Tuesday, March 17, 2009

full disc encryption

Full disc encryption is something you definitely want to have. No need to worry about private data on a stolen or old hard disc. Everything is encrypted. And the performance penalties are arguable meaning that most user would not notice any difference.

Linux supports initial ramdiscs. Basically this is a complete linux root file system in RAM into which the kernel boots. A script called linuxrc is then executed which can do whatever a linux system can do. For example retreiveing a crypto key and mounting the real root file system. Normally the next step is to mount the real root file system. The kernel then executes a pivot_root, thereby switching the root mount point. Finally /sbin/init is executed which does the normal system boot up. Here is an interesting introduction with some background information about this topic.

The crypto key can be retrieved in many ways. One is to query the user for a password. Another is to mount a file system on a USB stick and read the key from there, which means that you can boot the system only if you have access to a token. Even remote servers can have full disc encryption as linuxrc can start up an ssh server and wait for an administrator to log in and provide the password. The file server of my former flat share retrieved the key from a second server which was in my neighbor's flat and connected through Wi-Fi. In this setup the server can automatically boot without the admin being around and still nobody who takes the hard discs away can access any data.

The common way to do disc encryption on Linux these days is dm-crypt. dm-crypt is a device-mapper crypto target and does what its name suggests: it maps an existing block device to a new one and does encryption in between. It's as simple as saying cryptsetup -d keyfile create /dev/sda1 rootfs in order to get the new device /dev/mapper/rootfs which is the decrypted view on /dev/sda1. The encryption key thereby is read once from the given key file.

The Linux Unified Key Setup (LUKS) system is even more comfortable as you don't have to bother with key files but simply provide one or more passwords for each block device you want to encrypt.

In earlier days creating an initrd image for full disc encryption was very cumbersome. At least for Debian these days are over since the initramfs-tools exist. This tools create an initrd image automatically by obtaining your setup from system configuration like /etc/fstab and /etc/crypttab.

Say your installation is on /dev/sda3, swap is on /dev/sda2, you use LUKS for encryption and ext3 as file system. Then /etc/crypttab looks like this

rootfs /dev/sda3 none luks swap /dev/sda2 /dev/urandom swap
and /etc/fstab looks like this:
/dev/mapper/rootfs / ext3 defaults 0 1 /dev/mapper/swap none swap defaults 0 0
Simple as that. Then you run update-initramfs with the proper kernel version which creates your new initrd image under /boot. Configure your bootloader to use it, set the boot parameter root=/dev/mapper/rootfs and you are done.

Note that it is really important to encrypt the swap partition as well. Otherwise there are unencrypted transcripts of your memory on the disc which might reveal data you wanted to keep secret.

Debian comes with complete full disc encryption support. Not only be means of the above mentioned initramfs-tools but also with via integration into the Debian installer. Ubuntu's alternate installer offers the same. I am not aware of any other Linux distribution doing so.

If you want to protect yourself against active attacks on your full disc encryption you can burn your boot loader, the kernel and the initrd to a CD-ROM and sign it with a marker. Before every boot you must make sure that your system boots from this CD-ROM, so that you know that you don't boot a compromised kernel which, for instance, reveals your encryption key. An attacker could still tamper with your BIOS though... Even Intel's Trusted Execution Technology is not safe ;-)

Enough for today.

No comments:

Post a Comment