Encrypted Root File System, Swap, etc...

Message

tomaw · Post by **tomaw** » Sat Jul 26, 2003 8:45 pm

sorry my post on the CPU was incorrect, they are Athlon MP 2400's that run at 2GHz. It's a dual processor system, but I am not sure that will help too much with the encryption.

Also, could partimage not backup the encrypted file system, so the backup cd's don't actually contain plaintext data?

chadders · Post by **chadders** » Sat Jul 26, 2003 9:18 pm

I don't think that you want to use partimage. If you want to have backups where everthing on the backup is encrypted you should use dd to copy all of the encrypted blocks.

If a backup program has to know about the filesystem (like partimage) then it is reading and backing up UNencrypted stuff.

Chad

tomaw · Post by **tomaw** » Sun Jul 27, 2003 7:54 am

OK, here's my next question - does anyone have the patch working for util-linux 2.12? Without this I doubt much will work.
This is what I get from it:

Code: Select all

patching file mount/Makefile
Hunk #3 FAILED at 78.
1 out of 3 hunks FAILED -- saving rejects to file mount/Makefile.rej
patching file mount/aes.c
patching file mount/aes.h
patching file mount/lomount.c
Hunk #1 FAILED at 6.
Hunk #2 FAILED at 23.
Hunk #3 FAILED at 140.
Hunk #4 FAILED at 218.
Hunk #5 FAILED at 523.
Hunk #6 FAILED at 549.
Hunk #7 FAILED at 627.
Hunk #8 succeeded at 721 with fuzz 2 (offset 79 lines).
Hunk #9 FAILED at 730.
Hunk #10 succeeded at 719 (offset 57 lines).
Hunk #11 FAILED at 757.
Hunk #12 FAILED at 865.
10 out of 12 hunks FAILED -- saving rejects to file mount/lomount.c.rej
patching file mount/losetup.8
Hunk #1 FAILED at 1.
Hunk #2 FAILED at 7.
Hunk #3 succeeded at 55 with fuzz 2 (offset 24 lines).
Hunk #4 FAILED at 72.
Hunk #5 FAILED at 142.
4 out of 5 hunks FAILED -- saving rejects to file mount/losetup.8.rej
patching file mount/loumount.c
patching file mount/mount.8
Hunk #3 succeeded at 1698 (offset 8 lines).
patching file mount/mount.c
Hunk #2 succeeded at 198 (offset 3 lines).
Hunk #3 succeeded at 208 (offset 3 lines).
Hunk #4 FAILED at 1402.
Hunk #5 FAILED at 1441.
Hunk #6 succeeded at 1489 (offset 19 lines).
2 out of 6 hunks FAILED -- saving rejects to file mount/mount.c.rej
patching file mount/rmd160.c
patching file mount/rmd160.h
patching file mount/sha512.c
patching file mount/sha512.h
patching file mount/swapon.8
patching file mount/swapon.c

Also, since I'm posting, I notice that my distfiles contains

Code: Select all

tawesley util-linux-2.12 # ls /usr/portage/distfiles/util*
/usr/portage/distfiles/util-linux-2.11z-crypt-gentoo.patch.bz2
/usr/portage/distfiles/util-linux-2.11z.tar.bz2
/usr/portage/distfiles/util-linux-2.12.tar.gz

Is the gentoo patch related to this experiement at all?

watersb · Post by **watersb** » Sun Jul 27, 2003 1:12 pm

tomaw wrote:OK, here's my next question - does anyone have the patch working for util-linux 2.12?

util-linux-2.12 seems to be a CryptoAPI-only sort of thing.

For loop-AES, look back to page 4 or so of this thread; I posted some patches against 2.11z that I tested with loop-AES.

I did NOT write the patches, I just posted them from the loop-aes mailing list

chadders · Post by **chadders** » Mon Jul 28, 2003 1:23 am

Watersb profile said: "Where the hell is Socorro, New Mexico?" Its between Las Cruces and Albuquerque (home of Gentoo) and is a good place to see UFOs and planets and star parties! I want to come!

Chad

Leen · Post by **Leen** » Tue Jul 29, 2003 12:16 am

Hi, well i have a strange problem:

Yesterday i encrypted my laptop and everything went fine, today i tried it on my desktop-pc, and at first it seemed that everything went just fine, too.

But when i tried to boot the new encrypted machine, it asked for my passphrase, accepts it....then the normal boot procedure runs but after
"Activating (possibly) more swap" when the system tries to mount the root filesystem it says that the superblock on /dev/loop0 would be defect. Then Gentoo mounts it read-only and suggests that i should recover it with --rebuild-sb.

Well...i tried it, and it just don't work (the programm says that a 0 byte blocksize cannot be recovered [or something simmilar]).
I thought:
Uhh, all my data lost? Then i put in the knoppix-cd again, mounted the device without problem, no bad superblock message, nothing seems to be wrong at all. Of course i checked the partition...and there were no errors on it.

So now my question: What's the error...and, most important of all, how can i fix it? (So that i can use it in my desktop pc again)

I allready tried to dd_rescue it to a file, then to format it with mkreiserfs and then to dd_rescue it back, but i think dd_rescue copies everything 1:1 so that the "error" or whatever it is remains still on the disk (me does actually not exactly know how dd_rescue is working..

).

rwar · Post by **rwar** » Tue Jul 29, 2003 8:25 am

hi all, ive also got a problem.
encrypting worked, and i can mount and unmount the partition manually from knoppix, but booting does not work.
i built the utils, the loop module, initrd, configured it all (devfs=1 etc), the modules and some libs are on /boot, but when i boot i get virtually no errors except a kernel panic? i get one error that is a insmod scsi error but i believe thats pcmcia related.

also, since the kernel panics i cant scroll up to read more, and since the fs is encrypted its not logging it, how can i read the rest of my debug msgs (to see if initrd and the loop module are even being loaded, i dont see them when its scrolling by, but then again it scrolls by really fast :O)? cant login and use dmesg, its not logged in the first place, rebooting with knoppix and using dmesg of course shows knoppix's messages

i tried passing rootfilesystem=minix to the kernel but to no avail.
(side question: what does init=/linuxrc do?)

anyway this is whats left on the screen everything else looks normal

kmod: failed to exec /sbin/modprobe -s -k scsi_hostadapter errno = 2
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
spurious 8259A interrupt: IRQ7
Yenta IRQ list 04b8
spurious 8259A interrupt: IRQ7
Yenta IRQ list 04b8
Kernel panic: VFS: Unable to mount root fs on 01:00

is this from the ramdisk or from the actual root fs? /dev/loop5 from fstab in this case

one thing, im using 2.4.20-ck6, i have the kernel modules configured right but im wondering if theres a patch thats causing trouble?

Bersi · Post by **Bersi** » Thu Jul 31, 2003 3:03 am

Sethrab:

An earlier post (contigab) made the comment that similar results can be achieved using modules taken from the cryptoloop package. If the similar result is an encrypted "root" filesystem then additional work is needed. The kernel will not have access to the root file system to retrieve the encryption module untilt he encryption module is retrieved... a chicken and egg problem. This is the reason that an intermediate root (initrd=/dev/ram) is required to boot. Contigab handles encrypted home, etc, very well and is useful, but does not appear to handle the encrypted root case. The original loop-AES post that started this thread does address this.

Im just wondering. If one has a /home partition encrypted then WHY would one need to encrypt the root partition too? All your personal files are in the /home partition and the root filesystem keeps libs,binaries and docs. There is nothing to hide in the root partition?

watersb · Post by **watersb** » Thu Jul 31, 2003 7:03 am

chadders wrote:Watersb profile said: "Where the hell is Socorro, New Mexico?" Its between Las Cruces and Albuquerque (home of Gentoo) and is a good place to see UFOs and planets and star parties! I want to come!

Chad

Come along sometime -- I can give tours of the Very Large Array -- although (contrary to the move "Contact") I have to admit we haven't found any space-alien transmissions yet!

watersb · Post by **watersb** » Thu Jul 31, 2003 7:11 am

sethrab wrote:An earlier post (contigab) made the comment that similar results can be achieved using modules taken from the cryptoloop package. If the similar result is an encrypted "root" filesystem then additional work is needed. The kernel will not have access to the root file system to retrieve the encryption module untilt he encryption module is retrieved... a chicken and egg problem. This is the reason that an intermediate root (initrd=/dev/ram) is required to boot.

Not quite... I suggest that you compile the cryptoloop drivers as part of the kernel -- not as modules -- with the 2.6.0 kernel this is available. You still need some way to tell init to decrypt the root filesystem at boot-time, that is what the initrd is for.

Bersi wrote: Im just wondering. If one has a /home partition encrypted then WHY would one need to encrypt the root partition too? All your personal files are in the /home partition and the root filesystem keeps libs,binaries and docs. There is nothing to hide in the root partition?

The problem with security is that it is hard to anticipate what should be hidden. If you can guarantee that your system is not "leaking" information, then by all means stick with an encrypted home. Just note that your /etc directory will be readable by anyone with physical access to your disk (if they steal a laptop, for example). Likewise /var/spool/mail and /var/cache/squid...

The point is that, after careful consideration, I gave up on trying to select which things might be worth encrypting and decided to encrypt the whole shebang.

Wilhelm · Post by **Wilhelm** » Fri Aug 01, 2003 2:44 pm

rwar wrote:hi all, ive also got a problem.
encrypting worked, and i can mount and unmount the partition manually from knoppix, but booting does not work.
i built the utils, the loop module, initrd, configured it all (devfs=1 etc), the modules and some libs are on /boot, but when i boot i get virtually no errors except a kernel panic? i get one error that is a insmod scsi error but i believe thats pcmcia related.

also, since the kernel panics i cant scroll up to read more, and since the fs is encrypted its not logging it, how can i read the rest of my debug msgs (to see if initrd and the loop module are even being loaded, i dont see them when its scrolling by, but then again it scrolls by really fast :O)? cant login and use dmesg, its not logged in the first place, rebooting with knoppix and using dmesg of course shows knoppix's messages

i tried passing rootfilesystem=minix to the kernel but to no avail.
(side question: what does init=/linuxrc do?)

anyway this is whats left on the screen everything else looks normal

kmod: failed to exec /sbin/modprobe -s -k scsi_hostadapter errno = 2
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
spurious 8259A interrupt: IRQ7
Yenta IRQ list 04b8
spurious 8259A interrupt: IRQ7
Yenta IRQ list 04b8
Kernel panic: VFS: Unable to mount root fs on 01:00

is this from the ramdisk or from the actual root fs? /dev/loop5 from fstab in this case

one thing, im using 2.4.20-ck6, i have the kernel modules configured right but im wondering if theres a patch thats causing trouble?

Ok what's happening to my limited knowledge is that your scsi driver isn't getting loaded *duh* and because of that the root partition won't get mounted. Remember that laptops have scsi hard drives mostly. Then after the initrd is finished you end up with the kernel panic and blinking keyboard because it doesn't have anything to boot.

Your root file system should not be set to minix. Remember fstab is on your encrypted root. Only the files on the boot dir can be faulty like the kernel itself, the modules, the loop-AES files.

Here's what you should check

Make sure all modules needed are available in the boot dir (read the loop-AES manual for exact location). Make sure /boot is mounted when you stick stuff on it. If i where you i'd compil all modules like scsi into your kernel if possible, this will make life easier.

Make sure the DEVROOT applies to your drive this will be different for your scsi laptop drive.
DEVROOT=/dev/ide/host0/bus0/target0/lun0/part1

mmealman · Post by **mmealman** » Wed Aug 06, 2003 10:10 pm

TenPin wrote:I've always thought having an encrypted root fs would be really thrifty. If for whatever reason the law confiscates your machine then you can be quite smug knowing it would be near impossible for them to retrieve anything.

Well be careful with that. The passphrase to get into your encrypted filesystem can be ordered from you by the courts. Don't give it up? You'll be in contempt and go to jail.

Anyone make use of deniable encryption like what's at http://www.rubberhose.org?

It seems to me the weak link in crypto these days isn't the algorythm so much as the human who owns the key who may be forced to give it up.

viperlin · Post by **viperlin** » Wed Aug 06, 2003 10:54 pm

seems stupid but surely (ok i won't call you shirley) you could just say you have forgotton the password, what proof do they have that you have not forgotton it.
"i've not rebooted in ages and never entered the password much, i have forgotton it"
(other than a lie detector test that is, and even they can be fooled with training)

mmealman · Post by **mmealman** » Thu Aug 07, 2003 12:31 am

So you've forgotten the password to boot the computer you use every day? Do you think a judge would actually believe that?

A judge doesn't need proof to throw you in a jail cell for contempt of court.

belgarion · Post by **belgarion** » Thu Aug 07, 2003 6:46 am

Well be careful with that. The passphrase to get into your encrypted filesystem can be ordered from you by the courts. Don't give it up? You'll be in contempt and go to jail.

No. Just plead the Fifth. Unless you've actually got the key written down somewhere, they can't ask you to reveal it yourself, as you can't subpoena thought. Of course, I don't think it'll come up.

tomaw · Post by **tomaw** » Thu Aug 07, 2003 7:40 am

They can here in the UK.

mmealman · Post by **mmealman** » Fri Aug 08, 2003 4:21 pm

The 5th doesn't protect you. The 5th basically states that testimony against yourself can't be coerced from you. But you were never coerced into putting the materials onto your encrypted drive. The passphrase is merely the key to access those contents and the 5th doesn't apply to the key.

It's sort of like if you shot someone with a gun, placed a gun in a safe that only you had the key to. You can't be forced into saying that a gun exists in the safe or that you used it, but you can be forced into giving the police the key to open the safe.

If you just say you lost the passphrase then you'll get into a question answer phase about your computer use(when did you last use it, where did you send email X, Y, Z from? Where did you post to forums.gentoo.org from?) that you're going trip up on somewhere as they cross check what you tell them.

Deniable encryption like rubberhose and I think bestcrypt basically setup ways for you to give up lesser encrypted materials and keep others safe. If I have an encrypted hard drive that gets confiscated, I can give up the key that opens up level A, my financial records, and keep B(mp3 collection), C(pirated software), D(money laundering accounts), and E(JFK assassination files) to myself.

And it works in a way that when A is opened up there's no way to tell that B, C, D and E even exist.

Garbz · Post by **Garbz** » Mon Aug 11, 2003 9:09 am

i may have jumped the gun posting this problem but my seach found nothing about it.

Basically the encryption works fine, even for the swap file. You're instructions completely failed for me so i edited the file according to the comments, with devfs=1 and a few other minor changes but that doesn't matter because the encryption works.

The problem occures when shutting down.

Straight after

Code: Select all

"Unmounting filesystems... [OK]"
"Remounting remaining filesystems readonly... [!!]"

im greeted with:

Code: Select all

/sbin/rc: line 1: /proc/cmdline: No such file or directory
Give root password for maintenance
(or type Control-D for normal startup):

The end result of all this is that if i Hit Control-D the computer instantly shuts down. If i wait 15 sec the computer shuts down, and if i give the password i get dropped into a shell.

So the question is how to i stop this. It appears to be having a problem remounting the filesystems readonly although i can't figure out which file system it can't remount.
The shell i get dropped into appears to have the proc filesystem mounted.
Out put from mtab

Code: Select all

 none /proc proc rw 0 0

However an ls of the /proc directory clearly states otherwise.

Every attempt to mount proc with "mount -t proc none /proc" Fails misserabbly for reasons giving a standard error.

And umounting /proc gives "umount: none: not found umount: /proc: not mounted."
really? that's not what mtab said!

devfs is still mounted.

Any ideas? i for one am out of them! All i know is that proc is the source of the evil.

chadders · Post by **chadders** » Mon Aug 11, 2003 8:58 pm

Deleted

Garbz · Post by **Garbz** » Mon Aug 11, 2003 10:19 pm

not the answer i was looking for

xi · Post by xi » Thu Aug 14, 2003 10:13 am

How can disk encryption be safe ?

Let's assume someone wants to break the encryption, he has several places to start.
He knows what kind of operating system and filesystem you use, so he is able to search for filesystem structures (probably he even knows the position of certain information) and for directories like /etc /bin /sbin and so on.
By checking /boot he can find out what kernel version you run and by getting the sources of this version he gets another 200megs (!) of plaintext data to search for.

watersb · Post by **watersb** » Thu Aug 14, 2003 2:51 pm

Please take a look at
http://mica.nfshost.com/HOWTO/Disk-Encryption/

-- I think a GREAT aspect of this article is the Threat Model, which is germane to recent posts to this thread.

-- Please provide David with some feedback

-- I have asked David for permission to edit/modify/expand this document for inclusion in Gentoo Documentation. Perhaps Chadders and others can do a better job than I can.

-- I am working on an extension/modification of this document which explains how to do this with the built-in crypto in Kernel 2.6

Subject: Request for comments on "Disk Encryption HOWTO"
Date: 14 Aug 2003 01:24:42 -0700
From: David Braun
To: linux-crypto@nl.linux.org

I wanted to encrypt my whole hard disk and looked for a method to do
so. I found methods close to this goal but not quite achieving it so I
made my own method and wrote it up.

I've included it in a new "Disk Encryption HOWTO", intended to supersede
the existing "Loopback Encrypted Filesystem HOWTO" [1]. Please read it
and provide me with criticism, suggestions, and other feedback. Here
are some things I'm looking for:

* Sanity check. Does it make sense? Am I way off base?
* Smoke test. Does the procedure work for you?
* Weakness. Could the security be improved in a practical way?
* Readability. Do you understand it easily?

The document is here:

http://mica.nfshost.com/HOWTO/Disk-Encryption/

David Braun

[1] http://www.tldp.org/HOWTO/Loopback-Encr ... HOWTO.html

-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/

xi · Post by xi » Thu Aug 14, 2003 3:18 pm

great document, thanks

This method won't work (yet) with Software Suspend for Linux

it does work in newer versions of swsusp (kernel 2.4, not 2.6) with initrd before resume patch included

TheCoop · Post by **TheCoop** » Fri Aug 15, 2003 12:02 pm

hmm, im confused...

what do you need to get an encrypted system under 2.6? do you need to patch util-linux now, and install the loop-AES patches? what kernel options do you need for 2.6?

chadders · Post by **chadders** » Fri Aug 15, 2003 1:06 pm

xi wrote:How can disk encryption be safe ?

Let's assume someone wants to break the encryption, he has several places to start.
He knows what kind of operating system and filesystem you use, so he is able to search for filesystem structures (probably he even knows the position of certain information) and for directories like /etc /bin /sbin and so on.
By checking /boot he can find out what kernel version you run and by getting the sources of this version he gets another 200megs (!) of plaintext data to search for.

Yep, but it isn't as bad as it sounds. Good crypto uses CBC mode (cipher block chaining) and not ECB mode (electronic code book) AND USES INITIAL VECTORS. So its LOTS harder to break because EVERY BLOCK has its own key. That means you can't make a table of ciphertext that corresponds to plaintext even if you know what the plaintext is. A real good book is Applied Cryptography. If you go to sci.crypt news group and to http://www.counterpane.com there is lots of stuff about known plain text attacks, differential attacks, and other cool stuff.

The reason that I like to encrypt root is because I think lots of stuff leaks out to logs and to other places and because I don't want people to know what stuff I got installed on it because that might help them to break it. I think that there is lots more risk from stuff like keyboard sniffers and breaking in from the net than there is someone decrypting it.

My next project is to save up enough money to get a big enough flash pen drive and put the whole /boot and /root on it encrypted. That way the whole operating system goes in my pocket and that would be way cool.

I wish someone would make a Gentoo based Knoppix for a pen drive too. Maybe I will do that but I'm kinda broke because my nazi fake dad won't give me more allowance and summer is almost over and school is starting up so I have to quit my job next week and I spent half my money on 1.4 CDs that didn't come yet grrrr.