Plain dm-crypt without LUKS
This article focuses on system disk encryption using plain dm-crypt without LUKS.
dm-crypt is the standard device-mapper encryption functionality provided by the Linux kernel. It can be used directly by those who like to have full control over all aspects of partition and key management.
- 1 Plain dm-crypt vs LUKS format
- 2 Encrypting system partitions
- 2.1 Preparation
- 2.2 Setup encryption
- 2.3 Fill the mapped device
- 2.4 Install the system
- 2.5 Post-installation
Plain dm-crypt vs LUKS format
For most use cases, dm-crypt with LUKS is by far the better option for both system encryption and encrypted partitions. Below are some considerations for choosing one over the other.
- dm-crypt does not require a header on the encrypted disk. This means that an unpartitioned, encrypted disk will be indistinguishable from a disk filled with random data. This may be useful in a country that can force you to give up an encryption key where a reasonable suspicion of encrypted data exists.
- plain dm-crypt encrypted disks are more resilient to damage than LUKS encrypted disks, because of the one-to-one mapping of unencrypted data to encrypted data.
- dm-crypt does not allow multiple pass-phrases, nor does it allow changes to the pass-phase or key-file after initial set-up. LUKS allows for up to eight passphrases, and key-files and passphrases can be changed without having to re-encrypt the entire disk or partition.
- plain dm-crypt requires manual configuration of encryption options each time a device is opened, whereas LUKS stores those details in its header.
- LUKS uses pass-phrase salting and hash iteration, and as such can be more secure than plain dm-crypt. It is essential that a pass-phrase or key-file with very high entropy is used with dm-crypt.
See https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions for further details.
Encrypting system partitions
/boot partition is required, as it needs to remain unencrypted to be accessed by the bootloader. In the scenario that follows, it is assumed that no evidence of encryption is to be left on the main system drive, and so we install the
/boot partition and the bootloader to a separate USB stick, and the encryption key to yet another USB stick. Throughout the guide, the system disk will be shown as
/dev/sdX, the USB stick containing
/boot will be shown as
/dev/sdY, and the USB stick containing the encryption key will be shown as
/dev/sdZ, where X, Y and Z represent their respective device letters.
We must first make absolutely sure we are targeting the correct disk:
# fdisk -l
Load the kernel module
# modprobe dm-crypt
Cryptsetup is used to create the mapping between an encrypted disk and a named device. Its form in this case is:
# cryptsetup <options> --open --type plain <device> <name>
|--hash||The hash is used to create the key from the passphrase or keyfile||whirlpool, sha1, sha256, sha512, ripemd160||ripemd160|
|--cipher||The cipher consists of three parts: cipher-chainmode-IV generator. Please see Wikipedia:Disk encryption theory for an explanation of these settings, and DMCrypt for some of the options available.||aes-xts-plain64, twofish-cbc-essiv:sha256, serpent-cbc-plain||aes-cbc-essiv:sha256|
|--key-size||The key size (in bits). The size will depend on the cipher being used and also the chainmode in use. Xts mode will require twice the key size of cbc, which should be apparent from the output of
||128, 256, 512||256bits|
|--offset||The offset from the beginning of the target disk from which to start the mapping||0||Unknown, but it doesn't appear to be 0.|
|--key-file||The device or file to be used as a key. See Creating key files for further details.||/dev/sdZ, /boot/keyfile.enc||Uses passphrase instead.|
|--keyfile-offset||Offset from the beginning of the key file (in bytes) from which to read.||2049||0|
|--keyfile-size||Limits the bytes read from the key file. However, I've found that this is ignored when using plain dm-crypt. Instead, the size will depend on the key-size used.||512B||8192kB|
Dm-crypt does not need a partition table and the existence of one could provide a reasonable suspicion that the drive is encrypted. We therefore set up the encryption directly on the physical disk. If a partition table already exists on the target disk, it will be wiped when we later fill the disk.
Example with default options
Using default options with the device
/dev/sdX and using
enc for the mapped name, we have:
# cryptsetup --open --type plain /dev/sdX enc
You will then be prompted for a password twice, which should have very high entropy. See https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Security_Aspects for details.
Example with custom options
If custom options are required, you may wish to test which encryption system works best on your system:
# cryptsetup benchmark
Using the device
/dev/sdX, with the twofish-xts cipher with a 512 bit key size we have:
# cryptsetup --hash=sha512 --cipher=twofish-xts-plain64 --offset=0 --key-file=/dev/sdZ --key-size=512 --open --type=plain /dev/sdX enc
Unlike encrypting with LUKS, the above command must be executed in full whenever the mapping needs to be re-established, so it is important to remember the cipher, hash and key file details. We can now check that the mapping has been made:
# fdisk -l
An entry should now exist for
Fill the mapped device
In this case, with /dev/mapper/enc, we use:
# dd if=/dev/zero of=/dev/mapper/enc
# cat /dev/zero > /dev/mapper/enc
/dev/urandom is not required here, as anything written to the mapped device is passed through the encryption cipher before being written to disk.
When the process is finished, you may wish to check to see if any existing partition table has been wiped:
# fdisk -l
Install the system
Much of the following steps are identical to those in the Installation Guide. Where they differ is:
- the target installation device is the mapped device under
/dev/mapper/*instead of the physical device
/bootand the bootloader will be installed to a USB stick;
- the initramfs hook
encryptis added to
- the details of the encryption are added to the kernel options in the bootloader.
See Partitioning for further details.
You may use fdisk to create a standard partition table on the mapped device:
# fdisk /dev/mapper/enc
However, a more flexible approach is to use LVM:
# pvcreate /dev/mapper/enc # vgcreate store /dev/mapper/enc # lvcreate -L 20G store -n root # lvcreate -C y -L 10G store -n swap # lvcreate -l +100%FREE store -n home
See Lvm#Installing_Arch_Linux_on_LVM for further details.
For the remainder of this guide we will use the simple LVM volume set created above, which will have created the volumes
/dev/store/swap. The choice of volume group name and logical volume names are arbitrary.
Format the partitions
See File Systems#Format a device for further details.
In our example, we will simply use ext4 for root and home.
# mkfs.ext4 /dev/store/root # mkfs.ext4 /dev/store/home
And for the
/boot partition, we choose a non-journalling file system to preserve the flash memory:
# mkfs.ext2 /dev/sdY1
And lastly the swap partition, if required:
# mkswap /dev/store/swap # swapon /dev/store/swap
Mount the partitions
We are now in a position to mount the partitions and begin the standard Arch installation process.
# mount /dev/store/root /mnt # mkdir /mnt/home # mount /dev/store/home /mnt/home # mkdir /mnt/boot # mount /dev/sdY1 /mnt/boot
Install and configure the base system
Please follow Installation Guide#Install the base system until editing
mkinitcpio.conf is required, then add
encrypt to the
HOOKS array as follows:
HOOKS="base udev ... encrypt ... filesystems ..."
For this example we also require the lvm2 hook, which must be placed after the encrypt hook:
HOOKS="base udev ... encrypt lvm2 ... filesystems ..."
Then rebuild the initramfs as per usual:
# mkinitcpio -p linux
Install and configure the bootloader
See Installation Guide#Install and configure a bootloader and then return to this guide.
The kernel arguments for initialising a plain dm-crypt disk are as follows:
/dev/sdX is the physical disk containing the encrypted data, and
<mapped name> is the name once mapped to
cryptkey=/path/to/keyfile or cryptkey=<device>:<offset>:<size>
Which one used will depend on whether the key has been written as a file to a partition, or as a bit stream to unpartitioned space. See Creating key files for details.
Here, the arguments hash, cipher, keysize, offset and skip relate directly to the cryptsetup options --hash, --cipher, --key-size, --offset and --skip.
Example with defaults
For a disk encrypted with just default options, we can use the following kernel arguments:
crypto argument must still be specified, but each entry can be left blank. This will prompt for the pass-phrase on boot.
Example custom options
Assuming the key file is located on
/dev/sdZ and the options are as used in the previous example, we have:
cryptdevice=/dev/sdX:enc cryptkey=/dev/sdZ:0:512 crypto=sha512:twofish-xts-plain64:512:0:
If using grub, this is added to
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX:enc cryptkey=/dev/sdZ:0:512 crypto=sha512:twofish-xts-plain64:512:0:"
You may also wish to add:
Although it should not be necessary.
This can then be used to update
# grub-mkconfig -o /boot/grub/grub.cfg
The bootloader can then be installed on the same USB as the
# grub-install --recheck /dev/sdY
You may wish to remove the USB sticks after booting. Since the
/boot partition is not usually needed, the following option can be added to the boot options in
# /dev/sdYn UUID=************* /boot ext2 noauto,rw,noatime 0 2
However, when an update to the kernel or bootloader is required, the
/boot partition must be present and mounted. As the entry in
fstab already exists, it can be mounted simply with:
# mount /boot