Encrypted Root File System, Swap, etc...

[joeatsalot]

Gosh - I'm 28 and a half and I'm confused.

I've been following the instructions from the Linux from Scratch people, to do a similar thing. http://archives.linuxfromscratch.org/ma ... 01539.html

I've got the encrypted part all working, but then /sbin/init crashes horribly, because of the way I'm running it. Perhaps LFS is different to gentoo?

Is the LFS stuff out of date? Badly?

I hope somebody can help.

Jonathan

PS My init script on the unencrypted partition is as follows:

#/sbin/init
#!/bin/sh

/bin/mount -n -t proc proc /proc
/sbin/losetup -e aes -k 128 /dev/loop0 /dev/hda9
/bin/mount -n -t reiserfs /dev/loop0 /mnt

/bin/umount /proc
cd /mnt
/sbin/pivot_root . loader
exec /usr/sbin/chroot . /sbin/init

[watersb]

Kernel 2.6 System Encryption

I am pleased to announce that with Mike Petullo's and David Braun's help, I have been able
to get an encrypted-root system WORKING with my Gentoo 2.6 laptop, using
a random string that is stored on a USB dongle; this string is encrypted
with GPG.

Work in progress documentation is available at

http://www.sdc.org/~leila/usb-dongle/rough-readme.txt

and at

http://www.sdc.org/~leila/usb-dongle/readme.html

The entire setup - a minix-based RAMDisk, and a tarballed filesystem for
the USB-dongle - has been posted to

http://www.sdc.org/~leila/usb-dongle/


This setup is working for me on an x86 system; you will need to replace
the binaries on the usb tarball with your actual binaries (just copy
them over from a working linux system, taking care to copy over any
shared libs as well).

Although I am starting to use this setup in production use, I keep
backups of everything, and assume it is going to eat my hard disk at any
moment. More pounding is needed.

At this point I want to focus on getting the documentation completed.

How does it look so far?

[chadders]

Woah COOL! I'm gonna try that! Thanks watersb

Chad

[gmoney]

I've had no luck at all getting my filesystems which were originally encrypted with the loopback-aes system to work with the kernli crypto systems in the 2.6 kernel. The 2.12 util-linux package seems to work fine but doesn't give me all the options the kernli crypto seems to need (-k, -p, etc...). I've tried every combination of losetup I can think of and some of them actually "work", but when I try to mount no valid filesystem is found. My existing fstab entry is:

/secure/home /home ext3 encryption=AES256,sync,exec,noatime 0 0

and my 2.6 version is:

/secure/home /home ext3 sync,loop,keybits=256,encryption=aes,exec,noatime 0 0

I've seen information on the kernli website about how to convert your losetup options for loopback-aes to the kerneli version, but the gentoo build for util-linux doesn't include the needed options. Has anyone has any luck with mounting a loopback-aes encrypted filesystem from 2.4 to the kernli system in 2.6?

[Death Valley Pete]

Looks promising. I'm trying to figure out how to make this whole thing work, but without the usb dongle. (i.e. with a prompt for a password, the thought being that a dongle would be too easily compromised). Any hints?

[bonsaikitten]

Looks promising. I'm trying to figure out how to make this whole thing work, but without the usb dongle. (i.e. with a prompt for a password, the thought being that a dongle would be too easily compromised). Any hints?

The key on the dongle is password protected, so effectively you add another level of encryption by using a dongle. Using a plaintext key would be quite dumb from a crypto point of view.

[watersb]

Looks promising. I'm trying to figure out how to make this whole thing work, but without the usb dongle. (i.e. with a prompt for a password, the thought being that a dongle would be too easily compromised). Any hints?

I am sincerely sorry if the documentation is too complex -- I am trying to write it all down, and afterwards some editing to get some simple "paths" through all this.

I will be adding the more-simple, non-USB method to the documentation soon. The section "framework" should already be there.

Until then, see http://www.flyn.org/projects/cryptoswap/index.html

[watersb]

My existing fstab entry is:

/secure/home /home ext3 encryption=AES256,sync,exec,noatime 0 0

and my 2.6 version is:

/secure/home /home ext3 sync,loop,keybits=256,encryption=aes,exec,noatime 0 0

Has anyone has any luck with mounting a loopback-aes encrypted filesystem from 2.4 to the kernli system in 2.6?

What sort of error are you getting?

One thing to try, with new util-linux, is to specify key size in the encryption name:

Code: Select all

/secure/home /home ext3 sync,loop,encryption=aes-256-cbc,exec,noatime 0 0

I recommend that you build the crypto TESTING MODULE in the kernel options under CRYPTOGRAPHIC OPTIONS, then load it with

Code: Select all

# modprobe tcrypt

and then examine the kernel debug message output with dmesg -- you will see the names of the various crypto algorithms in the format the kernel is expecting, which you can then try as arguments to the encryption option to mount.

[Death Valley Pete]

I am sincerely sorry if the documentation is too complex -- I am trying to write it all down, and afterwards some editing to get some simple "paths" through all this.

I will be adding the more-simple, non-USB method to the documentation soon. The section "framework" should already be there.

Until then, see http://www.flyn.org/projects/cryptoswap/index.html

Well then, I guess I'll just shut up and let you finish.

The key on the dongle is password protected, so effectively you add another level of encryption by using a dongle. Using a plaintext key would be quite dumb from a crypto point of view.

Good point. I guess I'll start saving my pocket change...

[usingloser]

--editted--

I left out the "lun0" in my partition identifier in my initrd build script.

All better now.

[lazarous]

If a court has a search warrant in the US and you do not give the password for the system, you can be held in contempt of the court and get jail time too.

[Garbz]

got similar issues in australia to the uk.

If the court has reason to believe there is incriminating evidence on the encrypted partition you can be forced to hand over the key. Or else 5 years or max $200,000 AUD i believe.

If you destroy the key and render the partiton useless then u can be charged on destroying evidents (although there was apparently a loophole whereby someone escaped conviction for that act by claiming the evidents was still there in it's entireity and hadn't been touched, and that not being able to read it wasn't his problem. It think there was also an arguement that if the data was scrambeled in such a way then the evidents which is presumably destroyed didn't exist in the first place :S )

[chadders]

Wooo! Im finally up on 2.6 kernel, now i can check out watersb stuff instead of loop-AES. Anyone know of anything I gotta watch out for especially?

Oh, Im supposed to say hi to Bo so hi Bo and everyone else ignore this part especially Garbz.

Chad

[Garbz]

bah fine then

[cayenne]

Hello...read through all this, and looks interesting. I noticed that this thread started awhile back...and had a question.

It originally says to get aes-loop from sourceforge. I did an emerge search and found there is app-crypt/aes-crypt availble.

Can this be a new starting point or are these 2 completely different apps?

Thanks!

cayenne

[bosko]

I have read the how-to posted earlier in this thread (http://www.sdc.org/~leila/usb-dongle/rough-readme.txt), but I still don't completely understand what I have to do.
I would like to do is to use Linux 2.6 (so I would have to use the crypto api) and encrypt both my swap and my root partition. I want to store the key on a USB dongle (only the key, I want the kernel to be in /boot). But basically I have no clue about how I can do this. Could someone be so kind to post the exact steps I need to do?
I did try to extract the relevant information from the instructions posted in this thread, but it's a bit consufing to me

Thank you very much in advance.

[ro0t]

this question is no really related to gentoo .. i m using slackware 9 and kernel 2.4.22 ..
i followed the steps given by "Disk Encryption HOWTO" David Braun
2003-09-13 Revision History
Revision 1.1 2003-09-13 Revised by: DB

the system is workin fine the only problem i am havin is that .. /initrd .. is mounted readonly ..
if i try umount /initrd .. it sayz DEVICE BUSY .

can n e one explain y its still mounted after booting and how to umount it automatically when system boots ..

[curmudgeon]

the system is workin fine the only problem i am havin is that .. /initrd .. is mounted readonly ..


if i try umount /initrd .. it sayz DEVICE BUSY . :?





can n e one explain y its still mounted after booting and how to umount it automatically when system boots ..

http://loop-aes.sourceforge.net/loop-AES.README



"Root partition loop device node is inside initrd, and that device node

will remain busy forever. This means that encrypted root initrd can't be

unmounted and RAM used by initrd file system can't be freed. This

unable-to-unmount side effect is the reason why initrd is intentionally

made as small as possible."

[DingoStick]

I seem to have everything going (mostly) fine, but when I try to mount my partition (it's non-root, so the system is up, but the encrypted partition is not yet mounted), it fails:

Code: Select all

root@outback home # mount ./ftp
Password:
ioctl: LOOP_SET_FD: Device or resource busy

I've read a bit of the documentation, but can't find out why this is occurring. Anyone know about this? My /etc/fstab contains this line:

Code: Select all

/dev/loop5              /home/ftp       reiserfs        defaults,noauto,loop=/dev/loop5,encryption=AES256       0 0

I've tried switching between loop5 and loop0 (the howto uses both, which seems kinda odd...). Nothing works as of now.

[echto]

Thanks for your time on this.

Kernel 2.6 System Encryption

I am pleased to announce that with Mike Petullo's and David Braun's help, I have been able
to get an encrypted-root system WORKING with my Gentoo 2.6 laptop, using
a random string that is stored on a USB dongle; this string is encrypted
with GPG.

Work in progress documentation is available at

http://www.sdc.org/~leila/usb-dongle/rough-readme.txt

and at

http://www.sdc.org/~leila/usb-dongle/readme.html

The entire setup - a minix-based RAMDisk, and a tarballed filesystem for
the USB-dongle - has been posted to

http://www.sdc.org/~leila/usb-dongle/


This setup is working for me on an x86 system; you will need to replace
the binaries on the usb tarball with your actual binaries (just copy
them over from a working linux system, taking care to copy over any
shared libs as well).

Although I am starting to use this setup in production use, I keep
backups of everything, and assume it is going to eat my hard disk at any
moment. More pounding is needed.

At this point I want to focus on getting the documentation completed.

How does it look so far?

[watersb]

Folks, nothing more to see here, just checking in to apologize for how long it's taking to complete that documentation.

If you want to help out, then of course you are free to take a whack at it...

Also, it is a complex document, and it would be useful to have a very quick step-by-step path through the cruft. If someone could post a particular trajectory of commands through it, in the "QuickStart Guide" style like you see in this unrelated document, then I'm sure people would be helped.

And FWIW, I'm up to kernel-test8-love3, the process has worked for all 2.6.0-series kernels that I've tried, and we're getting close to an API freeze for the test series...

[rajl]

Just my two cents on algorithm choice: While invesitgating harddisk encryption further, I've noticed that people have offered the opinion that Rinjdael should be used, and not Serpent; Rinjdael was chosen as the winner of the AES, and some people are saying that Serpent has been possibly broken. Doing some research, the only attack against Serpent I've found is one that also works against Rinjdael. Because of similarities in the algorithms (essentially the same, AES is designed to be faster, Serpent throws in more transformations, rounds, etc than necessary to be more secure) they both suffer from the same algebraic exploit, detailed here:

http://eprint.iacr.org/2002/044/

a better explanation in prettier colors is here:

http://www.cryptosystem.net/aes/

and apparently, the initial publicity that got everyone scared is here:

http://slashdot.org/articles/02/09/16/0 ... tml?tid=93

However, the workability of the attack is still in doubt, as shown here:

http://www.usdsi.com/aes.html

but even if the attack turns out to be successful, both algorithms are still more secure than DES.

[snowjob]

Using aes with a 128 bit key was working great with a haredened 2.4.20 and 2.4.21 kernel but wont work with 2.4.22.

The first problem I had was the losetup program couldn't find aes even though it is in /proc/crypto
- So I emerge util-linux-2.12.ebuild

The new losetup doesn't support -k so I told it to use aes-cbc-128. That didn't complain but when I went to mount the /dev/loop0 device mount complained that it didn't know the fs type of the device. (My guess is it isn't decrypting correctly)

Has anyone else had a problem with the gentoo hardened 2.4.22 kernel. More importantly can anyone help me?

[hulk2nd]

hi there,

i have problems doing this. first i shoot my old installation but doesnt matter. then i reinstalled gentoo and did the following like BlackBart and turbobri said:

hda1: winxp
hda2: boot part. (ext3)
hda3: swap
hda4: root part. (reiserfs)

Ok boot into knoppix w/o the graphical
run losetup -e AES256 -T /dev/loop0 /dev/hda2 (or whatever is your root partition)

i did "losetup -e AES256 -T /dev/loop0 /dev/hda4"

then do mke2fs /dev/loop0 (or whatever file system you want)

i did mkreiserfs /dev/loop

then mkdir /mnt/gentoo
and then mount /dev/loop0 /mnt/gentoo
and mkdir /mnt/gentoo/boot
and mount /dev/hda1 /mnt/gentoo/boot
then cd into /mnt/gentoo
and then extract whatever stage you want and procede from there following the instruction guide.
when you get to the kernel:

Quote:
You HAVE to use CONFIG_MODULES=y, CONFIG_BLK_DEV_LOOP=n (y or m WONT WORK), CONFIG_BLK_DEV_RAM=y, CONFIG_BLK_DEV_RAM_SIZE=4096, CONFIG_BLK_DEV_INITRD=y, CONFIG_MINIX_FS=Y (this is because the ramdisk is minix), CONFIG_PROC_FS=y plus whateve FILESYSTEM YOUR ROOT IS HAS TO BE Y (modules wont work because the kernel can't get modules from the root file system until it knows how to read it and decrypt it when it is booting, other stuff can be modules if you want). Make sure that your new kernel works before going further.

done (except of replacing "mount /dev/hda1 with mount /dev/hda2" i did the same).

patch -p1 <../util-linux-2.11y.diff
export CFLAGS=-O2
export LDFLAGS='-static -s'
./configure
make SUBDIRS="lib mount"
cd mount
install -m 4755 -o root mount umount /bin
install -m 755 losetup swapon /sbin
rm -f /sbin/swapoff && ( cd /sbin && ln -s swapon swapoff )
rm -f /usr/share/man/man8/{mount,umount,losetup,swapon,swapoff}.8.gz
install -m 644 mount.8 umount.8 losetup.8 /usr/share/man/man8
install -m 644 swapon.8 swapoff.8 /usr/share/man/man8
rm -f /usr/share/man/man5/fstab.5.gz
install -m 644 fstab.5 /usr/share/man/man5

done

cd /usr/src/loop-AES-v1.7b
make LINUX_SOURCE=/usr/src/linux-2.4.19-gentoo-r10 (or whatever vers. you have)

i did "cd /usr/src/loop-AES..." and then "make LINUX_SOURCES=/usr/src/linux-2.4.22-ac4"

cp -p /lib/modules/2.4.19-gentoo-r10/block/loop.o /boot/loop-2.4.19-gentoo-r10.o

i did "cp -p /lib/modules/2.4.22-ac4/block/loop.o /boot/loop-2-4.22-ac4.o"

and then do these steps
In the loop-AES directory edit build-initrd.sh. Change BOOTDEV, BOOTTYPE, CRYPTROOT, ROOTYPE and CIPHERTYPE to what you want. Then type sh build-initrd.sh . This makes a ramdisk so that the kernel knows how to get the pass phrase when you boot later.

i did BOOTDEV=hda2, BOOTTYPE=ext3, CRYPTOROOT=hda4, ROOTYPE=reiserfs, CYPHERTYPE=AES256

edit fstab to make your root say /dev/loop5 instead of /dev/hdawhatever.

replaced /dev/ROOT with /dev/loop5 (/dev/hda4 wasn't there cause the installation was fresh where the default entries are /dev/BOOT, /dev/SWAP and /dev/ROOT). and changed the /boot filesystem to ext3 and the /root filesystem to reiserfs.

cd to /boot/grub and edit grub.conf to add a entry like this:
title=Encrypted Root
root (hd0,0)
kernel /bzImage ro root=/dev/ram1
initrd /initrd.gz

jup, done.


but still doesn't work. anyone can see the error(s) i've done?
i tried to describe exactly what i've done with the hope that it would be most easy for you to find the errors i made.

thanks in advance and greets,
hulk

[hulk2nd]

i get a kernel panic, can not find reiserfs on ramdisk