Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo w/ Native Hardware Full Disk Encryption?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
grae
n00b
n00b


Joined: 09 Apr 2007
Posts: 4

PostPosted: Sun Oct 12, 2014 11:16 pm    Post subject: Gentoo w/ Native Hardware Full Disk Encryption? Reply with quote

Anyone here like running with scissors? Stupid question. Everybody does! :D

I've spent a little longer than I care to admit, coding up a small library and associated console tools to talk to TCG Opal compatible self-encrypting hard drives.

What's Opal? It's a rather large and unwieldy standard. Though, the short version is that it's an advanced set of security features that allow you to do all sorts of neat things including:

  • Zero CPU overhead hardware cryptography
  • Secure cryptographic wipe (Only a few seconds for TiB size drives)
  • Individually lockable data partitions
  • Secure pre-boot environments which resist bootkits and evil maids, and vanish on boot


TCG Opal is also one of the standards chosen as part of Microsoft eDrive standard, and is used by BitLocker for full disk encryption. Note that if BitLocker attaches to this interface (automatic in Windows 8 ), a format will NOT uninstall it. Most newer SSD's will natively sport these interfaces, so getting rid of Windows in the future could be a real pain.

This is where my little project steps in. It's a Linux native toolset that can talk to this interface, manipulate it's features, and restore a drive to original factory state when done. It's a functional alpha at best, and I plan to rewrite most of it. However, it works and I think it's the first of it's kind published. I figured it'd be fun to play with for the do-it-yourself-ers that helped me build my skills. Keep in mind not everything's properly documented, and there are no safeties. It's the best kind of dangerous, really.

The code is currently published on github, though you'll need an Opal compatible SATA drive to do anything with it. Your drive's documentation should say if it's supported. If not, check the label on the side for a 32 character PSID. If it's there, you're in luck.

If not, and you want to buy a supported drive, I'd suggest a Seagate Momentus Thin FDE, or Samsung 840 EVO / 850 Pro. The Crucial M500 / M550 seems to work, but I've seen it bug out before, and wouldn't use it for anything important.

Though the documentation's a bit poor at the moment, there's an overview that should walk you through checking out the code, building it, and running it. Hopefully you'll be twisting knobs and throwing levers like you were in Operating Impending Doom 1.

For example, here's some debug from my Seagate ST500LT025. It should give you an idea of what's available to play with.

Code:
topaz-alpha$ sudo ./build/tp_admin -vvv /dev/sdc login
Probe libata configuration
Opening /dev/sdc ...
Probe ATA Identify
  Serial: W0VHEBKA
  Firmware: 0001SDM7
  Model: ST500LT025-1A5142
Verifying ATA support
Searching for TPM Fingerprint
Probe TPM Security Protocols
  (0x00) Security Protocol Discovery
  (0x01) TCG Opal
  (0x02) TCG Opal
  (0xee) IEEE P1667
Establish Level 0 Comms - Discovery
  Level0 Size: 192
  Level0 Version: 0 / 1
  Feature 0x0001 v1 (12 bytes): Trusted Peripheral (TPer)
    Sync: 1
    Async: 0
    Ack/Nak: 0
    Buffer Mgmt: 0
    Streaming: 1
    ComID Mgmt: 0
  Feature 0x0002 v1 (12 bytes): Locking
    Supported: 1
    Enabled: 0
    Locked: 0
    Media Encryption: 1
    MBR Enabled: 0
    MBR Done: 0
  Feature 0x0203 v1 (16 bytes): Opal SSC 2.0
    Base ComID: 2046
    Number of ComIDs: 2
    Range cross BHV: 0
    Max SP Admin: 4
    Max SP User: 16
    C_PIN_SID Initial: C_PIN_MSID
    C_PIN_SID Revert: C_PIN_MSID
  Feature 0x0201 v1 (12 bytes): Single User Mode
    Locking Objects Supported: 16
    Single User Presence: None
    Ownership Policy: Admin
  Feature 0x0202 v1 (12 bytes): Additional DataStore Tables
    Max Tables: 16
    Max Table Size: 52428800
    Table Align: 4096
  Feature 0xc001 v1 (24 bytes): Vendor Specific
  Feature 0x0003 v1 (28 bytes): Geometry Reporting
    Align Required: 1
    LBA Size: 512
    Align Granularity: 8
    Lowest Align: 0
Reset ComID 0x7fe
  Completed
Establish Level 1 Comms - Host Properties
Opal Call: 0:ff.0:ff01[]
Opal Return : 0:ff.0:ff01[['MaxMethods' = 1(u), 'MaxSubpackets' = 1(u), 'MaxPacketSize' = 17388(u), 'MaxPackets' = 1(u), 'MaxComPacketSize' = 17408(u), 'MaxResponseComPacketSize' = 17408(u), 'MaxSessions' = 1(u), 'MaxIndTokenSize' = 17352(u), 'MaxAuthentications' = 24(u), 'MaxTransactionLimit' = 1(u), 'DefSessionTimeout' = 0(u), 'MaxSessionTimeout' = 0(u), 'MinSessionTimeout' = 0(u), 'DefTransTimeout' = 0(u), 'MaxTransTimeout' = 0(u), 'MinTransTimeout' = 0(u), 'MaxComIDTime' = 0(u)]]
  Received 17 items
  Max ComPkt Size is 17408 (34 blocks)
Opal Call: 0:ff.0:ff02[15986(u), 205:1, 1(u)]
Opal Return : 0:ff.0:ff03[15986(u), 4294966316(u)]
Anonymous Session fffffc2c:3e72 Started
Opal Call: b:8402.6:16[[3(u) = 3(u), 4(u) = 3(u)]]
Opal Return : [[3(u) = 'MHPV16XU9H2AMDK8KTQV4TD09AZFQE92']]
Stopping TPM Session fffffc2c:3e72
Opal Call: 0:ff.0:ff02[15986(u), 205:1, 1(u), 0(u) = 'MHPV16XU9H2AMDK8KTQV4TD09AZFQE92', 3(u) = 9:6]
Opal Return : 0:ff.0:ff03[15986(u), 4294966317(u)]
Authorized Session fffffc2d:3e72 Started
Login credentials OK
Stopping TPM Session fffffc2d:3e72


And an idea of how fast the crypto wipe occurs ...

Code:
topaz-alpha$ time sudo ./build/tp_wipe /dev/sdc

real   0m7.575s
user   0m0.006s
sys   0m0.008s


Have fun! Just pay attention to the warnings in the quickstart, and don't try it on a drive with any of your important stuff on it.
Back to top
View user's profile Send private message
steveL
Advocate
Advocate


Joined: 13 Sep 2006
Posts: 2915
Location: The Peanut Gallery

PostPosted: Mon Oct 13, 2014 8:18 am    Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? Reply with quote

grae wrote:
TCG Opal is also one of the standards chosen as part of Microsoft eDrive standard, and is used by BitLocker for full disk encryption. Note that if BitLocker attaches to this interface (automatic in Windows 8 ), a format will NOT uninstall it. Most newer SSD's will natively sport these interfaces, so getting rid of Windows in the future could be a real pain.

This is where my little project steps in. It's a Linux native toolset that can talk to this interface, manipulate it's features, and restore a drive to original factory state when done. It's a functional alpha at best, and I plan to rewrite most of it. However, it works and I think it's the first of its kind published.

Nice work :-)

I don't have a drive it would work with, but I'm a bit wary of the TPM aspect. It seems that might open us up to other "DRM" on the platform?
Quote:
And an idea of how fast the crypto wipe occurs ...
Code:
topaz-alpha$ time sudo ./build/tp_wipe /dev/sdc

real   0m7.575s
user   0m0.006s
sys   0m0.008s

Well I appreciate that's fast, but it strikes me a bit like the "btrfs can fill up a TB drive in 4 seconds" (or w/e it was) claim; not that useful in the overall scheme of things.
Quote:
Just pay attention to the warnings in the quickstart, and don't try it on a drive with any of your important stuff on it.

(Leaving that there as it's important)

Do you have any links to documentation about the underlying technology?
Back to top
View user's profile Send private message
grae
n00b
n00b


Joined: 09 Apr 2007
Posts: 4

PostPosted: Mon Oct 13, 2014 1:30 pm    Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? Reply with quote

steveL wrote:
I'm a bit wary of the TPM aspect. It seems that might open us up to other "DRM" on the platform?


Understandable concern. Though in this case, the TPM provides drive authentication and key management services. Once we take control of it, it works for us. Also, it doesn't start doing anything that we don't ask it to.

steveL wrote:
Well I appreciate that's fast, but it strikes me a bit like the "btrfs can fill up a TB drive in 4 seconds" (or w/e it was) claim; not that useful in the overall scheme of things.


If btrfs is anything like ext4 (which I think they're done by the same guy), it's doing background inode allocation. The filesystem may span the whole drive, but not all blocks have been touched.

Crypto wipe occurs by changing the encryption key used for all the data on the drive, effectively randomizing everything. And I do mean mean everything, including bad and reallocated blocks. Disassembling a scrambled drive will give you the encrypted data, but the key to use it is long since gone.

steveL wrote:
Do you have any links to documentation about the underlying technology?


There's hundreds of pages of documentation. Most of it isn't terribly useful, and I'm still trying to make heads or tails of some of the tables. Though there's a few that I might start with, for the interested.

First, the TCG has a Storage Working Group (SWG) which has defined a core specification which defines a binary syntax for TPM communication, packet encoding, and simple interactions with a session manager for creating authenticated login sessions.

Second, SWG has defined Opal which builds on the core specification, and provides functions and capabilities for multiple users, access control lists, a half dozen other things I haven't implemented.

Though the best is probably the Opal application note which contains annotated examples of some simple TPM interations, and what the results of those should be. This includes a description of the operation, high level pseudocode of the communications (the syntax), and the raw ATA packets which are being sent back and forth (broken down to each item and their encoding, no less).
Back to top
View user's profile Send private message
tw04l124
Veteran
Veteran


Joined: 03 Oct 2006
Posts: 1655
Location: A t z e l, lower austria

PostPosted: Mon Oct 13, 2014 3:27 pm    Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? Reply with quote

grae wrote:


TCG Opal is also one of the standards chosen as part of Microsoft eDrive standard, and is used by BitLocker for full disk encryption. Note that if BitLocker attaches to this interface (automatic in Windows 8 ), a format will NOT uninstall it. Most newer SSD's will natively sport these interfaces, so getting rid of Windows in the future could be a real pain.


Well who trusts Microsoft, sitting near the NSA?

I doubt that a firmware update / upgrade / downgrade will prevent the drive to get fully formatable again.

Another attempt from that company to lock out other OS. they started with the bios and the signed operation system idea and now they try on the other way around.

do not believe that any software used in ms windows will be NSA safe.

do not trust that any hardware encryption chip does not have a hidden backdoor or feature to unencrypt it quite fast on the fly.

do not trust your bios(sigh, ...)
Back to top
View user's profile Send private message
steveL
Advocate
Advocate


Joined: 13 Sep 2006
Posts: 2915
Location: The Peanut Gallery

PostPosted: Mon Oct 13, 2014 9:56 pm    Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? Reply with quote

grae wrote:
steveL wrote:
I'm a bit wary of the TPM aspect. It seems that might open us up to other "DRM" on the platform?

Understandable concern. Though in this case, the TPM provides drive authentication and key management services. Once we take control of it, it works for us. Also, it doesn't start doing anything that we don't ask it to.

Ok yeah, I see; it's only on the libata component: libata.allow_tpm=1

I'd still like to see an assessment of that from a black-hat ;)
Quote:
If btrfs is anything like ext4 (which I think they're done by the same guy), it's doing background inode allocation.

No they're not; Ted T'so (MIT) is the ext2/3/4 developer; Chris Mason (Oracle) is the btrfs guy.

Not that it matters.
Quote:
Crypto wipe occurs by changing the encryption key used for all the data on the drive, effectively randomizing everything. And I do mean mean everything, including bad and reallocated blocks. Disassembling a scrambled drive will give you the encrypted data, but the key to use it is long since gone.

Oh I see; so it just overwrites the key?

Surely it doesn't reencrypt everything? (That would take a lot more time, I'd imagine.)
Quote:
There's hundreds of pages of documentation. Most of it isn't terribly useful, and I'm still trying to make heads or tails of some of the tables. Though there's a few that I might start with, for the interested.
...
Though the best is probably the Opal application note which contains annotated examples of some simple TPM interations, and what the results of those should be. This includes a description of the operation, high level pseudocode of the communications (the syntax), and the raw ATA packets which are being sent back and forth (broken down to each item and their encoding, no less).

Nice one, thanks.
Back to top
View user's profile Send private message
steveL
Advocate
Advocate


Joined: 13 Sep 2006
Posts: 2915
Location: The Peanut Gallery

PostPosted: Mon Oct 13, 2014 9:58 pm    Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? Reply with quote

tw04l124 wrote:
do not believe that any software used in ms windows will be NSA safe.

do not trust that any hardware encryption chip does not have a hidden backdoor or feature to unencrypt it quite fast on the fly.

do not trust your bios(sigh, ...)

and do not trust the mass of components in your box which were manufactured God-knows-where.. ;)

and never, ever trust a phone.
Back to top
View user's profile Send private message
grae
n00b
n00b


Joined: 09 Apr 2007
Posts: 4

PostPosted: Tue Oct 14, 2014 1:15 am    Post subject: Re: Gentoo w/ Native Hardware Full Disk Encryption? Reply with quote

steveL wrote:
Ok yeah, I see; it's only on the libata component: libata.allow_tpm=1


As far as I know, that's actually in response to TCG guidance that users should be able to disable the TCG featureset, so the Linux kernel filters that command set by default. It's an opt-in process, saying you want to use those commands. Ticking that flag doesn't actually change anything in the drive, just allows the drive to see those commands and respond to them. The kernel actually has an interesting note about it as seen here.

steveL wrote:
No they're not; Ted T'so (MIT) is the ext2/3/4 developer; Chris Mason (Oracle) is the btrfs guy.


Hrm, thought Ted Tso did both. Will defer to you.

steveL wrote:
Surely it doesn't reencrypt everything? (That would take a lot more time, I'd imagine.)


There's actually a re-encrypt method you can call in the documentation, that you describe. Though it's not clear to me how you use it, or what purpose it serves. I don't use it, that's for sure.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum