Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
umount ecrypted fs on hibernate
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
DMoL
Tux's lil' helper
Tux's lil' helper


Joined: 07 May 2006
Posts: 100
Location: Minsk, Belarus

PostPosted: Mon Aug 08, 2016 3:03 pm    Post subject: umount ecrypted fs on hibernate Reply with quote

Hello,

I've followed the guide [1], and successfully encrypted filesystem with sensitive data. Usually I don't reboot my notebook, but do hibernate-to-ram (aka put to sleep). I've noted that after wake up, the encrypted filesystem is still mounted. How can I umount it + execute "cryptsetup luksClose myname", when I press hibernate button?

I'm not sure, but my hibernating process is handled by "sys-power/hibernate-script" .

Thanks!

[1] https://wiki.gentoo.org/wiki/Dm-crypt
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14185

PostPosted: Tue Aug 09, 2016 1:30 am    Post subject: Reply with quote

You can run commands before sleep using an OnSuspend NN /path/to/command hook in the configuration file for hibernate-ram. However, you cannot umount a filesystem that is in use.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2971
Location: Germany

PostPosted: Tue Aug 09, 2016 1:37 am    Post subject: Reply with quote

There is luksSuspend/luksResume that works without requiring umounting. Read/write requests are simply delayed indefinitely.

If it's your root partition you won't be able to luksResume since trying to access cryptsetup binary will get stuck. So you need a kind of initramfs that still provides this binary...
Back to top
View user's profile Send private message
JeroenMathon
n00b
n00b


Joined: 11 Aug 2016
Posts: 17
Location: /usr/portage/sys-kernel/JeroenMathon

PostPosted: Thu Aug 11, 2016 1:37 pm    Post subject: Reply with quote

I strongly do not recommend using hibernation while having disk encryption.
Mainly because the moment you are not close to your PC you will leave it vulnerable.

You also want to make sure to always shutdown correctly so that LUKS and dm-crypt clear the decryption key from RAM correctly.
If they cannot do that you can retrieve that key trough a cold boot attack.
Having it remain on the disk(I assume a unencrypted partition) is not smart because unless its securely wiped every time it will be easily recoverable(Especially when its on the boot partition which is rarely written on.

TL:DR Having your computer automatically put in the key after waking up from hibernation defeats the purpose of encrypting your computer.


EXTRA NOTE: If an attacker manages to modify the encryption program when your computer is decrypted(in use) to not securily wipe(Which should not be any danger when you remove the power and ram gets cleared because of power loss) then they can retrieve it from the hard disk using forensics tools.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14185

PostPosted: Fri Aug 12, 2016 1:21 am    Post subject: Reply with quote

Some of those concerns are valid, but I think you made two unfounded assumptions. First, OP mentions using sleep, which is typically implemented with substantial help from the system firmware. Yes, the key remains in memory. Yes, a cold boot attack could recover it. However, if the system is in sleep mode, it will not have written the key to disk, and when it resumes, control should transfer automatically into Linux. If OP has configured the system to lock the screen before sleeping, then an attacker could resume the system, but would then have no more access than if he found a locked and unattended desktop.

You can get reasonable safety using hibernate-to-disk with disk encryption if the hibernation image is itself written to an encrypted swap volume. Most guides should advocate this already.

Yes, there is a concern that an attacker could modify the system to compromise the decryption. However, this problem applies also when the owner halts the system and leaves it unattended. An attacker could replace the kernel, initramfs, or both with malicious versions. The threat model for encrypted disks has always been weak relative to the scenario that an attacker has an extended period of unsupervised access to the system when it is not running. TPMs were supposed to solve part of that, but were implemented in such a way that most people do not make sufficient use of them.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum