to try to solve this by inserting dm-crypt and dm-mod modules (just like it is explained here: http://wiki.blagblagblag.org/Encrypting ... ate_initrd ): so i copied dm-crypt.ko, dm-mod.ko and insmod to the initrd and added

Code: Select all

insmod /modules/dm-crypt.ko
insmod /modules/dm-mod.ko

to linukrc. The result was

Code: Select all

insmod: error inserting `dm-crypt.ko`: -1 Unknown symbol in module

and dmesg told

Code: Select all

dm_crypt: Unknown symbol dm_put_device
dm_crypt: Unknown symbol dm_unregister_target
dm_crypt: Unknown symbol dm_register_target
dm_crypt: Unknown symbol dm_table_get_mode
dm_crypt: Unknown symbol dm_get_device
device-mapper: 4.4.0-ioctl (2005-01-12) initialized: dm-devel@redhat.com

And of course the first problem persisted.

Since searching the web for (parts of) this dmesg output does not result anything (but some strange recomendations like "recompile your kernel..." and so on), i am now out of ideas.

can anyone help me?

...thx in advance...

[Reikinio]

Hi,
You're probably following the guide, right? if so, please do not skip steps unless you know exactly what you're doing, for example if you're going to differ from the initrd showed in the guide, do so with care. I highly recommend however that you follow step by step the guide, it's not hard to understand.

1. after reboot and entering the correct LUKS passphrase

Code: Select all

Enter LUKS passphrase:
failed to setup dm-crypt mapping
failed to read from key storage
Command failed: No key available with this passphrase
mount: special device -dev-mapper-root does not exist
umount: /root: not mounted
Command failed: no such device
Enter LUKS passphrase:

1)
Well, did you included the necessary kernel options?
http://gentoo-wiki.com/SECURITY_System_ ... figuration
Note: Compile them into the kernel and not as modules, if you however decide to compile them as modules, then you'll have to edit 'linuxrc' in order to load the modules before trying to luksOpen the partition.
Make sure you include the necessary ciphers as well.
2) Did you created the nodes yourself inside the initrd or you used the script ?

Check the two things I mentioned above

2. The tutorial explains about linuxrc "Basically its job will be to set up dm-crypt, ..."; but i really do not understand where this script does so. So i decided to try to solve this by inserting dm-crypt and dm-mod modules (just like it is explained here: http://wiki.blagblagblag.org/Encrypting ... ate_initrd ): so i copied dm-crypt.ko, dm-mod.ko and insmod to the initrd and added
Code:

insmod /modules/dm-crypt.ko
insmod /modules/dm-mod.ko

to linukrc. The result was
Code:

insmod: error inserting `dm-crypt.ko`: -1 Unknown symbol in module

and dmesg told
Code:

dm_crypt: Unknown symbol dm_put_device
dm_crypt: Unknown symbol dm_unregister_target
dm_crypt: Unknown symbol dm_register_target
dm_crypt: Unknown symbol dm_table_get_mode
dm_crypt: Unknown symbol dm_get_device
device-mapper: 4.4.0-ioctl (2005-01-12) initialized: dm-devel@redhat.com

Again, it is best to compile dm-crypt and device-mapper into the kernel instead of modules, i will add this to the guide to avoid confusion.

Bottom line, either re-start your installation from scratch(this time follow the guide), or boot up with your livecd, luksOpen it from there, recompile your kernel, fix the initrd(do it the way it is posted on the guide), and double check everything is in place.

Any doubts? questions ?
Let me know how it went

[rainbow flag]

okay, thanks.

i will try to insert some ciphers via insmod an if this won't work, i'll check the configuration of the kernel and recompile it.
this may take some time, but i'll let you know, if it worked and how it went.

I highly recommend however that you follow step by step the guide, it's not hard to understand.

my thought was: i have (temporarily, untill the root-encryption works) a second unencrypted root-partition wich is compiled exactly like the encrypted one. and from this system i can open/encrypt/mount the encrypted partition without any problems. so i thought, this should work from the initrd as well if i include the right modules.

Did you created the nodes yourself inside the initrd or you used the script ?

i tried to use the script, which didn't work. so i replaced the script by one, that only checks for procfs and devfs and

Code: Select all

 mknod --mode=600 /dev/mapper/control c 10 63 

just to see if it works - and it does. (at least there is no error message.)

insmod: error inserting `dm-crypt.ko`: -1 Unknown symbol in module

this problem can be solved by inserting dm-mod.ko before dm-crypt.ko (as i figured out in the meantime) but this does nothing to solve the first problem.

...thx

[Reikinio]

rainbow flag,
If building the initrd is too much work for you, or you just don't want to do it, you can let genkernel-luks build it for you instead, http://luks.endorphin.org/gentoo

http://gentoo-wiki.com/Talk:SECURITY_Sy ... _with_LUKS

[totengraeber]

The genkernel ebuild on luks.endorphin.org is pretty old and dont works with udev (at least for me) that means you have to create the devnode for your hdd manualy (ugly hack) or you have to use devfs (even uglier). I use a customized genkernel 3.3.5 to build my initramfs with udev enabled and it works reasonably well:)

[rainbow flag]

thx; problem solved. everything works fine now.

adding

Code: Select all

 insmod /modules/aes-i586.ko 

to the linuxrc script helped. now, that script looks like this

Code: Select all

...
umount -n /proc
insmod /modules/aes-i586.ko
insmod /modules/dm-mod.ko 
insmod /modules/dm-crypt.ko 
loadkeys ...

thank you for your help, especially of course Reikinio.

If building the initrd is too much work for you

no, it is not; only, recompile the kernel, reconfigure the system, and so on would have been really inconvenient.

[mprange]

Hi,

first at all, thanks for the Wiki.

I follow every step and get the problem

Code: Select all

Enter LUKS passphrase:
failed to setup dm-crypt mapping
failed to read from key storage
Command failed: No key available with this passphrase
mount: special device -dev-mapper-root does not exist
umount: /root: not mounted
Command failed: no such device 

checking your FAQ and the luks-Mailinglist, I get a few hints but nothing helped me.

But after I disable the linuxrc-script and compiled also the SHA256 crypto in, I have success in mounting root .

Switching back to the default linuxrc, I get the error again. So I compare my linuxrc with this in your Wiki and I see that /proc is still mounted when I tried to cryptosetup root. So I disable it in your script and my gentoo boots.

So I think when you add this in your FAQ it could help more linux noobs like me.

By the way, could anybody tell me, why this changed ?

[Reikinio]

Hi there,

But after I disable the linuxrc-script and compiled also the SHA256 crypto in, I have success in mounting root .

What are you exactly trying to say in this line? what do you mean by "after I disable the llinuxrc-script" ? You need that script to boot your system, otherwise you won't be able to decrypt the root partition
So what line did you comment in the linuxrc script ? did you unmounted proc later in the script ?

Also, And very important, if you used sha256 when you created the mapping, then sha256 must be compiled into the kernel, otherwise it will fail, with the error you posted above, the wiki FAQ says this, and so does the LUKS site.
Remember, all the ciphers you use must be built into the kernel(You can build them as modules, but it is simpler and better not to).

Could you post here the diff between your linuxrc script and the one posted in the wiki ? together with the ciphers you used and the relative kernel configuration.

Oh, and congratulations for successfully encrypting your / partition

Regards,

[mprange]

Hello,

ok I write the message fast and when you tried so long to get it work you miss some "little" details.

I trying to say

cp linuxrc linuxrc_backup

and changing linuxrc to the following code

Code: Select all

#!/bin/sh
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
# Filter kernel messages on boot
dmesg -n 1
haltme() {
b=0
while [ "$b" = 0 ]
 do
 sleep 60
done
}
mount -t proc none /proc
CMDLINE=`cat /proc/cmdline`
exec /bin/sh

because I want to proof /dev for the right nodes and /proc for the right cipher

The problem with the sha256 was, that I do copy and paste from your Wiki, so I do not see

cryptsetup --verbose -y luksFormat --cipher serpent-cbc-essiv:sha256 --key-size 256 /dev/sda3

and tried first a kernel only with the serpent cipher.

Now I use the serpent, blowfish for swap and the sha256 cipher compiled in the kernel.

And I changed the linuxrc like this

Code: Select all

#!/bin/sh
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
# Filter kernel messages on boot
dmesg -n 1
haltme() {
b=0
while [ "$b" = 0 ]
 do
 sleep 60
done
}
mount -t proc none /proc
CMDLINE=`cat /proc/cmdline`
## Create /dev/mapper/control nod for udev systems     # Only if you choosed
#sh devmap_mknod.sh                                  # to use devmap_mknod

#umount -n /proc  =========>>>add  #

## loadkeys                    # Only for international users, 
#loadkeys ./es-cp850.map.gz
# correct password while loop
c=0
while [ "$c" != 5 ]
 do
 cryptsetup luksOpen /dev/sda3 root 
 mount -t ext3 /dev/mapper/root /root

 umount -n /proc  # ========>>>>> newline

 if [ "$?" = 0 ]; then
  echo "Root Decrypted"
  break
 else
  umount /root
  cryptsetup luksClose root
  let c=$c+1
  if [ "$c" = 5 ]; then
   echo "Illegal Trasspassing attempted"
   echo "Halting..."
   haltme
  fi
 fi
--snapp

Thats right, the FAQ say's that all used cipher have to be compiled in the kernel, but I don't read the sha256 after serpent.

Hope I could answer your questions.

Next time I read the complete Wiki .

So the only change I made, was to umount /proc after I mounted root. Is the /proc needed by cryptsetup for the ciphers ??? This would explain it.

After trying for one year, first with crypto-loop, then with dm-crypt to crypt my hdd's and now I finished.

So thank you for the wiki.

Regards,

[Reikinio]

So the only change I made, was to umount /proc after I mounted root. Is the /proc needed by cryptsetup for the ciphers ??? This would explain it.

No, I don't think /proc needs to be mounted for cryptsetup execution, your problem was the ciphers, you didn't had sha256 builted in the kernel, yet you used it when you created the mapping, therefore it failed when you tried to decrypt it. That's way it all worked fine when you recompiled your kernel with sha256 builted in.
Unmounting /proc after executing cryptsetup is not needed, but it doesn't hurt either, so there is no need to change your linuxrc script.

Regards,

[Reikinio]

Security Alert:
From the dm-crypt mailing list:

....
http://eprint.iacr.org/2005/271

This paper implements a side-channel attack on the AES implemention of
the Linux kernel via dm-crypt. That is, the encryption key is reveal to
any legal user of the system by probing the processor's cache after
about 800 read/write requests.

These kinds of attacks are quite new, and there is no clear answer how to
deal with them. I presume it will take a while before we see this gap
closed. For the moment: Don't use dm-crypt on systems where users can
write to disks for that they are not authorized to know the encryption
key.
....

[unixtroll]

The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing and virtualization

If I understand that sentence right, you would need access to the system via a user account for executing such unprivileged processes & exploiting the weakness.
Since this Thread is about System Encryption, meaning the whole disk (except /boot) is encrypted, there is no such way to exploit it, since the attacker doesn't even have a user account in the first place. If for example local agencies do a house search because you downloaded too many linux ISOs and find your pc shut down (i.e. not running with a user logged in) they will not be able to attack the encryption since they're also not able to gain user access.
Even if the PC is running at the time of a house search with a user logged in, the pigs will surely not start hacking for the decryption key right away, but instead shut it down, and try gaining access in their IT department later on, which I with these assumptions?
I hope I'm right with these assumptions?

[Reikinio]

Yes, I think you're right, at least I came to the same conlusion after reading it, so most of us don't have to worry about it.
I just posted it because it's interesting and to let others(that didn't knew about it) know about this.

Regards,

[rainbow flag]

Since this Thread is about System Encryption, meaning the whole disk (except /boot) is encrypted,

Sorry, i do not really understand which difference that makes. if i understood correctly, this kind of attack is possible, if the encrypted disk is opened and the attacker owns a process on the local machine - no matter if there are unencrypted disks/partitions as well. or did i understand something wrong?

We discuss in detail several such attacks on AES, and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux's dm-crypt encrypted partitions

The problem seems not to be luks- (but AES-) specific. Does that mean that any currently used partition encryption-methods are affected (since they are all AES-based, aren't they?)? Or are there any elliptic-curve-cryptographic-methods yet?

[unixtroll]

if i understood correctly, this kind of attack is possible, if the encrypted disk is opened and the attacker owns a process on the local machine - no matter if there are unencrypted disks/partitions as well. or did i understand something wrong?

But how is the attacker supposed to open the disk in the first place, if it is encrypted? IMO the only way to exploit this weakness is if you give an attacker a user account on your machine or if he gets physical access to it while it is still running - if the PC is powered off, he'll need to encrypt the disk first.

Now here's my problem:
Everything is working fine basically, except that i don't like to type passwords everytime at boot, but instead I'd like to store a keyfile on my USB-Stick (but don't want to boot completely from the USB-Stick).
So I make some device nodes in the initrd for my USB-stick which is on /dev/sdb1 (sda is my harddisk):

Code: Select all

ls -l /dev/sdb /dev/sdb1
brw-rw----  1 root disk 8, 16 Sep 10 11:25 /dev/sdb
brw-rw----  1 root disk 8, 17 Sep 10 11:25 /dev/sdb1
losetup /dev/loop0 myinitrd 
mount /dev/loop0 /mnt/initrd/
cd /mnt/initrd/
mkdir mnt/usbstick
cd /mnt/initrd/dev
mknod sdb b 8 16
mknod sdb1 b 8 17

and modify the linuxrc to this:

Code: Select all

#!/bin/sh
export PATH=/bin:/sbin

# Get cmdline from proc
mount -t proc proc /proc
CMDLINE=`cat /proc/cmdline`
umount /proc
loadkeys de-latin1

# Mount real root and change to it
sleep 1
mount -t vfat /dev/sdb1 /mnt/usbstick
cat /mnt/usbstick/root.key | cryptsetup luksOpen /dev/sda5 root
mount -t reiserfs /dev/mapper/root /root
cd /root
mkdir initrd
pivot_root . initrd

# Start init and flush ram device
exec chroot . /bin/sh <<- EOF >/dev/console 2>&1
umount initrd
rm -rf initrd
blockdev --flushbufs /dev/ram0
exec /sbin/init ${CMDLINE}
EOF

Problem is that i get a boot message saying that /dev/sdb1 is not a valid block device, so right now I've gone back to storing that key file inside the initrd, so I can at least boot.
I have USB Support, FAT & Codepage support compiled into the kernel (not as modules), and
i see some kernel messages prior to the error telling me a low speed USB device is found.

EDIT: After 12932 reboots i finally fixed the problem myself. I had to put a "sleep 12" instead of just "sleep 1" in the linuxrc file because the USB-Stick takes very long to be fully recognized by the kernel. I also added a "sfdisk -R /dev/sdb" after that, but I don't really know if that is necessary. Anyway it's all working fine now.

Btw. the syslinux approach from the Howto didn't work for me because syslinux has incompabilities with certain kinds of Promise ATA controllers (which I unfortunately have).

[Aszrael]

Thanks for this very nice guide.
Unfortunately I couldn't get my USB-Stick to boot (propably due to the funny BIOS on my old laptop).
Also I had probs making the device-node manually - so I used devmap_mknod

I decided to combine the scripts provided by Reikinio and unixtroll.

If no USB-Stick plugged, you get the chance to enter your password manually.
If you provide a keyfile on USB-Stick, the script will use it.
Wrong password/keyfile? No cookies!

Code: Select all

#!/bin/sh
############################################
#script by Aszrael
#based von scripts by Reikinio and unixtroll
#feel free to copy/modify/whatever you like
############################################
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
dmesg -n 1

#function to halt the system
stop()
{
b=0
while [ "$b" = 0 ]
do
echo ""
echo "you are out"
sleep 60
## if you work with 2 luks-passwords (eg slot0: very long pw from usb-key and
## slot1: rather weak pw to be entered without usb-key) you might want to add
## some extra security against bruteforcing by replacing "sleep 60" with something like
## crypsetup -q luksDelKey root 1
## this will delete the key for your root-device in slot1
## BE CAREFULL - "-q" overrides any confirmation!!! - be SURE to have your
## masterkey in slot0 (and don't lose it :-)

done
}

#function to probe for USB-Stick
#calls all other functions
test()
{
if ! mount /dev/sda1 /mnt/keydisk>/dev/null 2>/dev/null
then
echo ""
echo "no usb-key present"
input
else
keydisk
fi
}

#function to enter pwd manually
#3 tries
input() #
{
c=3
z=" ..."
while [ "$c" != 0 ]
do
   if ! cryptsetup luksOpen /dev/hda4 root 2>/dev/null # <- remove "2>/dev/null" for visible promt for your password
   then
   let c=$c-1
   echo ""
   echo $c $z
      if [ "$c" = 0 ]
      then
      echo "... wrong pw"
      stop
      fi
else
mount /dev/mapper/root /root 2>/dev/null
break
fi
done
}

#function that reads keyfile from USB-Stick
keydisk()
{
if ! cryptsetup luksOpen --key-file=/mnt/keydisk/laptux.key /dev/hda4 root 2>/dev/null # <- change to match your USB-Device and keyfile
then
stop
else
mount /dev/mapper/root /root 2>/dev/null
umount /mnt/keydisk>/dev/null
fi
}

mount -t proc none /proc
CMDLINE=`cat /proc/cmdline`

sh devmap_mknod #<- call devmap_mknod-script - remove if not needed

umount -n /proc

loadkeys ./de.map.gz #<- german keymap (see howto)
cat ./ascii-skull #<- ascii-greeter

sleep 5 # <- wait for slow USB-Stick

test #<- start function test()

echo ""
echo "you are allowed in"

cd /root
mkdir initrd
pivot_root . initrd
# start init and flush ram device
exec chroot . /bin/sh <<- EOF >dev/console 2>&1
umount initrd
rm -rf initrd
blockdev --flushbufs /dev/ram0
exec /sbin/init ${CMDLINE}
EOF

maybe I'll modify this script to use gpg-encrypted passwords some day...

[xanthax]

Oki i did the "dd if=/dev/urandom of=/dev/hdc" to set random data all over the disk...
but i have now waited for more then 11½ hours and it´s still not done....

I have a P3 600Mhz with 768 MB Ram and the disk is 250 GB...
How long time do yoiu think it will take
How long time did it take for you guys and what kinda computers did you have..

//Xanthax

[Aszrael]

Hi,
to answer in short: it took ages!
On my laptop I created a 50GB-partition and dd finished in >8 hours time, but it has a damn slow HDD.
So don't expect miracles...
I was shocked too, but fortunately it was my a testing system, so I just had another coffee (and quite a few more after that one)

[xanthax]

Oki, Thanks for the info....
It´s just an extra drive in my server so i dont really have to use it anyway...
just wanted to continue with fixing the drive.... but then i know im not fixing it today

EDIT: oki im up in 39h but still not finished....

[xanthax]

Im up in 59:h still not complete and the process is working ist just not finished....

Is there a possible way to se how much is done ???

[unixtroll]

I would suggest not to use /dev/urandom to delete your harddisk. Shred is much faster, and 3 passes are usually more than enough. Took about a few hours on my system (160gb, 7.200 RPM).
I know there's some US official paper for secure harddisk erasure suggesting 16 (IIRC) passes, but that is just totally undue. Even professional data recovery firms are usually not able to recover anything after 3 times of overwriting.
It may not be as secure as overwriting with random data, depending on the filesystem used etc. the attacker will probably recognize where the encrypted disk is filled with data, und where it's just free space. However I wasn't able to find any document backing up that this enables the attacker to decrypt more easily. A certain amount of caution & paranoia is alright, but one shouldn't blow it outta proportion.

[niuck]

Hi, i have a problem =)

I have encrypted me /home wish is /dev/hdb1 with aes256 +luks. I could mount it and format it and copy files etc to it at first, problem is that after the first reboot dmesg says "unknown partition table". /dev/hdb1 doesnt exist, only /dev/hdb. So i cant mount it with cryptsetup luksOpen /dev/hdb1 hdb1.

The disk is found and responds to hdparm etc. Any ideas what could be wrong and how to fix it?

Thanks

[niuck]

Hmm. guess i fixed it. I added a partition in fdisk wrote it to disk then just tried to mount it and it worked?!

[swit]

hi, great guide

but, i've a problem: i tried to starting the system with an usb-device, but when starting the system syslinux print out a message that say "the sysstem is not avabile for this device, inserit the corret device"

i'm sure that i used step by step command on the guide for creating the syslinux, another spy is that the usb-memory is readeable on Windows system

i used this command for formatting usb-memory:

dd if=/dev/zero of=/dev/sdb bs=1024k count=5 conv=notrunc
mkfs -t vfat -I /dev/sdb
mount -t vfat /dev/sdb /mnt/usb
#coping vmlinux
#coping System.map
#coping initrd
syslinux /dev/sdb
sync

can anyone help me?