COVER STORY DM-Crypt/ LUKS
Workshop: Encrypting hard disks with DM-Crypt and LUKS THE WHOLE DISK
Encrypting a home directory is easy. Encrypting your whole hard disk – including the root filesystem – takes a little more effort.
BY MICHAEL NERB
ncrypting individual filesystems means you’ll need to roll up your shirt is no big deal; in fact, some dis- sleeves for some hands-on configuration. Etributions allow you to encrypt In this workshop, we will start by in- directories as part of the installation rou- stalling a standard Linux system and tine. But encrypting the home directory then progress to encrypting the existing on your laptop is a job half done. Dis- filesystems one at a time. We will finish honest finders can still draw conclusions off by deleting the unprotected partition from log and configuration files. If you’re and using the space for other tasks, such serious about providing security through as swapping out the /home directory to encryption, you need to protect the an encrypted partition of its own. whole hard disk against spying – some- Our goal is to encrypt the entire hard thing that no distribution can do out of disk (with the exception of the partition the box. table in the Master Boot Record). Be- Things start to become more complex cause it isn’t possible to encrypt the boot if you need to protect the root filesystem. partition, we will move /boot to an exter- Neither Suse nor Debian Linux give nal medium – a USB stick, in this case. users a tool to help encrypt the root file- To boot from the stick, we will need to system during the install (or later). That modify the BIOS and GRUB bootloader settings. The USB stick then creates an additional layer of security by serving as a kind of “key” that the thief will need to possess in order to gain access to the laptop. If this approach seems impracti- cal for your purposes, you can keep the boot partition on your hard disk. How- ever, /boot must be on an unen- crypted partition of its own. In this article, we’ll use DM- Crypt [1] for our filesystem en- www.photocase.com cryption. DM-Crypt has been the tool of choice for encrypt- ing filesystems since kernel
32 ISSUE 72 NOVEMBER 2006 DM-Crypt/ LUKS COVER STORY
shown in column 2 of one partition and format the partition the table.) (mkfs.ext2 /dev/sda1). Then do: Set up the size and number of partitions to mount /dev/sda1 /mnt match your laptop’s hard cp -ax /boot/* /mnt disk and intended use – dual or multiple boot This copies the /boot directory to the configurations are possi- USB stick. If it does not already exist, ble. Do not create a user give the ln -s . boot command to create a at this phase of the in- symbolic link in the /mnt directory, to stallation; you can do so avoid a hitch with grub-install later on. later on the encrypted Now modify the GRUB bootloader system. configuration on the USB stick: /mnt/ After completing the grub/device.map states how GRUB maps installation, you should BIOS and Linux device names; you need Figure 1: Booting from a USB stick – every BIOS does its own have a working Linux an entry of (hd0) /dev/sda. thing. Our sample BIOS refers to removable drives and a system on /dev/hda4. If Change the entries for the BIOS device generic storage device. you have a kernel ver- names from (hd0,3) to (hd0,0) (this cor- sion older than 2.6.11 responds to /dev/sda1) in the /mnt/ 2.6.4. It uses the device mapper infra- (with Debian Sarge, for example), you grub/menu.lst configuration file: structure [2], and it encrypts block de- will need to update the kernel now. For vices transparently, relying on the ker- the following steps, you also need the title Suse Linux 9.3 (USB-Boot) nel’s Crypto API to do so. Linux Unified cryptsetup-luks configuration tool. kernel (hd0,0)/vmlinuz root=U Key Setup (LUKS) adds some enhance- The “Updates for Debian Sarge” box /dev/hda4 ments, which were discussed in a previ- describes how to update a Sarge system; initrd (hd0,0)/initrd ous issue of Linux Magazine [3]. The for Suse Linux, you just need to add LUKS design is implemented as the cryptsetup-luks. The LUKS homepage at Finally, run grub-install --root-direc- cryptsetup-luks [4] configuration tool. [4] has a prebuilt, statically linked ver- tory=/mnt /dev/sda to install GRUB on As an alternative to a fresh installa- sion that you can copy to /sbin/crypt- the Master Boot Record of your memory tion, you can modify an existing system, setup-luks. stick. If everything works, you can boot assuming you have enough free space on the laptop from the USB stick – to do so, the disk to create a new partition for the Booting from a USB-Stick set the BIOS boot order to boot the com- data you are encrypting. Linux typically detects USB sticks as puter from external boot media first. Don’t worry! After you finish encrypt- SCSI devices and addresses them as the ing, the disk patches and kernel updates SCSI hard disk /dev/sda (unless you Encrypting Partitions should not cause any problems, and have some other SCSI devices). Use fdisk For security reasons, either change to your backup and recovery tools should to create a partition table with at least single user mode, or close any unneces- work like they always did. Secure Data Erasure Preparation Whenever files are deleted by running uses /dev/urandom instead of /dev/zero. The equipment you need for this lab is a rm against the filenames, Linux simply Depending on how paranoid you are, suitable laptop, a USB stick with a ca- removes the inodes for the files from the you can do this between three and 35 pacity of about 64 Mbytes, and your fa- directory. The data stays on the disk and times [5] to be “fairly certain” that you vorite Linux distribution (kernel 2.6.11 can be reconstructed with a little effort. have removed the data. The shred and or newer) – we tested Suse Linux 9.3 / Reformatting with mkfs will not over- wipe [7] tools will help you do so. But 10.0 and Debian Sarge. Check the laptop write the partition. you should be aware that these tools as- BIOS to see if it supports booting from To permanently remove the data, you sume a few basic conditions that may not apply to RAID systems, journaling USB (Figure 1). Use a Live CD to ensure need to actively modify the magnetiza- filesystems (such as ReiserFS or Ext3), or that Linux supports your laptop; you tion of the sectors (in an appropriate way). The simplest way of doing this is certain hard disk drivers and firmware might like to take this opportunity to with a command such as dd if=/dev/zero components that buffer data and per- erase the laptop disk (see the “Secure of=/dev/hda. But just as a regular fall of form multiple write operations at a sin- data erasure” box). snow will not cover the outlines of the gle pass. For the initial install, divide the hard landscape, some residual magnetization To be absolutely safe, you would need to disk into four partitions, as shown in will remain after overwriting a file with destroy the hard disk and dispose of it column 1 of Table 1. This configuration null bytes. An attacker with the right kind somewhere where it will never be found. puts an unencrypted version of the of equipment might be able to recon- But you can save yourself all that trouble Linux system on /dev/hda4. (If you pre- struct the original data. by implementing the mechanisms de- fer not to boot from a USB stick, use the A more time consuming approach, but scribed in this article, and then just for- getting the passwords. alternative partitioning suggestion one that is ultimately far more secure,
WWW.LINUX - MAGAZINE.COM ISSUE 72 NOVEMBER 2006 33 COVER STORY DM-Crypt/ LUKS
Table 1: Partitioning knows the passphrases, the data stored on swap and /tmp is irretrievably lost, Boot from USB Stick Alternative: Boot from hard disk Content but this is intended. Swap contains – /dev/hda1 Boot partition /boot memory dumps and is reinitialized – /dev/hda2 Extended partition /dev/hda1 /dev/hda5 Encrypted swap partition whenever you boot your computer. /dev/hda2 /dev/hda6 Encrypted filesystem /tmp There are no benefits from keeping swap /dev/hda3 /dev/hda7 Encrypted root filesystem readable, and there are a number of se- /dev/hda4 /dev/hda8 Unencrypted root filesystem curity risks. Every distribution has its (to be deleted later) own approach to handling temporary files. As a rule, programs should not rely sary applications, stop all unnecessary with a filesystem, and mount the filesys- on data in /tmp surviving a reboot. services, and shutdown any user ses- tem. sions. Genuinely Temporary We will be using the Linux system we Warming Up It makes sense to recreate these filesys- just installed to encrypt the partitions on The swap partition and the /tmp direc- tems every time you boot. Debian makes the laptop step by step; the partitions in tory are useful candidates for our first this simple: just set the CRYPTDISKS_ question are /dev/hda1 through /dev/ experiments with cryptsetup-luks: these ENABLE=Yes parameter in /etc/defaults/ hda3. Partition /dev/hda4, which holds filesystems contain temporary data and cryptdisks (if it is not already set), and the root filesystem right now, will not be are no big loss if something goes awry. add the following to /etc/crypttab: needed later. You can recycle it and cre- Listing 1 shows the command se- ate a partition for the /home directory if quences for manually enabling and dis- #
34 ISSUE 72 NOVEMBER 2006 WWW.LINUX - MAGAZINE.COM DM-Crypt/ LUKS COVER STORY
The newly en- Now use chroot to work with the en- Application layer Mountpoint: crypted root file- crypted system. Start by setting up the /tmp system is now missing mountpoints, and mount the Filesystem layer Ext 2 mounted below memory stick as /boot.
decrypted Logical block device: /mnt, and it is still /dev/mapper/tmp empty. You will chroot /mnt
Kernel layer need to insert mkdir -p /boot /proc U Encryption layer DM-Crypt your bootable /sys /tmp /mnt encrypted Physical block device: memory stick for mount -t proc proc /proc /dev/hda2 the following mount -t sysfs sysfs /sys Hardware layer Hard disk steps. Copy the mount /dev/sda1 /boot complete installa- Figure 2: Multiple layered file access – LUKS encryption adds tion from the If you attempted to boot from the mem- another layer, which resides between the logical filesystem and the /dev/hda4 parti- ory stick with the root filesystem on hardware (hard disk access). tion to /mnt – this /dev/hda3, or /dev/mapper/dm-root, process encrypts would fail right now, as the init program does this for you (cryptfs), and which is and stores the data on /dev/hda3. Do not (which is part of initrd) would not be based on [8], is available from the Linux copy the /boot, /lost+found, /proc, /sys, able to handle the root filesystem in ei- Magazine website [9]. After download- /tmp, and /mnt directories. The copy ther case: partition /dev/hda3 would ing the script (to /etc/init.d/) create sym- command looks like this: seem to contain garbage, and the virtual bolic links in /etc/rcX.d to call the script device, /dev/mapper/dm-root, does not in the required runlevels. Finally, delete cd /; cp -ax bin dev etc U exist at this point. the line for the previous, unencrypted home lib media opt root U swap partition from /etc/fstab. sbin usr var /mnt/ The Whole Enchilada To let Linux boot from the encrypted Root Management The copy can take awhile, as two to root filesystem, we need to modify initrd Let’s reboot, just to make sure that Linux three Gbytes need to be run through the as follows: creates and enables the filesystems. If encryption layer. This leaves you with an The cryptsetup-luks program, and the everything works out, we can move on image of the root filesystem from /dev/ required kernel modules, must be refer- to our major task, encrypting the root hda4 on /dev/hda3. You can manually enced in initrd. filesystem. umount (umount /mnt; cryptsetup-luks init has to load the kernel modules, In contrast to /tmp and swap, the root luksClose dm-root), and remount (crypt- and mount the virtual block device, filesystem is permament: that is, it is not setup-luks luksOpen /dev/hda3 dm-root; /dev/mapper/dm-root, as the root file- recreated whenever you reboot. Root is mount /dev/mapper/dm-root /mnt) now. system. created once and mounted at boot time. We need some extended LUKS function- Listing 1: Creating Swap and /tmp ality (from cryptsetup-luks) at this point, 01 # swapoff -a 15 # cat /proc/swaps and the procedure is slightly different: 02 # cryptsetup-luks -s 256 -d / 16 # The following parameters create a dev/urandom create swap /dev/ 17 # cryptsetup-luks -s 256 -d / LUKS header on /dev/hda3; LUKS uses hda1 dev/urandom create tmp /dev/ the AES encryption algorithm with a key 03 # ls -l /dev/mapper/ hda2 length of 256 bits and sets a passphrase: 04 total 124 18 # mkfs.ext2 /dev/mapper/tmp 05 crw------1 root root 10, 19 mke2fs 1.36 (05-Feb-2005) cryptseup-luks -c U 63 Apr 3 2006 control aes-cbc-essiv:sha256 -y -s U 20 [...] 256 luksFormat /dev/hda3 06 brw-r----- 1 root root 253, 21 # mount /dev/mapper/tmp /tmp 0 Apr 2 23:53 swap 22 # ls -l /tmp/ 07 # mkswap /dev/mapper/swap Now create a virtual block device, /dev/ 23 total 17 mapper/dm-root, which will map to the / 08 Setting up swapspace version 24 drwx------2 root root 12288 1, size = 1019895 kB dev/hda3 partition. cryptsetup will Apr 2 23:55 lost+found prompt you for the passphrase you just 09 # swapon /dev/mapper/swap 25 # umount /tmp specified. Then go on to format the vir- 10 # cat /proc/swaps 26 # cryptsetup-luks remove tmp tual block device (Ext3 format in our ex- 11 Filename Type 27 # ls -l /dev/mapper/ ample) and mount the device: Size Used Priority 28 total 124 12 /dev/mapper/swap partition U cryptsetup-luks luksOpen 995988 0 -3 29 crw------1 root root 10, /dev/hda3 dm-root 63 Apr 3 2006 control 13 # swapoff /dev/mapper/swap mkfs.ext3 /dev/mapper/dm-root 14 # cryptsetup-luks remove swap mount /dev/mapper/dm-root /mnt
WWW.LINUX - MAGAZINE.COM ISSUE 72 NOVEMBER 2006 35 COVER STORY DM-Crypt/ LUKS
Depending on the integration status of More changes are required to the /boot/initrd command to create a new cryptsetup for your distribution, there are /sbin/mkinitrd program: you might like initial RAM disk on the memory stick. different approaches to doing this. to create a backup copy before you con- tinue. In the mkinitrd_kernel function, The Tension Mounts Debian Ramdisk look for the lines that copy /sbin/insmod Before rebooting, modify the /boot/grub/ Debian Sarge has some fairly useful sup- to the ramdisk; depending on your Suse menu.lst file on your memory stick. port here. Add the aes-i586 and sha256 version, they may look slightly different. Change the root kernel parameter in the modules to /etc/mkinitd/modules (each For Suse Linux 10.1 the lines look like: menu entry that launches the Linux sys- in a separate line); add the following line tem to point to the virtual block device, to the existing /etc/crypttab file: if ! cp_bin $initrd_insmod U /dev/mapper/dm-root. You also need to $tmp_mnt/sbin/insmod 2>U modify the initrd entry (/boot/initrd). dm-root /dev/hda3 none U /dev/null ; then A typical entry will look like this: luks,cipher=aes-cbc-essiv:sha256 error 5 "no static insmod" fi title Suse Linux 10.0 U In a similar way, change the root file- (USB-Boot, Encrypted Root) system in /etc/fstab to point to /dev/ Add the following two lines immediately kernel (hd0,0)/vmlinuz U mapper/dm-root: below this: root=/dev/mapper/dm-root initrd (hd0,0)/initrd /dev/mapper/dm-root / U cp_bin /sbin/cryptsetup-luks U ext3 defaults 0 1 $tmp_mnt/sbin/ 2>U Reboot the laptop. Make sure you have /dev/null \ || error 5 U set USB as the default boot device in the Then run yaird -o /boot/initrd to create a "no static cryptsetup-luks" BIOS boot order. cryptsetup-luks will working initrd on the memory stick. now prompt you for the passphrase for yaird (yet another initrd) replaces the In the udev_discover_root function, add the root filesystem, and assuming that standard mkinitrd tool, which can’t han- the following as the first command: you provide the correct password, boot dle encrypted root filesystems in the to the login screen. Calling mount re- Debian version. | echo "Setting up LUKS U moves any trace of doubt (Figure 3). If device $rootdev. U this does not work, try booting without Suse Ramdisk Provide pass phrase now." the memory stick: you still have the un- For Suse Linux, you'll need to add the | /sbin/cryptsetup-luks U encrypted Linux system on the hard required kernel modules dm-mod, luksOpen /dev/hda3 dm-root dm-crypt, aes-i586, sha256, and ext3, INFO using the INITRD_MODULES parameter Then you just need to change the entry [1] DM-Crypt: to the /etc/sysconfig/kernel file. (The for the root filesystem to /dev/mapper/ http:// www. saout. de/ misc/ dm-crypt module names must be separated by dm-root (for the ext3 filesystem) in /etc/ [2] Device Mapper Resource Page: blanks.) fstab. Finally, give the /sbin/mkinitrd -o http:// sources. redhat. com/ dm/ [3] “Secret Messages: Hard disk encryp- Security 101 tion with DDM-Crypt, LUKS, and Encrypting your laptop hard disk is just supervisor password in your laptop’s cryptsetup,” by Clemens Fruhwirth one layer in an all-encompassing secu- BIOS; only allow a USB stick as the and Markus Schuster, Linux Magazine 12/ 05, pg. 65. rity policy – and it is no replacement for a boot medium. [4] Linux Unified Key Setup (LUKS): security policy, as it only protects the • Use robust passwords, and change http:// luks. endorphin. org/ dm-crypt data while the computer is switched off. them at regular intervals. If you lose your laptop after entering the [5] Peter Gutmann, “Secure Deletion of • Do not work with root privileges if you correct pass phrases and with a user ses- Data from Magnetic and Solid-State can avoid doing so. sion running on the Linux system, an at- Memory”: http:// www. cs. auckland. ac. tacker would have the same access as to • Use a restrictive (personal) firewall nz/ ~pgut001/ pubs/ secure_del. html a completely unprotected machine. This configuration. [6] Suspend 2: http:// www. suspend2. net warning also applies to threats from the • Use at least one virus scanner with [7] Wipe – Secure File Deletion: Internet, assuming the laptop has an In- current virus signatures. http:// wipe. sourceforge. net ternet connection. Malware has unre- • Set up a password-protected screen- [8] Luksopen script on the DM-Crypt stricted access to your data once it gains saver, and let the screensaver enable Wiki: http:// www. saout. de/ tikiwiki/ access to the system. automatically. tiki-index. php?page=luksopen In other words, this workshop cannot [9] Shell script cryptfs: http:// www. give you absolute security; but following • Check your logfiles for suspicious en- linux-magazine. com/ Magazine/ these rules will keep your laptop as se- tries at regular intervals. Downloads/ 72/ DM-Crypt cure as possible: • Check for and install security patches [10] Clemens Fruhwirth: “New Methods • Store the laptop and memory stick and updates for any software you use. in Hard Disk Encryption,” separately. • Back up your data at regular intervals; http:// clemens. endorphin. org/ • Configure a power-on password and a keep the backups in a safe place. nmihde/ nmihde-A4-ds. pdf
36 ISSUE 72 NOVEMBER 2006 WWW.LINUX - MAGAZINE.COM DM-Crypt/ LUKS COVER STORY
users you need; be on the safe side, backup the memory their home direc- stick before you update the kernel, or tories are auto- add an entry to the previous, working matically en- system to your GRUB configuration. Ker- crypted on /dev/ nel 2.6.13 saw a few modifications to hda4. udev, and they may prevent the initrd One downside you created from performing as desired. to this is that en- yaird does not share this problem. To be crypted swap and really safe, create a live CD with LUKS suspend to disk support. You can use the CD to manually are mutually ex- mount and back up encrypted partions. Figure 3: After completing the operations, you should see three clusive – make Suse users need to be careful if YaST encrypted filesystems below /dev/ mapper and in the mount table. To sure to disable updates the mkinitrd package. Back up remove the remaining cleartext information from your disk, create an the latter for this the LUKS changes to the /sbin/mkinitrd encrypted /home on hda4. reason (if it ex- script and compare them with the new ists, remove the version after updating mkinitrd. disk, and you can start troubleshooting kernel parameter resume=/dev/hda1 from there. from /grub/menu.lst.) Suspend2 [6] is an Conclusions alternative that supports suspend to disk During this workshop, we have en- Fine Tuning with an encrypted swap partition; how- crypted the whole laptop hard disk If all of this works out, you no longer ever, this means patching and compling except for the Master Boot Record. need the unencrypted root filesystem on the vanilla kernel. You need the memory stick to boot. /dev/hda4. Delete the data on the parti- You will not need the memory stick This gives road warriors a high degree tion and use cryptsetup-luks to set up an- while the laptop is running, however, it of passive security. But you should still other encrypted filesystem called /dev/ is essential to plug in the stick for kernel be aware of common protective and mapper/dm-home. Format the partition, updates, as mkinitrd or yaird will want security measures (see the “Security and mount it as /home. Then create any to install the new initrd on the stick. To 101” box). ■
advertisement