Difference between revisions of "Plain dm-crypt without LUKS"

From ArchWiki
Jump to: navigation, search
(23 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Security]]
+
#REDIRECT [[Dm-crypt/Encrypting an Entire System#Plain dm-crypt]]
[[Category:File systems]]
+
{{Article summary start}}
+
{{Article summary text|This tutorial will show you how to set up system encryption with plain dm-crypt.}}
+
{{Article summary heading|Related}}
+
{{Article summary wiki|Disk Encryption}}
+
{{Article summary wiki|Dm-crypt with LUKS}}
+
{{Article summary end}}
+
 
+
 
+
This article focuses on encryption using plain dm-crypt without LUKS, for both non-system partitions and system partitions.
+
 
+
'''dm-crypt''' is the standard device-mapper encryption functionality provided by the Linux kernel. It can be used directly by those who like to have full control over all aspects of partition and key management.
+
 
+
== Plain dm-crypt vs LUKS format==
+
 
+
For most use cases, [[dm-crypt with LUKS]] is by far the better option for both system encryption and encrypted partitions. Below are some considerations for choosing one over the other.
+
 
+
===== Advantages=====
+
* dm-crypt does not require a header on the encrypted disk. This means that an unpartitioned, encrypted disk will be indistinguishable from a disk filled with random data. This may be useful in a country that can force you to give up an encryption key where a reasonable suspicion of encrypted data exists.
+
* plain dm-crypt encrypted disks are more resilient to damage than LUKS encrypted disks, because of the one-to-one mapping of unencrypted data to encrypted data.
+
 
+
===== Disadvantages=====
+
* dm-crypt does not allow multiple pass-phrases, nor does it allow changes to the pass-phase or key-file after initial set-up. LUKS allows for up to eight passphrases, and key-files and passphrases can be changed without having to re-encrypt the entire disk or partition.
+
* plain dm-crypt requires manual configuration of encryption options each time a device is opened, whereas LUKS stores those details in its header.
+
* LUKS uses pass-phrase salting and hash iteration, and as such can be more secure than plain dm-crypt. It is essential that a pass-phrase or key-file with very high entropy is used with dm-crypt.
+
 
+
See https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions for further details.
+
 
+
== Encrypting system partitions ==
+
 
+
A separate {{ic|/boot}} partition is required, as it needs to remain unencrypted to be accessed by the bootloader. In the scenario that follows, it is assumed that no evidence of encryption is to be left on the main system drive, and so we install the {{ic|/boot}} partition and the bootloader to a separate USB stick, and the encryption key to yet another USB stick. Throughout the guide, the system disk will be shown as {{ic|/dev/sd''X''}}, the USB stick containing {{ic|/boot}} will be shown as {{ic|/dev/sd''Y''}}, and the USB stick containing the encryption key will be shown as {{ic|/dev/sd''Z''}}, where ''X'', ''Y'' and ''Z'' represent their respective device letters.
+
{{Tip|The essential process of filling an encrypted drive can take well over a day to complete on a multi-terrabyte disk. It is therefore recommended that, if an alternative computer is not available for use during this time, the [[Dm-crypt without LUKS:Encrypting system partitions#Preparation|Preparation]], [[Dm-crypt without LUKS:Encrypting system partitions#Set up encryption|Set up encryption]] and [[Dm-crypt without LUKS:Encrypting system partitions#Fill the mapped device|Fill the mapped device]] steps should be done from another installation rather than the Arch installation media.}}
+
==== Preparation ====
+
===== Safety first =====
+
We must first make absolutely sure we are targeting the correct disk:
+
# fdisk -l
+
===== Load the kernel module =====
+
  # modprobe dm-crypt
+
==== Setup encryption ====
+
Cryptsetup is used to create the mapping between an encrypted disk and a named device. Its form in this case is:
+
# cryptsetup <options> --open --type plain <device> <name>
+
 
+
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"
+
|+ Options
+
! Option !! Description !! Examples !! Default
+
|-
+
| --hash || The hash is used to create the key from the passphrase or keyfile || whirlpool, sha1, sha256, sha512, ripemd160|| ripemd160
+
|-
+
| --cipher|| The cipher consists of three parts: cipher-chainmode-IV generator. Please see [[Wikipedia:Disk encryption theory]] for an explanation of these settings, and [https://code.google.com/p/cryptsetup/wiki/DMCrypt DMCrypt] for some of the options available. || aes-xts-plain64, twofish-cbc-essiv:sha256, serpent-cbc-plain || aes-cbc-essiv:sha256
+
|-
+
| --key-size||The key size (in bits). The size will depend on the cipher being used and also the chainmode in use. Xts mode will require twice the key size of cbc, which should be apparent from the output of {{ic|cryptsetup benchmark}}.||128, 256, 512||256bits
+
|-
+
| --offset||The offset from the beginning of the target disk from which to start the mapping||0||Unknown, but it doesn't appear to be 0.
+
|-
+
| --key-file||The device or file to be used as a key. See [[Creating key files]] for further details.||/dev/sda, /boot/keyfile.enc||Uses passphrase instead.
+
|-
+
| --keyfile-offset||Offset from the beginning of the key file (in bytes) from which to read.||2049||0
+
|-
+
| --keyfile-size||Limits the bytes read from the key file. However, I've found that this is ignored when using plain dm-crypt. Instead, the size will depend on the key-size used.||512B||8192kB
+
|}
+
 
+
Dm-crypt does not need a partition table and the existence of one could provide a reasonable suspicion that the drive is encrypted. We therefore set up the encryption directly on the physical disk. If a partition table already exists on the target disk, it will be wiped when we later fill the disk.
+
===== Example with default options =====
+
Using default options with the device {{ic|/dev/sd''X''}} and using {{ic|enc}} for the mapped name, we have:
+
# cryptsetup --open --type plain /dev/sdX enc
+
You will then be prompted for a password twice, which should have very high entropy. See https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Security_Aspects for details.
+
===== Example with custom options =====
+
If custom options are required, you may wish to test which encryption system works best on your system:
+
# cryptsetup benchmark
+
Using the device {{ic|/dev/sd''X''}}, with the twofish-xts cipher with a 512 bit key size we have:
+
{{bc|<nowiki># cryptsetup --hash=sha512 --cipher=twofish-xts-plain64 --offset=0 --key-file=</nowiki>/dev/sd''Z'' <nowiki>--key-size=512 --open --type=plain /dev/sdX enc</nowiki>}}
+
Unlike encrypting with LUKS, the above command must be executed ''in full'' whenever the mapping needs to be re-established, so it is important to remember the cipher, hash and key file details.
+
We can now check that the mapping has been made:
+
# fdisk -l
+
An entry should now exist for {{ic|/dev/mapper/enc}}.
+
 
+
==== Fill the mapped device ====
+
{{Note|It is vital that the mapped device is filled with data. Without doing so, the encrypted data that is written to disk will be easily distinguishable from areas not yet written to.}}
+
{{Warning|The following operation will destroy all data on the underlying physical disk.}}
+
In this case, with /dev/mapper/enc, we use:
+
# dd if=/dev/zero of=/dev/mapper/enc
+
or
+
# cat /dev/zero > /dev/mapper/enc
+
Use of {{ic|/dev/urandom}} is not required here, as anything written to the mapped device is passed through the encryption cipher before being written to disk.
+
 
+
When the process is finished, you may wish to check to see if any existing partition table has been wiped:
+
# fdisk -l
+
{{Note| The partition table will only have been wiped if the offset was set to 0. As a side effect of this, the disk will no longer be addressable by UUID, however it can still be addressed by physical ID ({{ic|/dev/disk/by-id}}).}}
+
==== Install the system ====
+
Much of the following steps are identical to those in the [[Installation Guide]]. Where they differ is:
+
 
+
* the target installation device is the mapped device under {{ic|/dev/mapper/*}} instead of the physical device {{ic|/dev/sd''X''}};
+
* {{ic|/boot}} and the bootloader will be installed to a USB stick;
+
* the initramfs hook {{ic|encrypt}} is added to {{ic|mkinitcpio.conf}};
+
* the details of the encryption are added to the kernel options in the bootloader.
+
 
+
===== Partition disks =====
+
See [[Partitioning]] for further details.
+
 
+
You may use ''fdisk'' to create a standard partition table on the mapped device:
+
# fdisk /dev/mapper/enc
+
However, a more flexible approach is to use [[LVM]]:
+
# pvcreate /dev/mapper/enc
+
# vgcreate store /dev/mapper/enc
+
# lvcreate -L 20G store -n root
+
# lvcreate -C y -L 10G store -n swap
+
# lvcreate -L +100%FREE store -n home
+
See [[Lvm#Installing_Arch_Linux_on_LVM]] for further details.
+
 
+
For the remainder of this guide we will use the simple LVM volume set created above, which will have created the volumes {{ic|/dev/store/root}}, {{ic|/dev/store/home}} and {{ic|/dev/store/swap}}. The choice of volume group name and logical volume names is arbitrary.
+
 
+
===== Format the partitions =====
+
See [[File Systems#Format a device]] for further details.
+
 
+
In our example, we will simply use ''ext4'' for root and home.
+
# mkfs.ext4 /dev/store/root
+
# mkfs.ext4 /dev/store/home
+
 
+
And for the {{ic|/boot}} partition, we choose a non-journalling file system to preserve the flash memory:
+
# mkfs.ext2 /dev/sdY1
+
 
+
And lastly the swap partition, if required:
+
# mkswap /dev/store/swap
+
# swapon /dev/store/swap
+
 
+
===== Mount the partitions =====
+
We are now in a position to mount the partitions and begin the standard Arch installation process.
+
# mount /dev/store/root /mnt
+
# mkdir /mnt/home
+
# mount /dev/store/home /mnt/home
+
# mkdir /mnt/boot
+
# mount /dev/sdY1 /mnt/boot
+
 
+
===== Install and configure the base system =====
+
Please follow [[Installation Guide#Install the base system]] until editing {{ic|mkinitcpio.conf}} is required, then add {{ic|encrypt}} to the {{ic|HOOKS}} array as follows:
+
 
+
{{hc|/etc/mkinitcpio.conf|HOOKS<nowiki>=</nowiki>"base udev ... '''encrypt''' ... filesystems ..."}}
+
 
+
For this example, we also require the lvm2 hook, which must be placed after the encrypt hook:
+
 
+
{{hc|/etc/mkinitcpio.conf|HOOKS<nowiki>=</nowiki>"base udev ... encrypt '''lvm2''' ... filesystems ..."}}
+
 
+
Then rebuild the initramfs as per usual:
+
 
+
# mkinitcpio -p linux
+
 
+
===== Install and configure the bootloader =====
+
 
+
See [[Installation Guide#Install and configure a bootloader]] and then return to this guide.
+
 
+
The kernel arguments for initialising a plain dm-crypt disk are as follows:
+
 
+
{{bc|<nowiki>cryptdevice=</nowiki>/dev/sd''X'':<mapped name>}}
+
 
+
Where  {{ic|/dev/sd''X''}} is the physical disk containing the encrypted data, and {{ic|<mapped name>}} is the name once mapped to {{ic|/dev/mapper/<mapped name>}}.
+
 
+
{{bc|
+
<nowiki>cryptkey=/path/to/keyfile</nowiki>
+
''or''
+
<nowiki>cryptkey=<device>:<offset>:<size></nowiki>}}
+
 
+
Which one used will depend on whether the key has been written as a file to a partition, or as a bit stream to unpartitioned space. See [[Creating key files]] for details.
+
 
+
{{bc|
+
<nowiki>crypto=<hash>:<cipher>:<keysize>:<offset>:<skip></nowiki>}}
+
 
+
Here, the arguments hash, cipher, keysize, offset and skip relate directly to the ''cryptsetup'' options --hash, --cipher, --key-size, --offset and --skip.
+
 
+
====== Example with defaults ======
+
 
+
For a disk encrypted with just default options, we can use the following kernel arguments:
+
 
+
{{bc|<nowiki>cryptdevice=</nowiki>/dev/sd''X'':enc <nowiki>crypto=::::</nowiki>}}
+
 
+
The {{ic|crypto}} argument must still be specified, but each entry can be left blank. This will prompt for the pass-phrase on boot.
+
 
+
====== Example custom options ======
+
 
+
Assuming the key file is located on {{ic|/dev/sd''Z''}} and the options are as used in the previous example, we have:
+
 
+
{{bc|<nowiki>cryptdevice=</nowiki>/dev/sd''X'':enc <nowiki>cryptkey=</nowiki>/dev/sd''Z'':0:512 <nowiki>crypto=sha512:twofish-xts-plain64:512:0:</nowiki>}}
+
 
+
If using [[grub]], this is added to {{ic|/etc/default/grub}}:
+
{{hc|/etc/default/grub|<nowiki>
+
GRUB_CMDLINE_LINUX="cryptdevice=</nowiki>/dev/sd''X'':enc <nowiki>cryptkey=</nowiki>/dev/sd''Z'':0:512 <nowiki>crypto=sha512:twofish-xts-plain64:512:0:</nowiki>"}}
+
You may also wish to add:
+
{{hc|/etc/default/grub|<nowiki>
+
GRUB_CMDLINE_LINUX="... root=</nowiki>/dev/store/root"}}
+
Although it should not be necessary.
+
 
+
This can then be used to update {{ic|grub.cfg}}
+
# grub-mkconfig -o /boot/grub/grub.cfg
+
====Post-installation====
+
You may wish to remove the USB sticks after booting. Since the {{ic|/boot}} partition is not usually needed, the following option can be added to the boot options in /etc/fstab:
+
 
+
{{hc|/etc/fstab|
+
# /dev/sd''Yn''
+
<nowiki>UUID=************* /boot ext2 '''noauto''',rw,noatime 0 2</nowiki>}}
+
 
+
However, when an update to the kernel or bootloader is required, the {{ic|/boot}} partition must be present and mounted. As the entry in {{ic|fstab}} already exists, it can be mounted simply with:
+
 
+
# mount /boot
+

Revision as of 08:05, 26 December 2013