Difference between revisions of "Plain dm-crypt without LUKS"
(replacing redlinks for keyfiles. The whole example on this page is based on using a keyfile, so it is irritating that these are unnecessary redlinks. Link can be changed later or link target can be edited to better fit this content too, if required.) |
(link to discussion) |
||
| Line 1: | Line 1: | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:File systems]] | [[Category:File systems]] | ||
| − | {{Merge|Dm-crypt with LUKS|Assess the possibility of merging the common content between the two articles in order to avoid duplication.}} | + | {{Merge|Dm-crypt with LUKS|Assess the possibility of merging the common content between the two articles in order to avoid duplication.|section=Merge}} |
{{Article summary start}} | {{Article summary start}} | ||
{{Article summary text|This tutorial will show you how to set up system encryption with plain dm-crypt.}} | {{Article summary text|This tutorial will show you how to set up system encryption with plain dm-crypt.}} | ||
Revision as of 03:23, 28 August 2013
Template:Article summary start
Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary end
This article focuses on system disk encryption using plain dm-crypt without LUKS.
dm-crypt is the standard device-mapper encryption functionality provided by the Linux kernel. It can be used directly by those who like to have full control over all aspects of partition and key management.
Contents
Plain dm-crypt vs LUKS format
For most use cases, dm-crypt with LUKS is by far the better option for both system encryption and encrypted partitions. Below are some considerations for choosing one over the other.
Advantages
- dm-crypt does not require a header on the encrypted disk. This means that an unpartitioned, encrypted disk will be indistinguishable from a disk filled with random data. This may be useful in a country that can force you to give up an encryption key where a reasonable suspicion of encrypted data exists.
- plain dm-crypt encrypted disks are more resilient to damage than LUKS encrypted disks, because of the one-to-one mapping of unencrypted data to encrypted data.
Disadvantages
- dm-crypt does not allow multiple pass-phrases, nor does it allow changes to the pass-phase or key-file after initial set-up. LUKS allows for up to eight passphrases, and key-files and passphrases can be changed without having to re-encrypt the entire disk or partition.
- plain dm-crypt requires manual configuration of encryption options each time a device is opened, whereas LUKS stores those details in its header.
- LUKS uses pass-phrase salting and hash iteration, and as such can be more secure than plain dm-crypt. It is essential that a pass-phrase or key-file with very high entropy is used with dm-crypt.
See https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions for further details.
Encrypting system partitions
A separate /boot partition is required, as it needs to remain unencrypted to be accessed by the bootloader. In the scenario that follows, it is assumed that no evidence of encryption is to be left on the main system drive, and so we install the /boot partition and the bootloader to a separate USB stick, and the encryption key to yet another USB stick. Throughout the guide, the system disk will be shown as /dev/sdX, the USB stick containing /boot will be shown as /dev/sdY, and the USB stick containing the encryption key will be shown as /dev/sdZ, where X, Y and Z represent their respective device letters.
Preparation
Safety first
We must first make absolutely sure we are targeting the correct disk:
# fdisk -l
Load the kernel module
# modprobe dm-crypt
Setup encryption
Cryptsetup is used to create the mapping between an encrypted disk and a named device. Its form in this case is:
# cryptsetup <options> --open --type plain <device> <name>
| Option | Description | Examples | Default |
|---|---|---|---|
| --hash | The hash is used to create the key from the passphrase or keyfile | whirlpool, sha1, sha256, sha512, ripemd160 | ripemd160 |
| --cipher | The cipher consists of three parts: cipher-chainmode-IV generator. Please see Wikipedia:Disk encryption theory for an explanation of these settings, and DMCrypt for some of the options available. | aes-xts-plain64, twofish-cbc-essiv:sha256, serpent-cbc-plain | aes-cbc-essiv:sha256 |
| --key-size | The key size (in bits). The size will depend on the cipher being used and also the chainmode in use. Xts mode will require twice the key size of cbc, which should be apparent from the output of cryptsetup benchmark. |
128, 256, 512 | 256bits |
| --offset | The offset from the beginning of the target disk from which to start the mapping | 0 | Unknown, but it does not appear to be 0. |
| --key-file | The device or file to be used as a key. See here for further details. | /dev/sdZ, /boot/keyfile.enc | Uses passphrase instead. |
| --keyfile-offset | Offset from the beginning of the key file (in bytes) from which to read. | 2049 | 0 |
| --keyfile-size | Limits the bytes read from the key file. However, I have found that this is ignored when using plain dm-crypt. Instead, the size will depend on the key-size used. | 512B | 8192kB |
Dm-crypt does not need a partition table and the existence of one could provide a reasonable suspicion that the drive is encrypted. We therefore set up the encryption directly on the physical disk. If a partition table already exists on the target disk, it will be wiped when we later fill the disk.
Example with default options
Using default options with the device /dev/sdX and using enc for the mapped name, we have:
# cryptsetup --open --type plain /dev/sdX enc
You will then be prompted for a password twice, which should have very high entropy. See https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Security_Aspects for details.
Example with custom options
If custom options are required, you may wish to test which encryption system works best on your system:
# cryptsetup benchmark
Using the device /dev/sdX, with the twofish-xts cipher with a 512 bit key size we have:
# cryptsetup --hash=sha512 --cipher=twofish-xts-plain64 --offset=0 --key-file=/dev/sdZ --key-size=512 --open --type=plain /dev/sdX enc
Unlike encrypting with LUKS, the above command must be executed in full whenever the mapping needs to be re-established, so it is important to remember the cipher, hash and key file details. We can now check that the mapping has been made:
# fdisk -l
An entry should now exist for /dev/mapper/enc.
Fill the mapped device
In this case, with /dev/mapper/enc, we use:
# dd if=/dev/zero of=/dev/mapper/enc
or
# cat /dev/zero > /dev/mapper/enc
Use of /dev/urandom is not required here, as anything written to the mapped device is passed through the encryption cipher before being written to disk.
When the process is finished, you may wish to check to see if any existing partition table has been wiped:
# fdisk -l
Install the system
Much of the following steps are identical to those in the Installation Guide. Where they differ is:
- the target installation device is the mapped device under
/dev/mapper/*instead of the physical device/dev/sdX; -
/bootand the bootloader will be installed to a USB stick; - the initramfs hook
encryptis added tomkinitcpio.conf; - the details of the encryption are added to the kernel options in the bootloader.
Partition disks
See Partitioning for further details.
You may use fdisk to create a standard partition table on the mapped device:
# fdisk /dev/mapper/enc
However, a more flexible approach is to use LVM:
# pvcreate /dev/mapper/enc # vgcreate store /dev/mapper/enc # lvcreate -L 20G store -n root # lvcreate -C y -L 10G store -n swap # lvcreate -l +100%FREE store -n home
See Lvm#Installing_Arch_Linux_on_LVM for further details.
For the remainder of this guide we will use the simple LVM volume set created above, which will have created the volumes /dev/store/root, /dev/store/home and /dev/store/swap. The choice of volume group name and logical volume names are arbitrary.
The /boot partition can be installed on the standard vfat partition of a USB stick, if required. But if manual partitioning is needed, then a small 200MB partition is all that is required:
# fdisk /dev/sdY > n > p > 1 > default (2048) > +200M > w > q
Format the partitions
See File Systems#Format a device for further details.
In our example, we will simply use ext4 for root and home.
# mkfs.ext4 /dev/store/root # mkfs.ext4 /dev/store/home
And for the /boot partition, if not already formatted as vfat, we choose a non-journalling file system to preserve the flash memory:
# mkfs.ext2 /dev/sdY1
And lastly the swap partition, if required:
# mkswap /dev/store/swap # swapon /dev/store/swap
Mount the partitions
We are now in a position to mount the partitions and begin the standard Arch installation process.
# mount /dev/store/root /mnt # mkdir /mnt/home # mount /dev/store/home /mnt/home # mkdir /mnt/boot # mount /dev/sdY1 /mnt/boot
Install and configure the base system
Please follow Installation Guide#Install the base system until editing mkinitcpio.conf is required, then add encrypt to the HOOKS array as follows:
/etc/mkinitcpio.conf
HOOKS="base udev ... encrypt ... filesystems ..."
For this example we also require the lvm2 hook:
/etc/mkinitcpio.conf
HOOKS="base udev ... encrypt lvm2 ... filesystems ..."
Then rebuild the initramfs as per usual:
# mkinitcpio -p linux
Install and configure the bootloader
See Installation Guide#Install and configure a bootloader and then return to this guide.
The kernel arguments for initialising a plain dm-crypt disk are as follows:
cryptdevice=/dev/sdX:<mapped name>
Where /dev/sdX is the physical disk containing the encrypted data, and <mapped name> is the name once mapped to /dev/mapper/<mapped name>.
cryptkey=/path/to/keyfile or cryptkey=<device>:<offset>:<size>
Which one used will depend on whether the key has been written as a file to a partition, or as a bit stream to unpartitioned space. See here for details on different keyfiles.
crypto=<hash>:<cipher>:<keysize>:<offset>:<skip>
Here, the arguments hash, cipher, keysize, offset and skip relate directly to the cryptsetup options --hash, --cipher, --key-size, --offset and --skip.
Example with defaults
For a disk encrypted with just default options, we can use the following kernel arguments:
cryptdevice=/dev/sdX:enc crypto=::::
The crypto argument must still be specified, but each entry can be left blank. This will prompt for the pass-phrase on boot.
Example custom options
Assuming the key file is located on /dev/sdZ and the options are as used in the previous example, we have:
cryptdevice=/dev/sdX:enc cryptkey=/dev/sdZ:0:512 crypto=sha512:twofish-xts-plain64:512:0:
If using grub, this is added to /etc/default/grub:
/etc/default/grub
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX:enc cryptkey=/dev/sdZ:0:512 crypto=sha512:twofish-xts-plain64:512:0:"
You may also wish to add:
/etc/default/grub
GRUB_CMDLINE_LINUX="... root=/dev/store/root"
Although it should not be necessary.
This can then be used to update grub.cfg
# grub-mkconfig -o /boot/grub/grub.cfg
The bootloader can then be installed on the same USB as the /boot partition:
# grub-install --recheck /dev/sdY
Post-installation
You may wish to remove the USB sticks after booting. Since the /boot partition is not usually needed, the following option can be added to the boot options in /etc/fstab:
/etc/fstab
# /dev/sdYn UUID=************* /boot ext2 noauto,rw,noatime 0 2
However, when an update to the kernel or bootloader is required, the /boot partition must be present and mounted. As the entry in fstab already exists, it can be mounted simply with:
# mount /boot