# Encrypted Root File System, Swap, etc...

## chadders

First, Gentoo is great!  I am 13 (and a half) and have installed it 4 times so far.  It is hard at first but DON'T GIVE UP because it is worth it!  If I can make it work SO CAN YOU!

I figured out how to make a encrypted root file system.  It is pretty easy (and keeps your little brother from stealing your MP3 files).  So for my first newbie post I will share how I did it.

Stuff you need first

----------------------

1) A working system with a seperate /boot partition.  If Gentoo is not working right before you encrypt the root file system, it won't work very good afterwards either.

2) The loop-AES stuff... download from sourceforge.  Read the loop-AES README so that if something don't work you don't feel like a clueless idiot later.

3) The source tarball for util-linux-2.11y (or whatever).  Get from the standard kernel sites... ftp.kernel.org/pub/utils/util-linux.

4) The Knoppix (or Knoppix lite) CD from http://www.knoppix.net .  Burn it to a CD and make sure you can boot from it.  Knoppix is great rescue system and I use it it alot to fix stuff when I mess up bad.  Knoppix comes with loop-AES already on it so you don't need to make your own rescue system.  This is important later because to encrypt a root file system you can't be running on it at the same time.

How to do it steps

--------------------

1) Recompile your kernel.  You HAVE to use CONFIG_MODULES=y, CONFIG_BLK_DEV_LOOP=n (y or m WONT WORK),  CONFIG_BLK_DEV_RAM=y, CONFIG_BLK_DEV_RAM_SIZE=4096, CONFIG_BLK_DEV_INITRD=y, CONFIG_MINIX_FS=Y (this is because the ramdisk is minix), CONFIG_PROC_FS=y plus whateve FILESYSTEM YOUR ROOT IS HAS TO BE Y (modules wont work because the kernel can't get modules from the root file system until it knows how to read it and decrypt it when it is booting, other stuff can be modules if you want).  Make sure that your new kernel works before going further.

2) cd to /usr/src and untar the loop-AES tar file.  Type make.  This makes a new loop device driver that knows how to encrypt and uncrypt stuff.

3) Put the util-linux-2.11y (or whatever) tar file in the loop-AES directory then untar it.  cd to util-linux-2.11y.  MAKE SURE YOU HAVE YOUR BOOT PARTITION MOUNTED AT /boot .  Then type all of this stuff: 

    patch -p1 <../util-linux-2.11y.diff

    export CFLAGS=-O2

    export LDFLAGS='-static -s'

    ./configure

    make SUBDIRS="lib mount"

    cd mount

    install -m 4755 -o root mount umount /bin

    install -m 755 losetup swapon /sbin

    rm -f /sbin/swapoff && ( cd /sbin && ln -s swapon swapoff )

    rm -f  /usr/share/man/man8/{mount,umount,losetup,swapon,swapoff}.8.gz

    install -m 644 mount.8 umount.8 losetup.8 /usr/share/man/man8

    install -m 644 swapon.8 swapoff.8 /usr/share/man/man8

    rm -f /usr/share/man/man5/fstab.5.gz

    install -m 644 fstab.5 /usr/share/man/man5

    cp -p /lib/modules/`uname -r`/block/loop.o /boot/loop-`uname -r`.o

4) In the loop-AES directory edit build-initrd.sh.  Change BOOTDEV, BOOTTYPE, CRYPTROOT, ROOTYPE and CIPHERTYPE to what you want.  Then type sh build-initrd.sh .  This makes a ramdisk so that the kernel knows how to get the pass phrase when you boot later.

5) Boot the knoppix CD.  Type knoppix 2 so you get a root shell and not everything else because it makes it slow.  Type this stuff:

    losetup -e AES256 -T /dev/loop0 /dev/hda2 (or whatever is your root partition)

    give the secret pass phrase that you want (DONT FORGET WHAT IT IS!)

    dd if=/dev/hda2 of=/dev/loop0 bs=64k conv=notrunc  (this will take a while if the partition is real big SO DONT WORRY)

6) Type mkdir /mnt/gentoo then mkdir /mnt/gentoo/boot then mount /dev/hda2 /mnt/gentoo then /mount /dev/hda1 /mnt/gentoo/boot (or whatever your partitions are).  Then chroot /mnt/gentoo /bin/bash.  Then edit fstab to make your root say /dev/loop5 instead of /dev/hdawhatever. 

7) cd to /boot/grub and edit grub.conf to add a entry like this:

    title=Encrypted Root

    root (hd0,0)

    kernel /bzImage ro root=/dev/ram1

    initrd /initrd.gz

Reboot (TAKE OUT THE KNOPPIX CD) and tell grub you want the Encrypted Root and it will start booting then ask you for your secret pass phrase and EVERYTHING WORKS GREAT!

If it doesnt work it means that you did something wrong so then boot the knoppix cd again and do the losetup (FROM #6 LOOK UP A FEW LINES) again (DONT DO THE DD AGAIN NO MATTER WHAT) and mount it and then read the loop-AES README to find out what got messed up.

It is easy to encrypt swap and other partitions to.  Read the loop-AES README!

Hope you like it!!!

ChadLast edited by chadders on Sat Jul 05, 2003 4:47 pm; edited 1 time in total

----------

## EvvL

Great post. 

Only got one question. Whats the overhead for running a encrypted file system?

----------

## chadders

I havent figured out how to tell that exactly.

I think it is pretty fast because I did a emerge -u world with the stage3 and all of GRP packages and it took about a whole day BEFORE encrypted root.  Then i messed up bad and had to load everything again and this time I did a emerge -u world AFTER encrypted root and it still took a whole day but not two days.  I think its a little bit slower but not a lot slower.   I dont know exactly when it gets done because sometimes it gets done when im sleeping or at school.  

I didn't keep good track because I was kinda mad at myself for messing it up.

When i browse and xchat and stuff like that it is about the same I can't tell the difference. 

Chad

----------

## klasikahl

what fs are you currently using?

it's not just the performance of a decrypted root fs vs. an encrypted root fs that intrigues me, but rather what fs performs the best when it's encrypted.

----------

## chadders

I used XFS for encrypted root.  I tried REISERFS and EXT3 before.  I think I like XFS best but it probably doesn't make very much difference because I can't tell if one is faster or not.  I don't know very much about filesystem stuff yet but I am working on that.  If you know that one is better please tell me so that I can try it out.

Chad

----------

## klasikahl

if you are up to the benchmarking, i would like to see

jfs vs xfs vs reiser (vs ext3) < -- ext3 = not too important

the most accurate way to benchmark them is to crank out bzImages, compile after compile.... write a simple bash script to do it like 10 times 

```
 time for i in 1 2 3 4 5 6 7 8 9 10; do make clean && make bzImage; done 
```

and just run that on all the subject FSes.  the time output should give you the accumulative time (unless i placed it wrong, i am running on 2hrs of sleep and it's 1am).  LMK how it goes

i would help you test, but my server is down and i have to use my desktop to do emergency webserving and cant afford that much downtime...

good luck, keep us updated  :Smile: 

[edit] just tested that bash line and it works fine with timings and all, just make sure you are in your kernel dir when you run it  :Wink:  [/edit]

----------

## Loke^

Great post  :Smile: 

A question; Are you really 13 years old?  :Razz: 

Not very often you see a 13 year old kid who han think by himself  :Smile: 

(Not literally speaking..)

----------

## chadders

That is hard because I have a crappy computer and its kinda old and not very fast and not a very big disk drive with no space for another partition on it.  Changing the encrypted root partition from one kind of filesystem to another kind takes me 2 days each time because I have to reinstall gentoo.  

We have another computer thats real fast but its my dads and he wont let me use it anymore because he says im to dangerous.  :Rolling Eyes: 

Chad

----------

## klasikahl

just woke up and leaving for class in like 5 minutes, so i must make this brief.

i understand your problem and would be willing  to head up an effort to benchmark the different FS's while encrypted; however i cannot do it alone... (to anyone reading this) if you would like to help in the testing of the filesystems (note, you dont have to convert your root FS to test it in this fasion, but it would be more accurate that way), please contact me by using the phpbb (these forums) contact methods

klasikahl -- zack

----------

## EvvL

I'd be willing to help benchmark the speed difference. I got a spare Dual PIII 1GHz with 512 Ram at home thats not doing anything and some time to kill  :Smile: . I can start some unencrypted benchmarks tonight and maybe some of the encrypted.

----------

## snowmoon

A simple compile of the kernel is not a good test of FS performance.  Since with enough memory most of the files would be cached in buffers.  Their are plenty of real fs benchmarking utils out there that would be more appropriate.

I can think of much more interesting reason to encrypt you r entire filesystem than keeping mp3's away from your family members.  My fileserver would already be encrypted, but a p200 is not exactly well suited for the job.

----------

## klasikahl

agreed, however, it would seem as though among mailing lists, cranking out bzImages is the standard... i do think bonnie may be more suited for this job, however.

----------

## arkane

I've always wanted to do this, but I've never gotten around to it. (or I guess I've never had a gun put to my head and told "make an encrypted filesystem setup in 5 minutes")  Now, I'm running LVM.. expandable, shrinkable, etc.  This is great for static partitions, but what would really be spack-dang-tacular if something like this was built into the IO of the kernel somehow to be independent of loopback.

My manager about 3-4 years back did this, and it was awesome though. (with slackware I believe it was)  He ran it on a Pentium 400 or so, and it ran just like normal.

----------

## klasikahl

OT: where in AZ are you from?

on topic: i use evms (atop lvm), so i dont know if that will contribute to the quickness or slowness of the system, although i ****highly**** doubt it will slow it down due to the fact that evms is kernel lowlevel (iirc)

side note: evms has everything else, now they need to implement an "encrypt" function

/me hounds IBM  :Wink: 

also: if a moderator comes accross this, you can feel free to split the discussion of benchmarking, etc. to a new topic as it feels as though we are deviating a wee bit too much to me.

----------

## contigab

I actually used another way to do that.

I used crypoapi-0.1.0 compiled with the following syntax:

make modules KDIR=/usr/src/linux

make modules_install

and cryptoloop-0.0.1-pre1 compiled like that:

make modules KDIR=/usr/src/linux CDIR=/root/crypoapi-0.1.0

make modules_install

In this way I didn't even need to patch and recompile my kernel. 

Then I added to my modules.autoload the needed modules:

cryptoloop

cryptoapi

cipher-twofish (you can choose as many ciphers you want)

then I have built a couple of perl scripts...

The first one acts like a server and runs on a server machine.

The second one queries the server from the client and mounts a crypto filesystem on demand of the user (it can be added to ~/.bashrc to do that automatically at login) getting the needed password from the server (I prefer not to store the password in the local filesystem for security problems).

All the communication between server and client is crypted with perl modules Crypt::Blowfish and Crypt::CBC.

I can publish the scripts on demand. But what do you think of my solution?

----------

## sethrab

This kid has pulled off something that few fully appreciate, including himself in all likelihood.  He has encrypted his root filesystem and by inference ALL of his other partitions (except a small Boot) as well.  

That means that there is no information whatsoever available to attackers who may gain physical access to the machine.  No logs, no software configuration information (registry/gconf and so forth), no deleted files, no hidden application files, no browser cookies, no residual trash on swap, nothing.  

Perhaps someone could gain his pass phrases by attaching a hardware keystroke logger... and even then there are options, such as a GnuPG keyring on a diskette.  I would hate to be the corporate spy (or law enforcement official) trying to extract useful information from such machine.

This configuration is perfect for laptop computers that might "walk away".  Even windows users can benefit... Imagine a copy of Windows XP under VMware with the XP virtual disks themselves hosted beneath an encrypted filesystem.  It would be impossible to determine that XP even existed on the box.

----------

## klasikahl

contigab: your soution sounds like a good one, but what did you do after emerging the package?  the same post-kernel setup as chadders posted?

----------

## kachaffeous

What are the benifits of this?   Just wondering don't know much about encryption.

----------

## klasikahl

should your computer be seized by the government, the harddrives are useless to them (unless they can crack a theoretically uncrackable password), noone can access your files unless you want them to, and general security.

----------

## Vancouverite

Has anyone else got this working? I don't have an expendable root partition to risk losing everything from.

BTW:  How does compiling a kernel benchmark a file system, in any way?

----------

## sethrab

I have it working also.  Chadder's instructions are adequate, especially when backed up by the loop-AES README material.

My experience with performance is very encouraging.  The performance hit is much MUCH less than I anticipated across all filesystems.  This is probably a result of how well the fs buffers data thus avoiding disk access (an corresponding encryption overhead).  

IMHO, multiple passes compiling the kernel is not a very helpful benchmark.   However, it does illustrate how trivially small the performance impact is on machines that are not memory constrained.

One caveat to the install, be sure *not* to have the filesystem mounted at the time the dd if=/dev/hda? of=/dev/loop? initially encrypts the partition.  The unmount which will inevitably follow writes a few blocks of meta data (in the clear) which will damage the partition and may leave it unrecoverable. 

An earlier post (contigab) made the comment that similar results can be achieved using modules taken from the cryptoloop package.  If the similar result is an encrypted "root" filesystem then additional work is needed.  The kernel will not have access to the root file system to retrieve the encryption module untilt he encryption module is retrieved... a chicken and egg problem.  This is the reason that an intermediate root (initrd=/dev/ram) is required to boot.  Contigab handles encrypted home, etc, very well and is useful, but does not appear to handle the encrypted root case. The original loop-AES post that started this thread does address this. 

An interesting article recently appeared on the BBC that illustrates another case why one would want to do this: http://news.bbc.co.uk/1/hi/technology/2676461.stm .  Due prudence?

----------

## splooge

Ack!

I was doing the dd if/of part when something crashed =(  System hard-locked.  I think it's related to my SCSI card, though it's possible it could be related to ram but ... my kernel compiles have been going just fine, no weird errors...no odd panics or anything ... ever.

Well, I'm gonna try again.  I'm always looking for a reason to reinstall anyways.  =)  Hey, I get to try the new live cd out now!

----------

## hairyfeet

 *chadders wrote:*   

> That is hard because I have a crappy computer and its kinda old and not very fast

 

How crappy is that? Because I'm considering using a C3 800 as file and webserver and was wondering how well it would perform if I encrypted the root file system?

----------

## turbobri

Well I followed chadders instructions and it all seemed to work as described.  That is until I tried to do the final reboot into my newly encrypted root.  It never asked me for a password on boot and the system quickly halted with a kernel panic.

I rebooted with Knoppix and was able to losetup and mount the encrypted partition, and everything seems to be in tact.  All the necessary files are in the /boot partition, and my grub.conf looks ok.  The only thing that was different was that I was using an older version of Knoppix and losetup did not recognize the -T option, so I omitted it.  Any suggestions?

Also if I wanted to UN-encrypt this partition, would the following work:

1) Boot Knoppix

2) losetup -e AES256 /dev/loop0 /dev/hda5

3) dd if=/dev/loop0 of=/dev/hda5 bs=64k conv=notrunc

help!

----------

## chadders

It sounds like it couldn't find the initrd.gz ram disk (because it didn't ask for the pass phrase).  Look in build-initrd.gz in the loop-AES directory and follow the instructions EXACTLY.  Especially the part about what to put in LILO or GRUB.

I don't think the -T on the losetup would mess it up it just means prompt for the passphrase two times.

This is what my grub.conf looks like:

default 0

timeout 15

splashimage=(hd0,0)/boot/grub/splash.xpm.gz

title=Gentoo Linux (Secure)

        root (hd0,0)

        kernel /bzImage ro root=/dev/ram1

        initrd /initrd.gz

Also make sure that you got the right partitions in there, this is what I use:

# normal /boot partition

BOOTDEV=/dev/hda1

# /boot partition type

BOOTTYPE=ext2

# encrypted root partition

CRYPTROOT=/dev/hda3

# root partition type

ROOTTYPE=xfs

# encryption type (AES128 / AES192 / AES256) of root partition

CIPHERTYPE=AES256

Make sure that you copy the loop-`uname-r`.o to your /boot.

I think you can UNencrypt your root ok like you said but I never tried that before.

Chad

P.S. Make SURE you got your /boot mounted before you run build-initrd.sh

----------

## turbobri

I think the problem might be my kernel.  I set all the CONFIG options correctly, but I didn't do a "make clean" before recompiling.  I will try recompiling and see if that makes a difference.

----------

## turbobri

Recompile had no effect.  Just for reference, how far along into the boot process should it ask for the password?

I also went to the grub command line and typed each command in to see if grub was finding the kernel and initrd.gz, seemed to be fine.  I also saw no error messages during boot up until the kernel panic when it tries to find my root partition.

I am using ReiserFS for boot and root partitions, but I don't think that should matter.

I guess I am stuck at this point with an unusable system.  I will try to unencrypt it and start the process over.  At least then we will know how to unencrypt your root partition if the need ever arises.

----------

## turbobri

Update: unencryption worked perfectly.

Just to recap how to unencrypt the root partition:

1) Boot Knoppix

2) losetup -e AES256 /dev/loop0 /dev/hda5  (or whatever your root is)

3) dd if=/dev/loop0 of=/dev/hda5 bs=64k conv=notrunc

You can do some extra steps in between if you want to double check:

2.5) mount /dev/loop0 /mnt/bla

2.6) ls /mnt/bla (you should see all your stuff)

2.7) umount /mnt/bla

I'll start the whole process over again and see if I can figure out where it went wrong.

----------

## chadders

Here is part of my DMESG:

PCI: Found IRQ 9 for device 00:1f.4

PCI: Setting latency timer of device 00:1f.4 to 64

uhci.c: USB UHCI at I/O 0xd400, IRQ 9

usb.c: new USB bus registered, assigned bus number 2

hub.c: USB hub found

hub.c: 2 ports detected

NET4: Linux TCP/IP 1.0 for NET4.0

IP Protocols: ICMP, UDP, TCP, IGMP

IP: routing cache hash table of 4096 buckets, 32Kbytes

TCP: Hash tables configured (established 32768 bind 65536)

NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.

ds: no socket drivers loaded!

RAMDISK: Compressed image found at block 0

Freeing initrd memory: 1k freed

VFS: Mounted root (minix filesystem).

loop: loaded (max 8 devices)

IT ASKS FOR PASSPHRASE RIGHT HERE

read_super_block: can't find a reiserfs filesystem on (dev 07:05, block 64, size

 1024)

read_super_block: can't find a reiserfs filesystem on (dev 07:05, block 8, size

1024)

XFS mounting filesystem loop(7,5)

VFS: Mounted root (xfs filesystem) readonly.

Trying to move old root to /initrd ... okay

Freeing unused kernel memory: 80k freed

SCSI subsystem driver Revision: 1.00

scsi0 : SCSI host adapter emulation for IDE ATAPI devices

  Vendor: MITSUMI   Model: CR-48X9TE         Rev: 5.0D

  Type:   CD-ROM                             ANSI SCSI revision: 02

Attached scsi CD-ROM sr0 at scsi0, channel 0, id 0, lun 0

sr0: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray

Uniform CD-ROM driver Revision: 3.12

If you know everything else is right then maybe it is the the old losetup that you are using.  Knoppix is 3.1 works good.  

LOSETUP makes a key from the pass phrase.  I think old ones are different.  The losetup that ram disk uses is the one that you made when you made util-linux as part of loop-AES.  Can you use that one instead? It should work because its static.

I can't get on anymore until after school (im at home sneaking on at lunch) so I can't answer anymore for awhile.

Chad

----------

## turbobri

I am not seeing the RAMDISK: line during boot.  It seems like it is not using the initrd.gz file at all.

----------

## BlackBart

a couple of comments: 

you forgot to gzip the manuals

also you don't technicaly need to install the tools, just copy the static losetup to the boot partition after you make the initrd.

Also you can install gentoo from scratch onto an encrypted partition by booting from the knoptix cd. I can write out directions if anyone wants. 

Performance wise, compiling a bzImage was about 1.5% slower on an encrypted file system than unencrypted. Note that the partitions were on different parts of the disk and I had more stuff installed on the unencrypted fs so it probably had greater fragmentation.

Another thing, does anybody know how to compile a static version of loadkeys that I can put in my boot partition so  that it will load my keymap before the password prompt.

And yet another thing, in the loop-AES readme FAQ they mention setting a random seed for the encryption, you mention nothing of this in you howto, would it be more secure to use a random seed, how would I do this, do I need to reinstall?

-edit-

Also if you do this you should build usb in as a module so it dosn't bug you while your typing in your password

----------

## Leoric

I would really like the guide  :Smile: 

----------

## BlackBart

 *Leoric wrote:*   

> I would really like the guide 

 

Ok boot into knoppix w/o the graphical

run losetup -e AES256 -T /dev/loop0 /dev/hda2 (or whatever is your root partition) 

then do mke2fs /dev/loop0 (or whatever file system you want)

then mkdir /mnt/gentoo

and then mount /dev/loop0 /mnt/gentoo

and mkdir /mnt/gentoo/boot

and mount /dev/hda1 /mnt/gentoo/boot

then cd into /mnt/gentoo

and then extract whatever stage you want and procede from there following the instruction guide.

when you get to the kernel:

 *Quote:*   

>  You HAVE to use CONFIG_MODULES=y, CONFIG_BLK_DEV_LOOP=n (y or m WONT WORK), CONFIG_BLK_DEV_RAM=y, CONFIG_BLK_DEV_RAM_SIZE=4096, CONFIG_BLK_DEV_INITRD=y, CONFIG_MINIX_FS=Y (this is because the ramdisk is minix), CONFIG_PROC_FS=y plus whateve FILESYSTEM YOUR ROOT IS HAS TO BE Y (modules wont work because the kernel can't get modules from the root file system until it knows how to read it and decrypt it when it is booting, other stuff can be modules if you want). Make sure that your new kernel works before going further. 

 

and then 

do this 

 *Quote:*   

> 
> 
> patch -p1 <../util-linux-2.11y.diff 
> 
> export CFLAGS=-O2 
> ...

 

but instead of the normal last step:

cp -p /lib/modules/`uname -r`/block/loop.o /boot/loop-NAMEOFTHEKERNELYOUWILLBEUSING.o 

and then do these steps

In the loop-AES directory edit build-initrd.sh. Change BOOTDEV, BOOTTYPE, CRYPTROOT, ROOTYPE and CIPHERTYPE to what you want. Then type sh build-initrd.sh . This makes a ramdisk so that the kernel knows how to get the pass phrase when you boot later. 

 edit fstab to make your root say /dev/loop5 instead of /dev/hdawhatever. 

cd to /boot/grub and edit grub.conf to add a entry like this: 

title=Encrypted Root 

root (hd0,0) 

kernel /bzImage ro root=/dev/ram1 

initrd /initrd.gz 

then reboot, if it dosn't work you can boot from the knopix cd again, do losetup and mount your / partinion and fix it.

----------

## turbobri

Ok I tried installing a fresh Gentoo as BlackBart described and it worked perfectly, aside from a couple minor errors.

He forgot the compiling of the patched loop module, after compiling the kernel:

```

cd /usr/src/loop-AES-v1.7b

make LINUX_SOURCE=/usr/src/linux-2.4.19-gentoo-r10 (or whatever vers. you have)

```

Also note that this latest loop-AES source is looking for util-linux-2.11z so make sure you get the right versions, then proceed as instructed.

Then when copying the module to /boot, `uname -r` will give you the currently running kernel from Knoppix which is not the same one you compiled the module for, so:

```

cp -p /lib/modules/2.4.19-gentoo-r10/block/loop.o /boot/loop-2.4.19-gentoo-r10.o

```

The loop-AES README does mention stuff about creating a random seed, but it works fine without it.  I think the seed is supposed to make it that much harder to brute force an attack, but since the seed would be easily available from the unencrypted boot partition, I don't really see the point. Although I am not an encryption guru so I may be misunderstanding.

Now I just have to figure out why my first attempt at converting an existing system didn't work.  I think I am having some problems with GRUB and the initrd.gz file.

Also has anyone gotten the swap encryption working?  The instructions in the README make it seem simple, but how can one verify if its working?

----------

## chadders

I use encrypted swap too.  I did this to test it:

1) swapoff -a

2) changed fstab swap like it says in loop-AES readme

3) losetup -e AES256 /dev/loop0 /dev/hda(swap)

    (typed bunch of random keys for passphrase)

4) dd if=/dev/hda(swap) of=/dev/loop0  bs=64k conv=notrunc

    (this makes it initialized with random junk)

5) losetup -d /dev/loop0

6) swapon -a

7) od -xa /dev/hda(swap) | less

    (if still looks like random junk after bunch of zeros at first of partition then i think its working ok. I don't know why there is a bunch of zeros at beginning)

Chad

----------

## sam974

And what about crashes while running encrypted root filesystem? I suppose people out there are usually setting up encrypted FS on laptops. So, a crash example may be : running out of battery.

Did you experience some corrupted FS? And more important, did you recover your data without any problem?

Thx for the post!

----------

## kasper

 *sam974 wrote:*   

> And what about crashes while running encrypted root filesystem? I suppose people out there are usually setting up encrypted FS on laptops. So, a crash example may be : running out of battery.
> 
> Did you experience some corrupted FS? And more important, did you recover your data without any problem?

 I'm thinking installing this on my laptop but i'd like to know too if someone has tried to turn it of violently, make it krash, say, press Ctrl.Alt.PrtScr.B for exemple  :Smile:  and experienced success reboot w/o problems or not.

BTW, thanx all for thoses posts, really interesting  :Exclamation: 

----------

## chadders

I have turned off my computer a few times without shutting it down with an encrypted root.  One time was with a kernel compiling.  It rebooted ok.  Root was a XFS file system.  I don't know if it would always reboot ok.

Chad

----------

## bryon

I was wonderign waht would happen if  turned my computer into a encytripted one, and say I wanted to send a file to a friend so that he could read it.  Woudl all my friends be screwed and not be able to read files that i wanted them to?

----------

## 6169

 *bryon wrote:*   

> I was wonderign waht would happen if  turned my computer into a encytripted one, and say I wanted to send a file to a friend so that he could read it.  Woudl all my friends be screwed and not be able to read files that i wanted them to?

 

No, the data in your filesystems would be encrypted, but is transparently decrypted as Linux or any of your applications access it, and encrypted again when it is written to disk.  Hence your programs think they are dealing with unencrypted files, because they are, and your files would work fine on other computers.

----------

## chadders

Main reason I encrypt root is to keep ANYONE (mostly my brother) from booting my computer.  If you dont encrypt root then peeps can use knoppix or other things to change root password and to steal your files. EVEN IF THEY PUT YOUR DISK IN ANOTHER COMPUTER like at a computer shop they cant get anything!

With encrypted root NOONE can take stuff or add stuff on your computer unless they find a way to break in when it is already running and if you have a good firewall and don't run anything that you dont need and keep up to date on portage/emerge then that probably wont happen.

It works good. Its hardly any slower (i thought it would be lots slower but its not) and it doesnt break even when computer crashes because of no power. 

Chad   :Very Happy: 

----------

## bryon

I trited booting from the Knoppix cd but once it trited to boot into K it got a error, and stopped booting.  But I have trited using cool linux beofre and it worked fine.  Could I just use cool linux insed since it works?  I am not relly sure if it has loop-AES.

 *Quote:*   

> 
> 
> 4) The Knoppix (or Knoppix lite) CD from http://www.knoppix.net . Burn it to a CD and make sure you can boot from it. Knoppix is great rescue system and I use it it alot to fix stuff when I mess up bad. Knoppix comes with loop-AES already on it so you don't need to make your own rescue system. 

 

----------

## thehyperintelligentslug

Just a drop-in...

This link may be worth a look. It's a loop-AES ebuild (by Ravage).

----------

## sparks

I followed chadders instructions, well written by the way, and everything is great.  As far as the performance goes I can see a small hit when playing videos, but that's about it.  I rip DVD's to my hard drive so I can watch them when I travel without the disk.  I was watching Office Space the other day and it got choppy in one or two places, but it was not unbearable.  So, from my experience the file system takes a minimal performance hit that is only noticable when performing a function that requires heavy disk access.

(I'm using XFS by the way)  :Very Happy: 

----------

## chadders

Thanks   :Very Happy: 

----------

## slickwheel

I cant boot knoppix on my laptop because it uses a pcmcia cdrom drive.  Does anyone know of a distro cd that includes the losetup with encryption that works well with laptops?  Any help is greatly appeciated, I really want to encrypt my root partition.

----------

## m00re

I've too problems getting the system to boot after the encryption.

I've set up everything as said and finally encrypted the partition (i can also mount it under knoppix) but when I reboot to my gentoo, it always says it can't mount the root-partition on 01:01.

The error looks like this: (sorry, the message is not copypasted, so the last line is not exactly the same as on my system, but the content is still the same *hmm, bad english*)

```

NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. 

ds: no socket drivers loaded! 

RAMDISK: Compressed image found at block 0 

Freeing initrd memory: 1k freed 

VFS: failed to mount root partition on 01:01

```

And here are my configs:

build-initrd.sh

```

# normal /boot partition 

BOOTDEV=/dev/hda1 

# /boot partition type 

BOOTTYPE=ext3 

# encrypted root partition 

CRYPTROOT=/dev/hda6 

# root partition type 

ROOTTYPE=ext3

# encryption type (AES128 / AES192 / AES256) of root partition 

CIPHERTYPE=AES256 

```

grub.conf

```

title=Gentoo Linux 1.4 Release Candidate 3

root (hd0,0) 

kernel /gentoo-2.4.20 ro acpi=off root=/dev/ram1 

initrd /initrd.gz 

```

In fstab.conf, I only changed /dev/hda6 to /dev/loop5.

Maybe, someone can help.

Greets Jens

----------

## easykill

 *m00re wrote:*   

> I've too problems getting the system to boot after the encryption.
> 
> I've set up everything as said and finally encrypted the partition (i can also mount it under knoppix) but when I reboot to my gentoo, it always says it can't mount the root-partition on 01:01.
> 
> The error looks like this: (sorry, the message is not copypasted, so the last line is not exactly the same as on my system, but the content is still the same *hmm, bad english*)
> ...

 

I had a similar problem, mainly it wouldn't find any sort of loop device...that wasn't getting loaded.  It would complain about unable to mount /dev/hdb1 on /lib (/dev/hdb1 is /boot for me...?) and I gave up before i hosed my system.

I ended up unencrypting, and re-encrypting with the instructions in the loop-AES README file (that way you get the seed, as well) and I also recompiled my kernel to take out Mount devfs at boot (as I suspect that may not have been helping) before I re-encrypted, so I suggest trying those approaches.  I would unencrypt, redo your kernel if you have devfs mounting at boot, and then either encrypt with these instructions or with the instructions in the loop-AES readme.

So, I did eventually get it working...now to encrypt my other partitions.

I hope that made sense, I'm tired and on percoset right now.

----------

## easykill

I hate replying to myself, but here goes....

I'm on percoset right now (as i mentioned before) and i am having issues figuring out how to encrypt my other partitions and have them mount without asking me for a password for EVERY partition that I want to have encrypted (ideally all)

layout is as follows:

hda: windows stuff, ignore it

hdb1: /boot (DO NOT ENCRYPT THIS!)

hdb2: swap (already done, trivial)

hdb5: /home (I want to encrypt this)

hdb6: /usr/local (encrypt this as well)

hdb7: /  (already encrypted)

I am at a loss right now cause I can't think straight, anybody got a solution for me?  I havne't found anything in the loop-AES readme that is really helping much...I've thought of 

losetup -e AES256 -T -S `cat /boot/seed.txt` /dev/loop1 /dev/hdb5  

and then dding the drive to the loop, and setting something or other up, but I'd like to encrypt those drives (preferably without data loss, although I can back it all up rather easily, I just would rather not) and I don't want to have to enter a password for each partition. I want them to "trust" the root decryption password I give on boot.  One 20 character password is plenty on startup, thank you, heh

but then it wants a password, and I don't want to have to type my password in 3 times on boot.

----------

## Woody2143

First I wanted to say that I found this thread to be an excellent help when encrypting my root fs. Thanks guys. 

A couple of points I wanted to post in the thread for anyone else who may run in to the same problems I had. 

1) Make sure to read the README and the comments in build-initrd.sh, pay attention to the parts about using devFS (if you use devFS of course). I scratched my head for a couple days until I learned to read. For those wanting to skip to the good stuff.

Set these options in build-initrd.sh

```
USEDEVFS=1
```

and

```
USEPIVOT=1
```

Then just make sure to update your grub.conf accordingly

```
title=Encrypted

root (hd0,0)

kernel /boot/bzImage-crypt root=/dev/ram0 init=/linuxrc

initrd /boot/initrd.gz
```

Note: init=/linuxrc, not init=/boot/linuxrc. 

All of the above alone will end your "Failed to mount /dev/hd*1 as /lib" problems... But wait! There's more!

2) Another point about using devFS which I had to search for, in build-initrd.sh under BOOTDEV and CRYPTROOT make sure to edit these options like below, according to your equipment:

This is /dev/hde1

```
BOOTDEV=/dev/ide/host2/bus0/target0/lun0/part1
```

This is /dev/hda10

```
CRYPTROOT=/dev/ide/host0/bus0/target0/lun0/part10
```

God Bless the creators and maintainers of Google.

And credit goes to the linux-crypto mailing list for point #2 http://mail.nl.linux.org/linux-crypto/2003-01/msg00034.html

My apoligies for any spelling/grammer/things that don't make sense. I'm tired and just happy to have a working system again.  :Smile: 

----------

## easykill

yeah, that's kinda what i was thinking...i just didn't get around to doing it, and instead just told devfs not to mount automatically at boot, since gentoo does it itself with devfsd

and i think i figured out how to encrypt the other drives with a fixed key...reading a bit past the encrypt root FS stuff in the loop-AES readme gives some examples (including the magic -p 0 for losetup)

so I'm gonna try that tomorow after some sleep

----------

## chadders

I think using a key gotten from /dev/random and then the key encrypted with GPG would be lots better than using a hashed key from a pass phrase.  I know how to do this on partitions that aren't root.  If anyone knows how to do it on a root filesystem please post!

Chad   :Very Happy: 

----------

## easykill

the loop-AES faq pretty much sums it up, just substitute the steps.  I recommend using one of those little USB hard drive thingies (the dongles) as they won't break on you.

----------

## easykill

the loop-AES faq pretty much sums it up, just substitute the steps.  I recommend using one of those little USB hard drive thingies (the dongles) as they won't break on you.

----------

## easykill

gah, sorry for the double post...mozilla was acting up

here is a little summary for how I set up my /usr/local partition to be encrypted, and mounted without a password (this is unsecure if you don't have an encrypted root fs, since the password is stored in a file)

READ THIS THROUGH BEFORE TRYING IT IN CASE I FORGOT ANYTHING.  BE SURE TO BACKUP YOUR DATA!!!

1.) Run the following twice to get your seed and password

```
head -c 15 /dev/urandom | uuencode -m - | head -2 | tail -1
```

You will get 2 strings similar to the following

djYFGvsKuiMIJkerw3H8

zZEomoTvDgFTfRz+o7RN

copy them to a file, or write them down...the first one will be used as your random seed, the second will be used as your password.

2.)  Make sure to backup all important data on the partition you are going to encrypt.

3.)  Make the loop device.  Assuming you want /dev/loop4 to be the device to use for your mounted device, and assuming /dev/hdb5 is the partition you want to encrypt, the following works.  Substitute your random seeds and passwords for the ones i just made up....

```

 echo "zZEomoTvDgFTfRz+o7RN" | /sbin/losetup -e AES256 -p 0 -S  djYFGvsKuiMIJkerw3H8 /dev/loop4 /dev/hdb5

```

This sets up a loop device that will use AES256 encryption....the password is read from the echo because of the -p 0 flag, and the -S sets the random seed (which was missing from the original howto in this thread, because it's not necessary, but does make it more secure.  If you are going to do the -S for the encrypting root, READ THE LOOP-AES README!!! IT has very nice instructions!

4.)  Encrypt the drive: 

```
dd if=/dev/hdb5 of=/dev/loop4 bs=64k conv=notrunc
```

This will take a while, and won't show anything, but your hard drive light should be flashing (if the light works, that is)

So be patient...read Calvin and Hobbes or play the new Zelda game.

5.)  Your drive is now encrypted....you need to make an rc script with the following in it (or something similar)

```
#!/sbin/runscript

 

 depend() {

     before modules

 }

      

start() {

  ebegin "Starting loop setup for /usr/local"

  echo "zZEomoTvDgFTfRz+o7RN" | /sbin/losetup -e AES256 -p 0 -S djYFGvsKuiMIJkerw3H8 /dev/loop4 /dev/hdb5

  eend $? "Failed to start loop setup!"

}

                   

```

again, substitute your seed and password and drive and loop device for my sample ones.

6.)  Ack! can't have anyone find our our random seeds/passwords!

```
chmod 700 /etc/init.d/loopsetup
```

Substitute whatever you named the rc script

7.)  Put the script in your startup

```

rc-update add loopsetup boot

```

This puts it in the boot runlevel (an early one) and should (for me it doesnt...???) have it run before your modules are loaded....it may work for you.

8.)  Edit your fstab...change the line for /usr/local (or whatever) to read as so:

```

/dev/loop4              /usr/local      ext3            noauto,noatime      0 0

```

I have the noauto in there because for whatever reason, the rc-update isn't running the loopsetup where it is supposed to, even with the depend statement...I'm not sure why.  It's very annoying.  If anyone can solve that, it would be nice.  It (for me) ends up getting ran way later on.  If that gets solved, make sure to change the last number in that fstab line to a 1, so the loop device gets fscked for errors.

9.)  If you have gotten it working so that it will run the loopsetup before it tries to mount filesystems, then ignore this step.  If you didn't get rc-update to work correctly, put the following in your /etc/conf.d/local.start or make a new init script, whatever...

```

/bin/mount /usr/local

```

again, substitute...blah blah...

10.)  Your partiton should be encrypted and should autoload without a password now.  Make sure you keep the loopsetup file chmod 700 so that nobody else can read it, as it has your passwords in it.  This is relatively secure since your root filesystem is encrypted so that anybody who would steal the drive and try to read it would first have to break the encryption for the root drive before they could get the password out of the file

I don't think I've forgotten anything, but let me know if I have.

----------

## Woody2143

Well Gentlemen, I have run in to a problem using this little trick... Now mind you it may not be a direct result of encrypting my root fs, but I can't say for sure that it isn't.... 

One day after work I came back to my apartment to find that my beloved computer had a little panic attack. Upon rebooting I came to the

```
loop: loaded (max 8 devices)

Encrypted file system, please supply correct password to continue

Password:
```

I put in my password and this is what I got for my troubles...

```
EXT3-fs: unsupported inode size: 14776

Looks like you didn't say the magic word. Mounting /dev/loop/5 failed

Encrypted file system, please supply the correct password to continue

Password:
```

I have tried to type in the WRONG password on purpose to see if I was getting that particular error msg, but indeed it wasn't....

```
VFS: Can't find ext3 filesystem on dev loop(7,5).

Looks like you didn't say the magic word. Mounting /dev/loop/5 failed

Encrypted file system, please supply the correct password to continue

Password:
```

I'm currently looking around [think google] for an answer of how to repair my little unsupported inode size problem but I figured I'd drop a msg here as well....

After typing this out I realized what I should be doing... I broke out my Knoppix CD, unencrypted the partition, and ran e2fsck on it... I knew I kept that Knoppix CD around for some reason.   :Wink: 

Oh well, I'll leave this just in case someone elses brain doesn't start up right away....

----------

## chadders

Probably would have been easier to:

1) Boot Knoppix

2) losetup -e whatever /dev/loop0 /dev/hdWhateverWasYourRoot

3) e2fsck /dev/dev/loop0

4) Reboot like normal

Chad   :Very Happy: 

----------

## Woody2143

Yeah, that is what I ment by unencrypting the partition... My mistake. 

It worked but man was my drive hosed up. I'm gonna have to recover some key files and reinstall I think... To many files are giving me errors like syslog and rsync... Oh well, stuff happens...

----------

## revoohc

Has anyone been able to do this root encryption storing part of the key/passphrase on removable media?  This question is coming from example 4.  

I have a 256MB USB key card that I would love to have incorporated in this so that you can't boot my laptop without it.

Any ideas/help would be appreciated. 

BTW, my system is setup as follows:

/dev/hda1 1048MB (suspend to disk area)

/dev/hda2 ~50MB - boot

/dev/hda3 1024MB - swap

/dev/hda5 ~38GB /

thanks,

chris

----------

## chadders

I think it would be really great to have the whole /boot filesystem on a USB keychain drive.  That way NOTHING would have to be on the /root or other filesystems thats not encrypted   :Shocked:     I don't have a USB keychain drive but i am going to get one and try it I think.

Does anyone know if a USB keychain disk drive is seen by the BIOS?  Will it try to boot from it?

Btw the partition types don't have to be 82 or 83 on anything except the /boot.  You can set them to DA = NON-FS DATA or anything else you want and it works.  With /boot on a USB keychain noone would even know what operating system is on the hard disk! 

Chad   :Very Happy: 

----------

## easykill

ok, not having tried this, I'm just randomly guessing here....

If the USB dongles are anything like my digital camera, they will end up being /dev/sda or something along those lines.

Pretending you have your /dev/hda set up as following:

/dev/hda1     /

/dev/hda2     swap

/dev/hda3     /usr/local

or something like that

and you have your /boot on the keychain drive located at (find this out before you do this)  /dev/sda1

I don't think it would be easy to have the BIOS boot from the keychain drive, unless the BIOS would see it as a SCSI device as well...?

however, you could use lilo (or grub) to accomplish this, I would imagine, by having lilo install itself in the MBR of /dev/hda but having the /boot in lilo point to /dev/sda1 or something

Thinking about this more, it might not work since the kernel hasn't loaded yet, and unless the BIOS assigns the keychain drive a value of sorts, it wouldn't be loaded yet as /dev/sda.   I'm not sure.

In retrospect, this whole post is probably incorrect and pointless.  Sorry, heh.

----------

## ghetto

Wow what an exciting idea! I mean to have the entire harddrive encrypted and the kernel on some sort of external media. 

I agree that a usb keychain would be cool, but if its not possible then what about a floppy disk? or maybe a cdrom? Wouldnt one of those work? Or would the external media need to contain the entire /boot partition? a cdrom could hold that easily but i doubt a floppy could. meh..

----------

## chadders

Ive been trying to figure out how to make a little cdrom (one that will fit in my pocket) that contains just the /boot stuff.  So far I dont know how to make it bootable.  Once I can get it to load the kernel it should be ok to use the loop-AES initrd.gz and ramdisk and then prompt for the pass phrase and chroot/pivot to the real encrypted root.

Does anyone know how to make a bootable cdrom with grub? or where a HOWTO is?  What I dont know how to do is tell grub to put its bootstrap stuff that normally goes in the mbr into something that the BIOS understands when it tries to boot the CDROM.  Everything I found so far says it has to be a floppy or a disk image and I'm real confused about how to make that part.

Chad  :Very Happy: 

----------

## easykill

you should be able to get around that, with lilo i would expect...probably not with grub, as grub will only let you specify hard drives as your devices.

in lilo, you would edit the /etc/lilo.conf file so that

```
boot=/dev/hdc
```

or whatever the CD rom is....

but have lilo install itself onto /dev/hda (your hard drive) with 

```
lilo -b /dev/hda
```

 i believe would work.  otherwise, man lilo and find the right option.

Then, lilo will load off of the hard drive, but will scan /dev/hdc for the lilo mapping or whatever.

That may not work, but I would think that it would be worth a try, at least.

You would also have to modify /etc/fstab obviously

----------

## ghetto

The problem with lilo of course is that if you change kernels, or change configuration you have to re-run lilo.. so this may mean that you would have to burn a new disk everytime you needed to run lilo again (i think..)  :Sad: 

----------

## TinheadNed

When I first read this, I was really tempted to wipe RedHat off my laptop (which I'm going to do soon anyway), and install an encrypted Gentoo.  But, after thinking about it, I've seen two problems, and I just wanted to throw them out here to see what people think.

Encrypting a file is very secure, as you can't make many guesses as to what might be inside it, unless you know what you're looking for.  It's only a small file after all, which makes it very difficult to crack.  However, if you're encrypting an N Gb HD there's a lot more bytes to look for patterns in.  Considering you know you're booting Gentoo (or at least some linux kernel) you can make a few guesses as to which filesystem you're installing.  Surely then you can look for the thousands of empty inodes on the disc?  They'll be in fairly predictable places.  You also know the directory structure, and can guess at the contents of quite a few of the plaintext files.  Wouldn't this make it far easier (though not actually EASY for non-governmental bodies) to break?

A second problem (if you live in the UK), is that encrypting your drive is completely pointless, unless it is hiding evidence of crimes that carry sentences of greater than 3 years in prison, as failing to hand over a password to encrypted data when instructed by a representative of the Home Office is itself now a crime, courtesy of the RIP Act.  And you have to prove you don't have the key, innocence is not assumed (which controvenes other laws I hope).  And it's illegal to tell anybody if they ask you for the key too, IIRC.

I'd be really happy to be proved wrong on either of these points though.

----------

## karrots

To boot off of a CD you could just use ISOLinux as your boot loader its part of the syslinux family. I use it to have multiple boot images on one CD.

Also to who ever was wondering how to boot Knoppix on their laptop that doesn't support BootCD's. There is a disk image you can write to a floppy that will allow you to boot the CD. Browse around the cd and you will find it.

Karrots

----------

## barlad

Well... looks like I messed up everything. I followed instructions step by step and ended up with a unreadable root partition  :Sad: .

There was a problem with devfs so I decided to decrypt the partition, and that's where shit hits the fan. When I tried to mount /dev/loop5 (under Knopix, after doing a losetup) it told me it could not recognize filesystem. Then after I did my decrypt (dd if=/dev/loop5 of=/dev/sdb3 bs=64k notrunc), sdb3 could not be read either.

It does not recognize the file system.

Any idea? if it's only some minor stuff that got damaged, I could maybe recover it.

----------

## thehyperintelligentslug

 *TinheadNed wrote:*   

> A second problem (if you live in the UK), is that encrypting your drive is completely pointless, unless it is hiding evidence of crimes that carry sentences of greater than 3 years in prison, as failing to hand over a password to encrypted data when instructed by a representative of the Home Office is itself now a crime, courtesy of the RIP Act.  And you have to prove you don't have the key, innocence is not assumed (which controvenes other laws I hope).  And it's illegal to tell anybody if they ask you for the key too, IIRC.

 

I don't know about anyone else but I encrypted my drive (laptop) so if it gets nicked, I know nobody will be able to see what I have on there* - eg my companies accounts!

(* without a lot of work anyway).

Besides, I store all information pertaining to my organised crime activities on my windows machine - thats secure right?   :Laughing: 

----------

## barlad

Well, I just crashed another patition by trying to  encrypt the system, although that time I didn't lose anything since it was a stage1 install  :Wink: . Anyway I think I narrowed down a bit better the problem and I have a question everyone who made this working should be able to answer.

When you first use the losetup program, it asks you for a password. After that you encrypt the system with dd if/of.

Now when you use again losetup to mount your encrypted partition (be it to decrypt it or to mount it), it asks for a password.  You MUST enter the password that you entered the FIRST TIME right? and if you enter something else... it fails, right? Seems quite logical... The problem is after I encrypt my partition, if I want to mount it using losetup, it asks again for a password. But I can enter whatever I want, like if it had not been encrypted the first time. 

Basically, I think that the encryption process fucks up somewhere and that then the partition cannot be recognized, either as a reiserfs system or as a crypted system. Thus losetup always thinks it's a "decrypted" partition.

Any though please? and has anyone read/heard about a problem with encrypthing scsi disks? I started looking into mailing-list but haven't found anything yet.

Anyway... off to the reinstall again!

----------

## ghetto

man oh man oh man oh man oh man oh man oh man oh man oh man oh man man oh man oh man oh man oh man oh man oh man oh man oh man oh man man oh man oh man oh man oh man oh man oh man oh man oh man oh man man oh man oh man oh man oh man oh man oh man oh man oh man oh man man oh man oh man oh man oh man oh man oh man oh man oh man oh man man oh man oh man oh man oh man oh man oh man oh man oh man oh man man oh man oh man oh man oh man oh man oh man oh man oh man oh man man oh man oh man oh man oh man oh man oh man oh man oh man oh man 

OH MAN I WISH I HAD A SPARE SYSTEM SO I COULD TRY THIS!!

anyone got a spare they want to lend me?  :Smile: 

----------

## easykill

 *barlad wrote:*   

> Well, I just crashed another patition by trying to  encrypt the system, although that time I didn't lose anything since it was a stage1 install . Anyway I think I narrowed down a bit better the problem and I have a question everyone who made this working should be able to answer.
> 
> When you first use the losetup program, it asks you for a password. After that you encrypt the system with dd if/of.
> 
> Now when you use again losetup to mount your encrypted partition (be it to decrypt it or to mount it), it asks for a password.  You MUST enter the password that you entered the FIRST TIME right? and if you enter something else... it fails, right? Seems quite logical... The problem is after I encrypt my partition, if I want to mount it using losetup, it asks again for a password. But I can enter whatever I want, like if it had not been encrypted the first time. 
> ...

 

Yeah, it will let you enter in anything when you losetup...but you should enter the password you used.  If you don't enter that password, it won't decrypt correctly, and if you try to dd if=/dev/loop5 of=/dev/sda1 or whatever, it's gonna fuck up the system, and there's nothing you can do.

Make SURE you use the correct password...it does ask twice with the -t switch

----------

## jlade

I like the idea, great howto Chadders.  Wish I was into this stuff when I was 13 and a half.  

Anyway has anyone tried this on a laptop.  Mine is still installing at the moment.  Reason I am asking is I had to do a floppy boot disk then a network install using redhat.  So booting from knoppix CD is not an option.

Anyway great stuff I am thinking on giving it a try

Jason

----------

## mihochan

Don't want to throw cold water on this idea, but why would you want to encrypt your ENTIRE filesystem?

Anybody can get a copy of 'ls', they don't have to steal one.

Which, leads to a second point. Probably, encrypting the entire filesystem is actually less secure than just encrypting you own personal data. After all, it is much easier to crack encryption if you have some idea of what is encrypted. A hacker would simply need to compare your encrypted copy of some common config file to their unencrypted one. This would give them a hand hold to break into the system.

Maybe I'm wrong. I don't actually know anything about the details of this but prima facie the point seems valid.

Tom

----------

## thehyperintelligentslug

 *mihochan wrote:*   

> Don't want to throw cold water on this idea, but why would you want to encrypt your ENTIRE filesystem?

 

Some may want to keep people off it (brothers, sisters, government!), personaly, I have my laptop encrypted as I do alot of my work on there. If somebody steals it, I can be as sure as I can be that they can't boot the system / view my files.

 *mihochan wrote:*   

> Anybody can get a copy of 'ls', they don't have to steal one.
> 
> Which, leads to a second point. Probably, encrypting the entire filesystem is actually less secure than just encrypting you own personal data. After all, it is much easier to crack encryption if you have some idea of what is encrypted. A hacker would simply need to compare your encrypted copy of some common config file to their unencrypted one. This would give them a hand hold to break into the system.

 

An intruder can't get a 'copy of ls' of an encrypted system / partition / file, you misunderstand how this encryption works. Check out Chadders first post or the loopAES README file for an overview.

----------

## mihochan

 *Quote:*   

> 
> 
> An intruder can't get a 'copy of ls' of an encrypted system / partition / file, you misunderstand how this encryption works. Check out Chadders first post or the loopAES README file for an overview.
> 
> 

 

No, actually, I think that you just don't understand my point.

'ls' is a freely available program like just about every part of the core linux system. Hence, there is no motivation to encrypt these things.

All you need to encrypt are your personal files - ie data that cannot be freely downloaded from elsewhere.

The second point I made was something of a guess, but I still think that it is likely to be true. It is much easier to break encryption when you have some known piece of data encrypted to test against. By encrypting the base system, you are probably just providing a wealth of known test-cases for the would-be hacker.

Tom

----------

## easykill

true, but unless the person has a supercomputer, a lot of time (or a LARGE government case against you), and a huge urge to see your email or whatever, they're not gonna be able to encrypt it.

a DES256 encryption with a random seed is NOT easy to crack, even if you do have some data to guess with.

And, if you only want to encrypt some stuff, just don't do your root partition.  only do /usr/local/encrypted or something like that.

This FAQ is mainly for encrypting an entire system.  The steps on encrypting a single partition are trivial and well documented in the loop-AES readme

----------

## chadders

I think EVERYTHING should be encrypted.  ALL THE STUFF on the disk drive, ALL THE STUFF on the network, all the stuff between the keyboard and the mouse and the computer, EVERYTHING.  Well maybe not the keyboard and the mouse YET.

Some people say stuff like "if I know what some of the unencrypted stuff is then I should be able to break in easier" and thats why encrypting root is a stupid idea.  I DONT THINK THAT!  AND THATS WRONG!

That idea is called a "known plain text attack" and it would work if you was using a stupid encryption implementation that uses ECB (electronic code book) that uses the same key for each block.  Good encryption stuff uses CBC (cipher block chaining) that changes the key a little bit for EVERY BLOCK.  Thats called a IV (initial vector).  

I think maybe the FBI or someone like that MAYBE could break loop-AES but I don't think anyone that might want to steal my computer files can.  If I had a laptop what I would do is make EVERYTHING encrypted.  If I wanted to run Windoz stuff I would put Windoz under VMware all on the loop-AES encrypted disk.   Then I would put /boot on a USB dongle or a little CDROM in my pocket.  Then if someone stole the laptop they would just have a laptop and not all of my files too.  AND THEY WOULDNT EVEN KNOW WHAT OPERATING SYSTEM IT RUNS WHICH IS WAY COOL.

Chad  :Very Happy: 

----------

## es0x279e

Hi, and congratulations for such a good thread and tip!

But i have a problem when im trying to init a new encrypted root filesystem. It happens before it ask me for the password and I have tried at least four different ways to make it go ahead :~( It seems that it couldn't find the right ram0 or ram1 device or it is wrong made, i dont know.

I have tried to make it boot w/ and w/o devfs. The first one i used in my grub.conf - ro root=/dev/ram1 - and in the build-initrd.sh i have BOOTDEV=/dev/hda6 CRYPTROOT=/dev/hda5. In the second one (w/ devfs) i have tried two ways, always keeping the grub.conf to - root=/dev/ram0 init=/linuxrc - and the USEPIVOT and USEDEVFS to 1 as i saw in the thread but changing the BOOTDEV to /dev/discs/disc0/part6 and CRYPTROOT to /dev/discs0/disc0/part5. The last way i tried is to make it as it shows the README file of loop-AES. It didn't work anyway...

The real problem is that i don't know where is problem... im not sure if it is in the build-initrd.sh script or in the grub config or if i have made wrong the loop module or if the kernel is not compiled with the options it should be made...

My partitions are:

   Boot /dev/hda6 ext3

   Root /dev/hda5 xfs

If anyone have any idea or suggestion please, tell me because Google is empty of inspiration, or am i?

PS: forgive my "rare" English, im from Spain and English is not my better subject :)

----------

## chadders

Hi,

Make sure that you have /boot mounted before you run build-initrd.sh.  Here is some of my config stuff that works ok.  Maybe it will help you find out whats wrong.

This is part of my build_initrd.sh:

BOOTDEV=/dev/hda6

BOOTTYPE=ext2

CRYPTROOT=/dev/hda7

ROOTTYPE=xfs

CIPHERTYPE=AES256

# optional password seed for root partition

#PSEED="-S XXXXXX"

This is part of my grub.conf:

title=launch

        root (hd0,5)

        kernel /bzImage ro root=/dev/ram1

        initrd /initrd.gz

This is my /etc/fstab:

/dev/hda6               /boot           ext2            noauto,noatime          1 1

/dev/loop5              /                  xfs             noatime                 0 0

/dev/hda5               none            swap            sw,loop=/dev/loop6,encryption=AES256    0 0

Chad  :Very Happy: 

----------

## es0x279e

Hi again! And thanks for such soon answer!

  sorry, but i still getting errors on boot... and im so sure im doing it as the tutorial described... It all breaks there...

hub.c: USB hub found

hub.c: 2 ports detected

NET4: Linux TCP/IP 1.0 for NET4.0

IP Protocols: ICMP, UDP, TCP, IGMP

IP: routing cache hash table of 4096 buckets, 32Kbytes

TCP: Hash tables configured (established 32768 bind 65536)

NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.

ds: no socket drivers loaded!

RAMDISK: Compressed image found at block 0

Freeing initrd memory: 1k freed

VFS: Mounted root (minix filesystem).       < -----     ERROR !!!

loop: loaded (max 8 devices)

IT ASKS FOR PASSPHRASE RIGHT HERE

read_super_block: can't find a reiserfs filesystem on (dev 07:05, block 64, size

1024)

read_super_block: can't find a reiserfs filesystem on (dev 07:05, block 8, size

1024)

XFS mounting filesystem loop(7,5)                           < ---- This thing happens before the pass

VFS: Mounted root (xfs filesystem) readonly.     _______                 but i get and error there, couldnt

Trying to move old root to /initrd ... okay                                     ______ find a xfs fs there...

Freeing unused kernel memory: 80k freed 

  I spend all my easter holyday to try to make it go... but i have no luck!! Im sure i had mounted /boot when ran build-initrd.sh and i used the same config as you less the /dev/hda7 what i have /dev/hda5 (my root) and ext2 on boot that i have ext3. The grub.conf, the /etc/fstab are almost exactly as yours... to encrypt the fs i use 'dd if=/dev/hda5 of=/dev/loop0 bs=64k conv=notrunc' and to setup the loop i use 'losetup -e AES256 -T /dev/loop0 /dev/hda5' (before the dd statement of course  :Smile: ). I make my kernel to all the requirements that it needs and also, I had remaked the loop module when I finished compiling the kernel. I'm using util-linux v2.11z and loop-AES v1.7c... Im also running now knoppix v3.1 so the losetup error... well, you said that with this version of knoppix it should work, but anyway i'll try to do the losetup with the one is in my /boot, just to make tinier the circle...

   This thing happens to anyone??

----------

## es0x279e

I have tried to losetup from the /boot, but it does nothing. It doesnt ask for the pass but it doesnt end either, so i though that could be the problem. To mend it I copy the losetup from the knoppix to the /boot, but the error still there... so, it's not problem of losetup, i think...

I will trying googling that question!  :Smile: 

----------

## chadders

How are you encrypting your /root?  Are you using AESPIPE?  Please paste the commands that you use to encrypt it. I have had problems with aespipe and dont like it to much.  I don't know if aespipe is broke or if I was doing something wrong (I don't think I was doing anything wrong because I have done this stuff lots of times before but not with aespipe).  I gave up and used the v1.7b instructions.

I like the procedure in loop-AES-v1.7b lots better tha aespipe!!!

Chad   :Shocked: 

----------

## splooge

Chad you're really not 13 are you?

If so I never have a chance of getting another job again =)

----------

## chadders

I'll be 14 in exactly one week. how come everyone thinks if you aren't old that you can't do stuff? Its not very fair sometimes.

Chad   :Evil or Very Mad: 

----------

## es0x279e

HI again!

  well, i will try to enumerate what i have done to encrypt the root fs. I supposed i had to write what i've done after booting Knoppix, so there it is:

 #> mount /dev/hda6 /mnt/hda6       // my boot fs

 #> vim /mnt/hda6/grub/grub.conf    // my grub.conf, i changed that to make it load initrd.gz

 #> umount /mnt/hda6

 #> mount /dev/hda5 /mnt/hda5      // my root fs

 #> vim /mnt/hda5/etc/fstab             // I changed the /dev/hda5 to /dev/loop5

 #> umount /mnt/hda5

 #> losetup -e AES256 -T /dev/loop0 /dev/hda5

 -- I entered the passphrase --

 #> dd if=/dev/hda5 of=/dev/loop0 bs=64k conv=notrunc

 #> reboot

  Thats all i did to encrypt using losetup instead of aespipe. With aespipe i had just chaged the losetup and dd sentences to:

 #> dd if=/dev/hda5 bs=64k | /mnt/aespipe -e AES256 -T -S XXXXXX -C 100 \

| dd of=/dev/hda5 bs=64k conv=notrunc

  But the error was the same... So i supose it's independent of the encrypting way. Also, because i could mount the encrypted fs using losetup again in the first way (with losetup and dd)... I don't know what the hell is wrong with it... I'll try to remake the kernel and be sure the requiremend are met...

  Thanks to bear my slowness!!

----------

## es0x279e

By the way, this is part of my boot log. Its copied by hand, so it maybe have some errors...

...

ds: no socket devices loaded!

RAMDISK: Compressed image found at block 0

Freeing initrd memory: 1k freed

cramfs: wrong magic

FAT: Bogus logical sector size 0

FAT: Bogus logical sector size 0

read_super_block: can't find a reiserfs filesystem on (dev 01:00, block 64, size 1024)

read_super_block: can't find a reiserfs filesystem on (dev 01:00, block 8, size 1024)

XFS: Bad magic number

XFS: SB validate failed

Kernel Panic: VFS: Unable to mount root fs on 01:01

-- END --

any ideas?

----------

## easykill

you do have minix filesystem support configured into your kernel, not as a module?

----------

## es0x279e

I thought it was the problem and i checked it again. I checked my personal kernel config and the .config file is in /usr/src/linux... It was included not as module. I remade the kernel to short the circle, but it still not going. I have just finished trying to make initrd with /dev/ide/host0/bus0/target0/lun0/part5 instead od /dev/hda5 and /{bla}../part6 instead of /dev/hda6 but still wrong... The fact is that i think minix support is what is wrong... Could it be beacuse im using xfs sources? Im running out of ideas...

----------

## es0x279e

well, it seems it worked, at least it ask me for the pass! After six or so days... I have just recompiled my kernel with other options... ill explain that: i compiled w/o ROM fs support, w/o JFS support and i have changed the NLS default charset from iso8859-15 to iso8859-1. So now, i don't know what was wrong with the last kernel... Now, it can't mount the root fs, but, for now, i have fresh air to carry on trying things... I think the problem is the seed, that i didn't put in build-initrd.sh. 

Thanks Chadders ans Easykill!!  :Very Happy:   :Very Happy:   :Very Happy: 

----------

## tuXXer

Am I right? Your method results not in data loss? The other documentations (e.g. loop-aes) says that creating an encrypted partition lead to fully data loss...

Btw. not the age is important, only the skill and the ability for abstaction counts.

----------

## es0x279e

Refered to my own experience: Im running exactly the same system that i run last week. The only difference is that before was unencrypted and now it is encrypted... The only data i have lost it the boot partition that i have encrypted thinking it was the swap (imagine the mess up  :Smile: ), but it was for my fault...

Im not sure if i answered your question...  :Razz:  well, ill keep going investigating...

----------

## easykill

 *tuXXer wrote:*   

> Am I right? Your method results not in data loss? The other documentations (e.g. loop-aes) says that creating an encrypted partition lead to fully data loss...
> 
> Btw. not the age is important, only the skill and the ability for abstaction counts.

 

I have encrypted 3 partitions and had no data loss.  There is a possibility for data loss if you screw something up, or have a power failure while doing the dd, but other than that, there should be no data loss.

----------

## repugnant

To ask a dumb question, what is to prevent someone using a knoppix disk to put a different kernel in /boot?  Did I miss something?

----------

## es0x279e

Im not sure if this is the answer of your question... anyway, you can't change your kernel version since the loop-kernel-v.v.v-rc.o on /boot was made for the especific kernel you had then. So if you chage the kernel version that module won't work. And it makes everything to go, so without it you wont boot your system...  it's not a good idea to change the kenel version when in knoppix... But as i said before, im not sure if I answered right to your question (remember Im spanish!  :Very Happy: )

Cheers!

----------

## repugnant

Thanks for the reply.  But if an evil-doer watches your boot sequence, can't they figure out that a) what version of the linux you have and b) that you're using loop-aes?  And so they go and build a loop-aes-enabled kernel and put it in boot.  The new malicious kernel maybe can do keystroke logging or something. I don't know  :Smile: 

----------

## chadders

Not if the whole /boot partition is on a USB dongle or on a cdrom in my pocket!

Chad  :Very Happy: 

----------

## watersb

Chadders, this is a GREAT how-to! I am VERY pleased to see people excited about this!

EDIT [2003-May-24]: The technique described here uses the built-in cryptoapi, not loop-AES. CryptoAPI is undergoing active development churn in the development kernels, so if you're using a 2.5 kernel you will probably want to IGNORE this post. Eventually, cryptoloop will work with the overall kernel crypto, so that there will be a single implementation of each cipher for all kernel functions: IPSec as well as disk encryption. But loop-AES is working better at the moment...

I am trying the loop-AES technique with the optional ciphers, against a 2.5.69-mm8 kernel. So far I have been able to get losetup to work just fine manually, so the loop-AES technique similar to Chadders' original post might actually work with 2.5. I will post an update when I know more.

To summarize: The loop-AES technique discussed on this thread seems to work for both 2.4 and 2.5, while the technique in this post may not work as well. I leave it here for informational purposes.

The stuff in this quote is the original post, and should probably not be used (use loop-AES instead):

 *Quote:*   

> 
> 
> Folks, I have been running an encrypted-EVERYTHING (root and swap) laptop for 10+ months now with NO problems since I got it to work.
> 
> This technique is rather out-dated, and does not incorporate the great suggestions seen so far on this thread, but I wanted post it here for those that are interested, and I will update this technique and report back... The advantage IMHO is that we use twofish rather than AES...
> ...

 

The swap-encryption script on this post will still work:

Here is how to ensure that your swap partition is encrypted:

Add this script at /usr/local/sbin/crypto-swap:

```

#!/bin/sh

# Run this script somewhere in your startup scripts _after_ random

# number generator has been initialized and /usr has been mounted.

# (md5sum, uuencode, tail and head programs usually reside in /usr/bin/)

# encrypted swap partition

SWAPDEVICE=/dev/hda5

# loop device name

LOOPDEV=/dev/loop6

MD=`dd if=${SWAPDEVICE} bs=4k count=10 2>/dev/null | md5sum`

for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do

    dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 conv=notrunc 2>/dev/null

    sync

done

UR=`dd if=/dev/urandom bs=18 count=1 2>/dev/null \

    | uuencode -m - | head -2 | tail -1`

echo ${MD}${UR} | losetup -p 0 -e twofish -k 256  ${LOOPDEV} ${SWAPDEVICE}

MD=

UR=

dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2>/dev/null

sync

mkswap ${LOOPDEV}

sync

swapon ${LOOPDEV}

```

You will need to edit the value of the SWAPDEVICE to point to your swap partition. Be very careful -- this script will DESTROY the data on the partition that you point it to if you do not want to use it for swap!

Test this script by running it as a root user. Then to use this encrypted swap automatically, edit  the init script at /etc/init.d/localmount:

```

REPLACE THESE LINES AT THE BOTTOM:

   #swap on loopback devices, and other weirdnesses

   ebegin "Activating (possibly) more swap"

   /sbin/swapon -a &>/dev/null

   eend 0

WITH THIS:

   #swap on loopback devices, and other weirdnesses

   ebegin "Activating (possibly) more swap"

   /usr/local/crypto-loop

   eend 0

```

Chadders, I will create a bootable CD-ROM and let you know.Last edited by watersb on Sat May 24, 2003 5:54 pm; edited 2 times in total

----------

## Aonoa

Very nice documentation you made here Chadders, I used it and successfully made my system encrypted (root + swap).

Thank you for posting it.

What I also did, was make a bootable 8cm cd-rw to use as boot media instead of a partition on my hd.  It works great.

I made a grub boot floppy and used it to make a boot.img file to use with cdrecord to burn the cd with the contents of my /boot partition.

Call me paranoid, but this was just fun to accomplish  :Smile: 

----------

## xi

is it possible to use encrypted swap (cryptoloop or loop-aes) with swsusp (suspend to disk) ?

----------

## chadders

Woah cool!  Thanks eonic and watersb.  I still havent found out how to make a bootable cd for /boot and the initrd stuff but i havent been working on it very much lately because my computer died and I had to find new motherboard which wasnt very easy.  It would work for 20 seconds and then lock up even on a dos diskette  :Sad:   I finally got a motherboard from a old pc for 10 dollars so now I'm BACK.

The good thing is that my disk drive is ok YAY and the encrypted root stuff still works on it.  Can you give me the steps that you used to make a bootable /boot on cd?

Chad  :Very Happy: 

----------

## Aonoa

Sure  :Smile: 

mke2fs /dev/fd0

mount /dev/fd0 /mnt/floppy

mkdir -p /mnt/floppy/boot/grub

cp /boot/bzImage /mnt/floppy/boot

cp /boot/initrd.gz /mnt/floppy/boot

cp /boot/grub/grub.conf /mnt/floppy/boot/grub

Now edit grub.conf on the floppy to read something like this:

```

default 0

timeout 15

splashimage=/boot/grub/splash.xpm.gz

title=Boot

root (hd0,0)

kernel /bzImage ro root=/dev/ram0

initrd /initrd.gz

```

cd /usr/share/grub/i386-pc

dd if=stage1 of=/dev/fd0 bs=512 count=1

dd if=stage2 of=/dev/fd0 bs=512 seek=1

dd if=/dev/fd0 of=/boot/image bs=1024

cd /

mkisofs -rlDJLV "boot" -b boot/image -c boot/catalog -o boot.iso boot/

Then burn boot.iso with your favourite cd-r tool  :Smile: 

----------

## watersb

 *eonic wrote:*   

> Sure 
> 
> mke2fs /dev/fd0
> 
> mount /dev/fd0 /mnt/floppy
> ...

 

Great info, eonic!

I think that you can use a loopback file instead of a floppy disk... I am working through this today and will post my results when I know more.Last edited by watersb on Sat May 24, 2003 6:02 pm; edited 1 time in total

----------

## watersb

 *xi wrote:*   

> is it possible to use encrypted swap (cryptoloop or loop-aes) with swsusp (suspend to disk) ?

 

This is an EXCELLENT question -- because of course if you use suspend-to-disk with an unencrypted swap, ANYONE with access to your hard disk can read your memory -- including any kernel structures that hold your keys to the encrypted disk!

The short answer is, No I don't think so -- the reason is that the resume-from-swsup is looking for a standard swap partition.

The new kernel cryptoAPI would permit kernel-land to make the encryption on the swap transparent..

There might be a way to tweak swsup-enabled systems so that you set up a loop before invoking swsup resume, but I rather suspect this would involve some changes to swsup.

I have a laptop, and got interested in disk encryption for exactly the reasons posted on this thread: for a laptop that's relatively easy to steal, if you're not running encrypted disk you should not bother with user and root passwords, either.

Likewise swsup: if you use it and your machine is stolen, hard disk encryption won't matter much, nor will passwords.

So I don't use swsup. I'd certainly like to have it encrypted!

----------

## karrots

Skip the floppy image and put the kernel and initrd on the cd directly. Then use ISOLinux to boot the kernel.

http://syslinux.zytor.com/iso.php

Heck if you still want to use a floppy image us ISOLinux in conjunction with memdisk then you can have multiple boot images on one CD. Thats what I do with one of my utilitiy CD's works great.

karrots

----------

## watersb

I could not get the XFS filesystem to work well with loop-AES under 2.5.69-mm8; I get I/O errors after a very short while and the filesystem disappears.

I am using reiserfs now and it seems to work fine.

I seem to recall that encrypted loopback systems need to ensure serialized writes, but I thought that restriction applied only to file-backed loops, and I'm using a drive partition (a block device, not a file).

Chadders, do you recall the mkfs.xfs settings that you used?

Has anyone else tried this with 2.5.69?

----------

## Naughtyus

Is there any way to get this to work with a passkey file instead of a password?

I would like to have the system boot from CD (as above), but instead of asking for a pass, just look on the CD for a passkey file (or something which effectivly makes the boot secure, and does not require the user to enter anything).

----------

## Naughtyus

Also - is there any way I can make the password (if not using a GPG key, or whatever) less than 20 characters?  Thats overkill for the system I'd like to do this for.

----------

## watersb

2.5.69-mm8 status report...

Getting close; it loads the  initrd.gz that is built by loop-AES/build-initrd.sh -- and then it's getting confused, attempting to mount the partition as a UDF-fs filesystem. I dunno...

I disabled UDF-fs in my kernel, and I'm trying again.

Overall, I am happy that this is closer to working than the cryptoAPI stuff, but I am not happy at the impossibility of debugging the linuxrc script of the init ramdisk!

If I cannot get the loop-AES linuxrc process to work, then I will tweak the ramdisk that I built for 2.4.19 -- my ramdisk is 100x larger, but it gives you an entire Linux distribution in the 300K ramdisk (using uClibc for running on embedded systems). Which means that I can get a shell and manually type some losetup commands...

Grr...

oh, and there's a number of bugs in 2.5.59-mm8 and interactions with all this stuff... but I'm almost there...

----------

## watersb

I just got CryptoAPI loopback to work with kernel 2.5.69, (by working on a port to 2.5.58 of Adam Richter's cryptoloop by Furwith Clemens.)

This uses the same API in the 2.5.x kernels as the gentoo-sources use in the 2.4 series -- and what's even better (in my opinion), in 2.5 it uses the new overall kernel infrastructure for crypto, so there is ONE place for all of the cipher implementations.

This CryptoAPI stuff is a slightly different approach that Jaari's loop-AES, but the two should converge at some point. Anyway I'm happy that I got it to work.

For the question of which is the better API, I would have to answer, "the one that works the most reliably". The CryptoAPI-loop developers have all wandered off in the past couple of months, at least they are not actively answering e-mail the way that Jaari does! I suspect that they have more-pressing kernel work to get done; AdamJ is also working on the re-work of devfs, which is more important. And so on.

I will be testing my CryptoAPI loopback for a while. Here's hoping...

If it works, the next step will be to work with Jaari to get the changes included into util-linux; Jarri's util-linux extensions are nice, providing GPG support and password "salt". But his extensions are rather loop-AES oriented. I think that it can converge without too much more work, though. 

----------

## chadders

HI watersb!  I didnt use anything special on my mkfs.xfs and used the defaults.  Only problem I had is I can't make aespipe work and I don't know why.  I only used xfs for my root because I wanted to check it out.  My big encrypted partition where most of my stuff is at is reiserfs just because its been that way for a long time and I didnt want to reload everything yet.

I'm thinking about trying out crypto-api again because I want to use 2.5 kernels.  I tried loop-AES on 2.5.something a while ago and it didnt work too good. Do you think crypto-API is stable enough now?

Chad  :Very Happy: 

----------

## watersb

 *chadders wrote:*   

> HI watersb!  I didnt use anything special on my mkfs.xfs and used the defaults. 

 

OK, thanks, I get it... your XFS partition is NOT encrypted, right? I had horrible I/O errors with encrypted XFS under 2.5.69-bk18, with both loop-AES and cryptoAPI.

 *Quote:*   

> 
> 
> I'm thinking about trying out crypto-api again because I want to use 2.5 kernels.  I tried loop-AES on 2.5.something a while ago and it didnt work too good. Do you think crypto-API is stable enough now?
> 
> 

 

Do I think it's stable enough now... um, no. It seems to work for me, and it seems like a relatively small layer on top of the CryptoAPI, but things could break in the next kernel release (which I will try Real Soon Now).

I'd like it to say it works, but I posted my patches for 2.5.69-bk18 to the cryptoapi-devel list on Monday and so far have received NO response. But Jari Ruusu, the loop-AES guy, has been exchanging emails with me all week.

If you would like to test this CryptoAPI, then you can get the patches here:

http://www.kerneli.org/pipermail/cryptoapi-devel/2003-May/000562.html

If I understand correctly, you will NOT be able to use the same kernel for both loop-AES and CryptoAPI disk encryption. So make a new kernel with "loopback devices" enabled in BLOCK devices, and enable the CryptoAPI. You'll also want to enable the "Encryption for Loopback devices" option.

I build a kernel, rebooted with it, and then loaded modules for twofish, loop, and cryptoloop. Then I used a patched version of util-linux-2.11y (pulled from kerneli.org CVS, then patched with the patch that I refined and tested), compiled a new losetup and mount, and then used those to mount the loopback devices.

Jari is trying to help me get the initrd (initial RAM disk) to work with the recent 2.5 kernel, so stay tuned...

----------

## TinheadNed

Has anybody had problems getting the initial ramdisk to mount the boot partition?

I am really confused as to the problem, but it just tells me that mounting /dev/hda2 as /lib failed, and shuts down.  The boot partition is (obviously) not encrypted, and on ext3.  Ext3 and ext2 support are in the kernel.  Grub can read off the boot partition to load the kernel and initrd so i'm very confused.  I might unencrypt my HD again (it'll only take 20 minutes) but it just seems a bit of a waste.

----------

## viperlin

been folowing this fr a while but this is my forst post, so well done on this tutorial and i'm 15 myself and fixed the devfs problem pretty quickly after reading a little.

i was wondering if anybody has tryed this with a framebuffer image (tutorials on this forum https://forums.gentoo.org/viewtopic.php?t=49036 and on http://www.bootsplash.org, as the framebuffer requires:

```
Code maturity level options  --->

    [*] Prompt for development and/or incomplete code/drivers

Processor type and features  --->

    [*] MTRR (Memory Type Range Register) support

Block Devices ->

    [*] Loopback device support

    [*] RAM disk support

    (4096)   Default RAM disk size

    [*] Initial RAM disk (initrd) support

Console Drivers ->

    [*] VGA text console

    [*] Video mode selection support

Frame-buffer support ->

    [*] Support for frame buffer devices

    [*] VESA VGA graphics console

    [*] Use splash screen instead of boot logo

```

it also requires a special initrd file which contains the framebuffer theme loaded at boot, so i assume you cannot have a framebuffer image and encrypted harddrive, unless 2 initrd's are allowed. i will experiment with this but i assume that since one requires loopback devices enabled and one requires it disabled.

hope that made sence.

----------

## Aonoa

I already had a system using framebuffer and a bootsplash, then when encrypting i changed the initrd entry in grub with the one I made using the encrypt howto.  (I still kept my original bootsplash initrd file)

So I have a system that boots from cd-rom with framebuffer support and when it finishes the boot process and awaits login, it inserts the background picture.

I would however like to be able to maybe merge the two initrd's to get the image displayed during boot, but maybe that will make the image too large?  I've not investigated how to do this yet if it is possible, rather busy at school with a large project.

As I don't have the time, it would be awesome if someone figured it out.

----------

## TinheadNed

Right, I sovled my failed to mount /lib errors (missed the do not mount devfs at boot bit in there), but now I'm stuck on a second problem which recompiling the source and kernel has not helped.  I've also tried compiling the encrypted loopback driver into the kernel with no difference.

Now it (presumably) correctly mounts the boot partition, but all it says is "could not open initial console" and halts again.  I have absolutely no idea where this comes from in the source for build-initrd, it only appears to open /dev/console after mounting the root partition (which I never get asked the password for), so it seems to be doing it before trying to mount any other drives.

Any ideas?  My laptop is only usable as a chrooted Knoppix install right now, which as you can imagine is a bit of a shame.

----------

## chadders

 *watersb wrote:*   

> 
> 
> OK, thanks, I get it... your XFS partition is NOT encrypted, right? I had horrible I/O errors with encrypted XFS under 2.5.69-bk18, with both loop-AES and cryptoAPI. 

 

My root is XFS and it IS encrypted.  I havent had any troubles with it.  

Thanks for patches im trying it out now.

Chad  :Very Happy: 

----------

## Ian

If I set this up on a home file/web server, would it automatically decrypt when sending files out over the network?

I'm basically doing this for the hell of it, and I heavily use samba with the machine i'll be testing it on (well, I will be, when ever i get some free time to set it up :p).  I want to make sure that if a user logs in, they'll be able to read files like normal.  i assume this is so, but i'd like confirmation.  hell, i'll probably go do it anyways.  i can always decrypt/reinstall :p.

----------

## barlad

Sure you won't have any problem at all. Like it was previously said, it is totally transparent to any user.

----------

## Ian

ok, i figured as much, and by now it's really too late, cause i've already started encrypting my system :p.

as i finish up this system though, i will be moving /dev/hda to /dev/hde, and adding /dev/hdg, and i'm not sure if this will pose any problems.  the reason it starts at 'e', is because i have a ultra 100 controller, and it's currently in use in the first server that my dad is stealing in a week or so.  i could leave hda as hda, and just add in the second harddrive as hde (on the controller), but i'd like it all at higher speeds, as it does help when transfering files over the network.

also, if i can't move the first hard drive, i'd still like to encrypt the second.  can i use the instructions to encrypt /usr to encrypt the second hard drive?

----------

## watersb

 *TinheadNed wrote:*   

> 
> 
> Now it (presumably) correctly mounts the boot partition, but all it says is "could not open initial console" and halts again.  I have absolutely no idea where this comes from in the source for build-initrd, it only appears to open /dev/console after mounting the root partition (which I never get asked the password for), so it seems to be doing it before trying to mount any other drives.
> 
> 

 

This sounds like a /dev/vc/... issue to me.

Since you are not mounting devfs automatically, the initrd might be trying to look at device files that are not there; under 2.5.70 I ran into this, since it is best not to mount devfs upon boot... my /etc/inittab has lines in it like this:

```

# TERMINALS

c1:12345:respawn:/sbin/agetty 38400 vc/1 liunx

c2:12345:respawn:/sbin/agetty 38400 vc/2 liunx

```

Note that the terminal devices are listed as "vc/1"... not "tty0" (or some other thing).

I don't know for certain that this is your problem, but I am running into problems with the initrd under 2.5.x and I think that this might be part of it.

I suspect that the build-initrd script needs some work before it is reliable with devfs. Not certain.

I hope this is not confusing the issue...

----------

## Spider

those who had problems getting the initrd to load properly, heres a hint from the developers:

http://mail.nl.linux.org/linux-crypto/2003-05/msg00122.html

----------

## bryon

Has anyone figured out how to get /boot on a USB drive to work yet?

----------

## watersb

 *bryon wrote:*   

> Has anyone figured out how to get /boot on a USB drive to work yet?

 

Check this out...

https://forums.gentoo.org/viewtopic.php?t=57754

Your system needs to support bootable USB devices from the BIOS...

----------

## watersb

 *Spider wrote:*   

> those who had problems getting the initrd to load properly, heres a hint from the developers:
> 
> http://mail.nl.linux.org/linux-crypto/2003-05/msg00122.html

 

Thanks! That wasn't it... still trying...    :Laughing: 

----------

## Ian

 *watersb wrote:*   

> 
> 
> Your system needs to support bootable USB devices from the BIOS...

 

would most modern motherboards, both desktop and laptop, support this?  the only reason i ask is because over the next year, i'll be getting new of both things, so i could theoretically have one /boot for both computers, if i get a big enough keychain, set up the different kernels, and be too lazy to use two :p.

----------

## watersb

 *Ian wrote:*   

> 
> 
> would most modern motherboards, both desktop and laptop, support this?  

 

Well, mine does not...  :Rolling Eyes: 

old Dell Inspiron 8000

Google is your friend. Make certain it can to what you want before you purchase a new system!

----------

## watersb

from the cryptoapi-devel mailing list:

 *jari ruusu wrote:*   

> 
> 
> Attached is third version of unified util-linux crypto patch. This version
> 
> has been tested with loop-AES on 2.0, 2.2, 2.4 and 2.5 kernels, and with
> ...

 

Get the patch here

Please Test!

----------

## Wilhelm

Hi everybody

I'm a n00b too :] but i gave it a go and i worked through both your comments and those on the loop-AES site.

Some things i'd like to add are the following

# Test if your loop.o works before getting screwed

make tests

# AES256 has a minimal 20 character password

# Do read loop-AES readme file to atleast understand what loop-AES does on your system

I must comment that it was easy to do however i haven't encrypted my root partition yet because i haven't backed up for the Worst-Case-Scenario.... A fully encrypted domain which is unreadable and theoretically uncrackable with todays hardware (unless you have a few million years to spare)  :Twisted Evil: 

Also remembering a 20-alfa counting password is hard, so i'm thinking of buying a chipcard reader and somehow putting the password on it. (Ofcourse removing the chipcard after reboot).

EDIT: On second thoughts i'm gonna stick it on a mini-CD  :Smile: 

I have however tested the install on a file holding an ext3 partition and that worked A-OK.

----------

## Wilhelm

Stupid idea but looping through loop to loop8 giving you 9-fold encyption  :Razz: 

Great for system admins who don't trust each other each can have there own key.

----------

## Wilhelm

Chadders i read some more info in this thread and i found you to have the same mini-cd idea already.

I've found a possible way to use a mini-cd as a keycard based om some educated guessing.

If i'm not mistaken a mini-cd in the drive would be available as /dev/hdd at boot time right?.

Also the build-initrd.sh discloses a nice feature whch is mentioned nowhere. 

USEROOTSETUP=1

LOSETUPPROG="someproginyourbootdir"

I'm currently building a tool (not too good with C++) which passes the password from the mini-CD to the losetup tool.

This should hopefully give me a system which will boot with my keycard-CD.

Note: Try building an iso somehow with a boot partition if you want a boot-cd.

----------

## discomfitor

I followed the directions, but now it gives me this error:

Warning: unable to open an initial console.

flushing ide devices: hda hdc

System halted.

----------

## usingloser

i am using the gaming sources and loop.o does not exist in /lib/modules/"kernel name"/block/loop.o

it doesnt even have a /block/ directory, what is the deal?

----------

## Wilhelm

 *Darckness wrote:*   

> I followed the directions, but now it gives me this error:
> 
> Warning: unable to open an initial console.
> 
> flushing ide devices: hda hdc
> ...

 

Which instructions did you follow and what did you try to do?? I'm still not confident enough to risk my root partition until i've tested it multiple times on files etc.

Also i've got gpg working :].

here's how i did it

1. Create a dir for your key and cd to it

2. gpg --gen-key  (I made a 2048 bit gpg key for myself) [Follow interactive questionaire]

3. run the instruction in loop-AES example 4 to create the keyfile (the line head...> keyfile.gpg) using the name filled in at step 2

4. You now have the kyfile to stick on your media

4a. public and secure key are stuck on the key-CD too according to example 4.

5. now add the fstab line (see Example 4)

# my test fstab line (1 line)

/test /xxx ext3 defaults,noauto,loop=/dev/loop2,encryption=AES256,gpgkey=/root/passwords/gpg/keyfile.gpg,gpghome=/root/.gnupg      0 0

6. When mounting use losetup -F /dev/loop2 and enter the phrase entered at 2

Following things i'm gonna try

- Put my keys (pub,sec,keyf) on the boot partition and see if it works.

- Then make one (empty partition) with a test file and encrypt it using dd

- Then see if it will mount using my mini-CD holding the key

- Then figure out if i can use the mini-CD key to mount my root partition

- Then make damn well sure i don't fuck up

- Backup

- dd my root partition.

- Pray  :Smile: 

VOILA A GPGKEY SECURITY!!!!

----------

## usingloser

where does the loop.o get saved too??? i have looked all over but cant find it, and yes i have looked at the readme, but it just states the obvious

also, ./configre says i need "-lcrypt" is this important

----------

## riggagoogoo

I have my xbox link in to my linux server using ccxstream for playing movies/mp3's and displaying pictures I have on my servers hard drives, if I encrypted the filesystem that the files where held on would the xbox still be able to read them??

Cheers

Rigga

P.s great post Chadders

----------

## Wilhelm

 *usingloser wrote:*   

> where does the loop.o get saved too??? i have looked all over but cant find it, and yes i have looked at the readme, but it just states the obvious
> 
> also, ./configre says i need "-lcrypt" is this important

 

No -lcrypt is not important i got the error too. loop.o get's saved in the current dir atleast for me /usr/src/myloopdir/ after correct compilation.

For compiling got to your /usr/src/myloopdir/ directory and run these commands (as stated in the loop-AES readme)

 *Quote:*   

> 
> 
> To compile and install loop.o driver, as root, use commands:
> 
>     make clean
> ...

 

run 'make tests' too, to check if it works

----------

## discomfitor

update:

it still gives me the 'unable to open initial console' error message, but I am now able to mount the partition inside my other gentoo.  I'm using the devfs support (enabled pivot also) in the build.sh script, and changed my grub line accordingly.

fstab line:

/dev/hda3    /      xfs       noatime,loop=/dev/loop5,encryption=AES256 0 0

grub line:

root (hd0,1)

kernel /bzImage root=/dev/ram0 hdc=ide-scsi video=vesa:mtrr,ywrap vga=791 init=/linuxrc

initrd=/initrd.gz

hopefully someone can help me get this to boot

----------

## usingloser

 *TinheadNed wrote:*   

> When I first read this, I was really tempted to wipe RedHat off my laptop (which I'm going to do soon anyway), and install an encrypted Gentoo.  But, after thinking about it, I've seen two problems, and I just wanted to throw them out here to see what people think.
> 
> Encrypting a file is very secure, as you can't make many guesses as to what might be inside it, unless you know what you're looking for.  It's only a small file after all, which makes it very difficult to crack.  However, if you're encrypting an N Gb HD there's a lot more bytes to look for patterns in.  Considering you know you're booting Gentoo (or at least some linux kernel) you can make a few guesses as to which filesystem you're installing.  Surely then you can look for the thousands of empty inodes on the disc?  They'll be in fairly predictable places.  You also know the directory structure, and can guess at the contents of quite a few of the plaintext files.  Wouldn't this make it far easier (though not actually EASY for non-governmental bodies) to break?
> 
> A second problem (if you live in the UK), is that encrypting your drive is completely pointless, unless it is hiding evidence of crimes that carry sentences of greater than 3 years in prison, as failing to hand over a password to encrypted data when instructed by a representative of the Home Office is itself now a crime, courtesy of the RIP Act.  And you have to prove you don't have the key, innocence is not assumed (which controvenes other laws I hope).  And it's illegal to tell anybody if they ask you for the key too, IIRC.
> ...

 

use higher encryption, maybe two pass

tell them that the password auto scrambles if you dont do something in a certain amount of time, or you forgot, heh, what are they going to do, no way to prove the lie

----------

## usingloser

okay, i got everything working, as far as i can tell, except when it goes to bring up the password prompt, it tries a insmod on on the loop driver which it believes it to be in /lib/  so rebooted with knoppix and saved a copy there.  It stills says it cannot find it which makes sense since it still should be encrypted, so why isnt it searching in the boot directory?

i think this stems from it thinking it is using a different kernel than it is, due to an aborted compile.  How do i tell gentoo that it is using the current kernel and not the different version one I aborted.

----------

## Wilhelm

Could someone tell me why this happened during encrypion of a partition holding some (luckily not so important data it only held a few dirs i believe).

And what i did wrong??

 *Quote:*   

> 
> 
> echo mypasswordwhichissecret | losetup -p 0 -F /dev/loop5
> 
> dd if=/dev/hdb1 of=/dev/loop5 bs=64k conv=notrunc
> ...

 

my fstab line

The partition is 80Gb give or take which is 64k * 1373305. 

The drive WAS unmounted when i did this. 

The process took a good hour or 2 to complete on my AMD700

The partition DOES mount but no data was in it

I'm gonna retry it WITH data in the partition too see what happens. Also i'm going to use the AESPipe to make sure i do it BY THE MANUAL.

----------

## hackerError

heh, okay I would love to do this, (mainly so the guys at lan parties cant mount with knoppix or a gentoo boot disk on me again... but thats a long story)

but I am sorta dumb (er lazy same thing) and got stuck on the first step of recompiling my kernel, i managed to guess at one or two things, but, I use make menuconfig to set up my kernel, any chance of someone posting what i should check yes/no/module to, i couldnt find some stuff (albeit didnt look very hard) like where you set the ram thing to 4086

I appreciate it.

----------

## rhodyne

Well I looked thru the entire thread and didn't find anyone else asking this so I'll step off the paranoid precipice.

Is there a way to make this setup a little more "hyper secure"? 

Say I have data on a mobile system that is a security risk. If the system is taken, using some of the ideas related before about unused space/inodes having possible patterns to be located by intensive cracking, that data could still be in trouble.

What if on a specified number of wrong password attempts the file system scrambles (random format)? Or you have one correct password to access and one password that starts a wipe?  This for the, UK gentleman discussing their law structure, would leave you in the boat of "you had something encrypted but no one can prove what it was" not even the originator. You might still be in trouble, but possibly not as much trouble as whatever was there could have put you, if they managed to crack it.

Could something like this, in any capacity, be done? Would this be handled by the loop-AES developer(s) maybe?

----------

## esapersona

 *rhodyne wrote:*   

> Could something like this, in any capacity, be done? Would this be handled by the loop-AES developer(s) maybe?

 

Hmm...Well, if you read the build-initrd.sh script, then you can see the source code for the password entering phase of the start up...You could slap a test in there that increments a counter, so when that counter == 3 it starts a dd if=/dev/zero of=/dev/whatever...All you'd have to do is include a copy of dd in the /boot directory (as you do with losetup).  

The problem with that is that it takes ages for the dd to actually wipe stuff, as can be expected.  I suppose that you could probably do something similar that wipes, say, every even byte, and then every odd instead, but time is still an issue.  It's not enough to simply wipe the filesystem information because anyone cool enough to break your encrypted file data (which would still be there) could easily work out what the files are.

Perhaps you should stick with the electromagnets in the door trick   :Wink: 

As for the unused inode and space problem, generally this is not touched (the 'data' space, at least) until it's needed...So, if you dd if=/dev/urandom of=/dev/WHATEVER before you encrypt, then the free space will cause alot of confusion (because random data is being encrypted) when someone tryed to look for patterns in the 'free space'

----------

## rhodyne

Thanks esapersona, your last comment on the realities of randominzing formats I had forgotten about.

But I wasn't considering "wiping" every bit on disk. With your script idea, have it pick a number between 3 and 22 (x), then a number between 112 and 435 (y), have it skip 'x' blocks, and format (with /dev/urandom  :Embarassed:  ) @ block size 'y', continue til end of disk or maybe even loop. All it would have to do is a few sectors this way before the data is completely unrecoverable. And if the format is with random data, like you said, it would be easy to confuse with real data or blank space.

Yes those numbers where just picked out of thin air   :Smile: 

The idea here though is for a soft solution (if there is one) instead of a hard solution. Hard solutions are obvious and have to be implemented with your presence. Soft solutions could, theoretically, be done without your knowledge, and most of the time destroy them selves during implementation.

Like I said before, my paranoia knows no bounds   :Shocked: 

----------

## echto

Done.  / is encrypted and now onto encrypting swap.  This thread is a great start!

Btw, I'm still in the mothers womb.

----------

## esapersona

Alright - I'm benchmarking these filesystems to see what the overhead is and which performs best when encrypted.

I'm using time <command> in a script..One question - Should I record the real, user and system times, or just the user and the system?  I'm in single user mode.

----------

## viperlin

so has anybody managed to either boot 2 initrd's at once

or merge 2 initrd's together?

what would really be kool is having the silent bootsplash with the progress bar and then a box appears for your password...... sadly i have no idea how this would be done and can't work in it myself.

the initrd's are a bit risky but i'll be giving it a go, please give me any tips on merging or booting with 2 initrd files.

----------

## echto

This is wrong.

 *Darckness wrote:*   

> update:
> 
> fstab line:
> 
> /dev/hda3    /      xfs       noatime,loop=/dev/loop5,encryption=AES256 0 0
> ...

 

It should read

/dev/loop5    /        xfs         noatime 0 1

----------

## bryon

I dont know what I am doing wrong but once i get to the 

```

patch -p1 <../util-linux-2.11y.diff 

```

It just sits there and does nothing

----------

## echto

 *bryon wrote:*   

> I dont know what I am doing wrong but once i get to the 
> 
> ```
> 
> patch -p1 <../util-linux-2.11y.diff 
> ...

 

What version of util-linux-2.11 are you using?

----------

## bryon

The versions of the programs are as follows

util-linux-2.11z.tar.gz

loop-AES-v1.7c.tar.gz

----------

## echto

That is odd.  Have you tried

emerge unmerge patch

and 

emerge patch

yet?

----------

## bryon

i cant seam to find "CONFIG_BLK_DEV_RAM_SIZE=4096" in the kernel .confign will that make a big diffrence?

I have looked through 2.4.19 and 2.4.21 < vanilla

----------

## bryon

I have all the other kernel options set properly other then the one that does not seam to be there(see above).  But it still just sit at the same spot.

```

./util-linux-2.11z/getopt/getopt-test.tcsh

./util-linux-2.11z/getopt/getopt-parse.bash

./util-linux-2.11z/getopt/getopt-parse.tcsh

root@lappy loop-AES-v1.7c # patch -p1 util-linux-2.11z.diff

```

Please help i relly want to be able to encript the file system.

----------

## esapersona

 *bryon wrote:*   

> 
> 
> root@lappy loop-AES-v1.7c # patch -p1 util-linux-2.11z.diff
> 
> 

 

You need to type 

```
patch -p1 < util-linux-2.11z.diff
```

You're piping the patch into the patch program...So could even do this:

```
cat util-linux-2.11z.diff | patch -p1
```

Also, that config thing that you can't find is under 'Block Devices' and becomes available when you select <*> RAM disk support

----------

## bryon

Thanks for the help with the kernel config that will help out a lot.  But the patch command was a stupid error on my part.

----------

## bryon

I am sorry to bother everyone again but I got stuck again. For some reason it seams liek I am missing some files.

```

lappy mount # ls

loumount.c  loumount.c.rej  rmd160.c  rmd160.h  sha512.c  sha512.h

lappy mount # pwd

/usr/src/loop-AES-v1.7c/mount

lappy mount # install -m 4755 -o root mount umount /bin

install: cannot stat `mount': No such file or directory

install: cannot stat `umount': No such file or directory

lappy mount # install -m 755 losetup swapon /sbin

install: cannot stat `losetup': No such file or directory

install: cannot stat `swapon': No such file or directory

lappy mount #

```

I have the utll linux insted the loop-AES like I am supos to.

----------

## esapersona

 *bryon wrote:*   

> 
> 
> lappy mount # pwd
> 
> /usr/src/loop-AES-v1.7c/mount
> ...

 

That's strange....I don't have a mount directory in my loop-AES-v1.7c directory...

The directory that you do all the install stuff from is /usr/src/loop-AES-v1.7c/util-linux-2.11z/mount.

You need to untar the loop-AES-v1.7c.tar.bz2 file in the /usr/src directory and then untar the util-linux-2.11z.tar.bz2 file in the /usr/src/loop-AES-v1.7c/ directory... 

G'luck   :Smile: 

----------

## Wilhelm

Hi has anyone succeded in getting Non-root partitions automatically lo-setuped ,including echoing password to losetup before the checkfs routine.

It won't run before checkfs for some reason even though my script has the 'before checkfs' clause added. I tried lot's of other depend() setups but it just won't setup the loop devices at the point i'd want it to.

Ow well i'll keep trying.

Also is it possible to encrypt your root partition so that it will get fsck'ed at startup??? The last thing i want to know before commencing with root encryption.

----------

## Wilhelm

HOWTO:

Description: Auto setup loop-devices previous to the checking of filesystems so your encrypted partition can get checked.

explanation:

/sbin/rc has a secret built in runlevel doing critical services. Since loop-AES needs to be run previous to checkfs we would think including the following would solve our problem. Or similar dependencies.

```

depend() {

    before checkfs

}

```

This is not the case. check out this /sbin/rc snippet

```

        # We do not want to break compadibility, so we do not fully integrate

        # these into /sbin/rc, but rather start them by hand ...

        for x in checkroot hostname modules loop-AES checkfs localmount

        do

                if ! start_critical_service "${x}"

                then

                        echo

                        eerror "One of more critical startup scripts failed to

                        eerror "Please correct this, and reboot ..."

                        echo; echo

                        /sbin/sulogin ${CONSOLE}

                        einfo "Unmounting filesystems"

                        /bin/mount -a -o remount,ro & >/dev/null

                        einfo "Rebooting"

                        /sbin/reboot -f

                fi

        done

```

you can see i added loop-AES in here before the checkfs. This allows me to execute the following script at startup before the fsck'ing and fstab gets mounted.

```

                                                                                 

depend() {

        # this function is useless due to /sbin/rc

        need checkroot modules

        before localmount

        after checkroot

}

                                                                                

start() {

                                                                                                                                                             

                ebegin "Setting up encryped loop devices"

                                                                                

                echo blahhhhhhh | losetup -p 0 -e AES256 /dev/loop4 /dev/hdb1 -C -S lalalallalala

                echo blahhhhh | losetup -p 0 -e AES256 /dev/loop5 /dev/hdb2 -C 100 -S lalalalalal

                                                                                

                eend $? "Failed to start encrypted loop devices!"

}

                                                                                 

# vim:ts=4

```

NOTE: fstab looks like this (see the 1's at the end of the loop devices this is so they get checked.

```

# /etc/fstab: static file system information.

# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/fstab,v 1.10 2002/11/18 19:39:22 azarah Exp $

#

# noatime turns of atimes for increased performance (atimes normally aren't

# needed; notail increases performance of ReiserFS (at the expense of storage

# efficiency).  It's safe to drop the noatime options if you want and to

# switch between notail and tail freely.

                                                                                                                                        

# <fs>                  <mountpoint>    <type>          <opts>                  <dump/pass>

                                                                                                                                        

# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.

/dev/hda1               /boot           ext3            noauto,noatime          1 2

/dev/hda3               /               reiserfs        noatime                 0 1

                                                                                                                                        

# Encrypted swap

/dev/hda2               none            swap            sw,loop=/dev/loop6,encryption=AES256                    0 0

                                                                                                                                        

# Encrypted drives

/dev/loop4              /home           reiserfs        defaults,noatime        0 1

/dev/loop5              /home/common    reiserfs        defaults,noatime        0 1

                                                                                                                                        

/dev/cdroms/cdrom0      /mnt/cdrom      iso9660         noauto,ro               0 0

/dev/fd0                /mnt/floppy     minix           noauto                  0 0

proc                    /proc           proc            defaults                0 0

                                                                                                                                        

# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for

# POSIX shared memory (shm_open, shm_unlink). Adding the following

# line to /etc/fstab should take care of this:

# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will use almost no

#  memory if not populated with files)

                                                                                                                                        

tmpfs                   /dev/shm        tmpfs           defaults                0 0

                                                                                                                                        

```

Modifications in short

* edit /sbin/rc and add loop-AES previous to any checkfs statement

* create your loop-AES script in /etc/init.d

* rc-update add loop-AES boot

voila!!!

----------

## togge

I ran into some trubbles trying to compile the loop.o driver for 2.5.73-mm2

# make

cd /usr/src/linux && make SUBDIRS=/usr/src/loop-AES-v1.7d modules Q='@cd /usr/src/loop-AES-v1.7d && if [ "$@" = "/usr/src/loop-AES-v1.7d" ]; then make modules; fi && true '

make[1]: Entering directory `/usr/src/linux-2.5.73-mm2'

*** Warning: Overriding SUBDIRS on the command line can cause

***          inconsistencies

rm -f *.o *.orig *.rej *.mod.c patched-loop.[ch] test-file[1234]

rm -f patched-loop.[ch]

cp loop.c-2.5.patched patched-loop.c

cd /usr/src/linux-2.5.73-mm2 && gcc -D__KERNEL__ -Iinclude -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -pipe -mpreferred-stack-boundary=2 -march=pentium3 -Iinclude/asm-i386/mach-default  -DMODULE -nostdinc -iwithprefix include  -DKBUILD_BASENAME=patched_loop -DKBUILD_MODNAME=loop -DEXPORT_SYMTAB -c /usr/src/loop-AES-v1.7d/patched-loop.c -o /usr/src/loop-AES-v1.7d/patched-loop.o

/usr/src/loop-AES-v1.7d/patched-loop.c: In function `do_bio_filebacked':

/usr/src/loop-AES-v1.7d/patched-loop.c:602: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_make_request_real':

/usr/src/loop-AES-v1.7d/patched-loop.c:669: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_set_fd':

/usr/src/loop-AES-v1.7d/patched-loop.c:942: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_release_xfer':

/usr/src/loop-AES-v1.7d/patched-loop.c:1073: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c:1074: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c:1082: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_init_xfer':

/usr/src/loop-AES-v1.7d/patched-loop.c:1109: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_clr_fd':

/usr/src/loop-AES-v1.7d/patched-loop.c:1136: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_get_status':

/usr/src/loop-AES-v1.7d/patched-loop.c:1224: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c: In function `loop_unregister_transfer':

/usr/src/loop-AES-v1.7d/patched-loop.c:1430: structure has no member named `lo_encrypt_type'

/usr/src/loop-AES-v1.7d/patched-loop.c:1434: structure has no member named `lo_encrypt_type'

make[2]: *** [patched-loop.o] Error 1

make[1]: *** [/usr/src/loop-AES-v1.7d] Error 2

make[1]: Leaving directory `/usr/src/linux-2.5.73-mm2'

make: *** [all] Error 2

Any idea why this happens ?

Maybe the kernel issnt supported ? 

 :Crying or Very sad: 

----------

## watersb

 *togge wrote:*   

> I ran into some trubbles trying to compile the loop.o driver for 2.5.73-mm2
> 
> [snip...errors...]
> 
> Any idea why this happens ?
> ...

 

I have been working with the kerneli cryptoloop patches with 2.5.73, and they work fine. I thought that loop-AES also works, but I have not tested this so I don' t know what might be going wrong.

edit:

I am using loop-AES-v1.7d and patched util-linux HERE ==> patches to util-linux-2.11.z

/edit

These patches to util-linux work with BOTH loop-AES AND cryptoAPI -- I have tested with the CryptoAPI (kerneli) kernel patches... on 2.5.73 and it WORKS. I will try to put together an ebuild for this patched util-linux.

A patch HOWTO for the development-sources and mm-sources kernels may be desirable, but apparently, the cryptoapi (kerneli) patch will be incorporated into 2.5/2.6! -- which means that no other patch will be required!   :Very Happy: 

----------

## Q

I have a 120 Gb root partition on a new disk. Everything seems to be fine. The dd command has been going for about 11 hours. I can see the disk access fine. It doesn't seem to have locked up but how long should the dd command take?

----------

## chadders

[quote="watersb"] *togge wrote:*   

> 
> 
> I have been working with the kerneli cryptoloop patches with 2.5.73, and they work fine. I thought that loop-AES also works, but I have not tested this so I don' t know what might be going wrong.
> 
> 

 

I'm getting ready to reinstall everything.  Watersb, do you like the kerneli cryptoloop patches better than loop-AES now?  I don't want to rebuild again for awhile and I will try the 2.5 kernels and kerneli cryptoloop if everything works good for you.

Chad  :Very Happy: 

----------

## Q

Just a note on my experience with the original instructions in the thread.

The dd command took about 20hrs on a new 120Gb partition with P4 2.4 machine with plenty ram.

After the dd command the partition was not recognised as reiserfs (or anything else for that matter) so it could not be mounted.

While reading the loop-AES readme it mentioned that the disk cache should be off (anyone have experience of this?) which I didn't do prior to the dd and I guess its one contender for the reason that the partition seemed corrupted.

Well blatted the partition and reinstalled with out encryption. I would love to give this another go if anyone can point me in the right direction.

I want to know if disk cache needs to be off?

Was it corruption?

What could have caused to corruption?

----------

## chadders

I had that problem before with AESPIPE.  I dunno what I do wrong with AESPIPE but it never works for me.  So when I encrypt my partition I boot from Knoppix CD,  losetup the loop device for the type of encryption I want, then dd if=/dev/hdaN of=/dev/loop0 bs=64k conv=notrunc . That seems to work good for me always. 

Oh, make sure that you DO NOT HAVE THE PARTION MOUNTED when you do the dd because if you do have it mounted then the unmount will write plain text meta data and your partition is wiped out.  I found that out the hard way!

I never had to turn off disk caching.

Chad  :Very Happy: 

----------

## scrllock

just a note.. you might want to edit your original post to change conv=notrun to conv=notrunc... minor detail.

Many thanks to chadders and all of you who posted your experiences.. It probably wasn't the best idea to undertake setting this up at 5 in the morning after 2 days of no sleep... but that's when the dd finished...   :Laughing: 

edit: I'm finally booting off of my main system now again.. it's great.

----------

## viperlin

after completing this first time i decided to do it on my main system.|

well when booting after with everything set up fine as far as i can see i get this at boot:

```

VFS: Mounted root (minix filesystem) readonly

mounted devfs on /dev

Freeing unused kernel memory: 144k freed

kjournald starting. Commit interval 5 seconds

EXT3-fs: mounted filesystem with ordered data mode.

Command "/lib/insmod -o loop /lib/loop-2.4.20.o " returned error

flushing ide devices: hda hdb hdc hdd

System Halted.

```

/lib/insmod does NOT exist

/lib/loop-2.4.20.o does not exist 

(i tryed symlinks but that didn't change a thing.)

any ideas, i'm stumped at where to begin.

----------

## chadders

Did you have your /boot partition mounted when you ran the build-initrd.sh?

Chad  :Very Happy: 

----------

## viperlin

yes

----------

## viperlin

any other ideas coz i can't even boot to find out what the error is.

i'm pretty sure that it shouldn't be looking in /lib for them, insmod is in /sbin and the newly created loop.o is in /lib/modules/2.4.20/block/

and also both in /boot because of the build-initrd.sh script.

to double check i ran it i've mounted my root and boot partitions in the right place (/mnt/gentoo /mnt/gentoo/boot) and chrooted into it and re-ran build-initrd.sh.

still does the same error.

----------

## krazo

Has anyone tried software suspend or even suspend to ram with encryption? How well does it work?

----------

## lghman

This is the second time I have tried this and I keep getting the same response , this is right after the dd part:

```
root@tty1[/]# mount /dev/hda3 /mnt/gentoo -t xfs

XFS: bad magic number

XFS: SB validate failed

mount: wrong fs type, bad option, bad superblock on /dev/hda3

            or too many mounted file systems

```

I tried this before a few days ago using REISERFS and figured that it was just that.  Guess not? I can get around this error by mounting /dev/loop0, but it still dosent work at boot time.

--sonik

----------

## Wilhelm

 *viperlin wrote:*   

> after completing this first time i decided to do it on my main system.|
> 
> well when booting after with everything set up fine as far as i can see i get this at boot:
> 
> ```
> ...

 

I'm having a similar problem with my encrypted root partition.

It doesn't ask for my password nor does it load loop-{bla}.o

It can't find /lib

It halts (or panics if i disable /build_{blah}.sh DEVPIVOT and DEVFS)

I'm sure that all files needed are on the /boot partition.

Do i need to run grub or something because in most documents they tell you to run lilo?

Help!!Last edited by Wilhelm on Sun Jul 13, 2003 11:18 pm; edited 1 time in total

----------

## viperlin

i fixed it: here's how.

i realised it must be the loop driver thats faulty, so it took a while but i:

de-crypted my hdd, booted gentoo as normal and deleted the /usr/src/loopAES directory and started the tutorial again, after that & making sure i had the devfs things done i re-encrypted booted up and it worked perfectly

i now have 2 encrypted hdd's encrypted swap and another hdd's gettin encrypted tomotow or tonight, whenever i can be bothered.

hope it helps, it's lots of waiting i know but if you'r 100% no idea then u might as well try it anyway.

----------

## Wilhelm

OK solved it.

Getting errors like /lib failed in my case where caused by a wrong setting in build-initrd.sh

The entries for the devices MUST be in the following form.

DEVROOT=/dev/ide/host0/bus0/target0/lun0/part1

If not IT WILL FAIL.

Chadders might it not be a good idea to re-edit the HOWTO and add all the bit's and pieces mentioned throughout the 7 pages of forum. Most hurdles i came across ended up being answered in the the following messages.

Luckily my system is fully encrypted except for the boot partition :].

Anhow You-Da-Man ;]

----------

## watersb

 *chadders wrote:*   

>  *watersb wrote:*   
> 
> I have been working with the kerneli cryptoloop patches with 2.5.73, and they work fine. I thought that loop-AES also works, but I have not tested this so I don' t know what might be going wrong.
> 
>  
> ...

 

I prefer the kerneli patches, because the code looks cleaner to me for the 2.5.x kernels -- and now that it will be incorporated as a standard into the mainline kernel, I think that we may all win. From looking at the code, I think that the kerneli approach was the correct one from a technical standpoint -- NOT to flame loop-AES!!! -- but simply from the standpoint of re-using existing kernel features which were some of the main development poitnts for 2.5: the new block I/O subsystem and the kernel-wide crypto routines.

That said, I actually prefer the feature set of Jari's patches for util-linux; I have been using GPG to encrypt the hard-disk password, and storing that GPG keyring on an external device. This sort of thing can be implemented as a script pre-processor to losetup or mount, and indeed loop-AES detractors make this point. But I am developing whole-disk encryption at boot-time, and it's much easier to have things in the executable at the moment. So anyway I am very happy with the recent developments of util-linux, and I hope that my postings to the mailing lists have helped that work.

So: I am pleased with the kerneli cryptoloop. I am using util-linux with the loop-AES developer's patches and am happy with that.

I simply cannot get pivot_root to work with a 2.5 kernel; I have been trying to get that to work since December and cannot do so. Any help would be appreciated, as I cannot get encrypted-root-disk to work without some sort of mount-root mechanism.

----------

## Aonoa

watersb, I have encrypted my 2.4.20-r5 system with loop-AES. Do you think I can easily (without having to de/re-encrypt) convert to start using kerneli instead ?

I want to try the new 2.6.0-test1 kernel and it has CryptoAPI with CryptoLoop support built-in.  I guess all I can do is try  :Smile: 

----------

## watersb

 *eonic wrote:*   

> watersb, I have encrypted my 2.4.20-r5 system with loop-AES. Do you think I can easily (without having to de/re-encrypt) convert to start using kerneli instead ?
> 
> I want to try the new 2.6.0-test1 kernel and it has CryptoAPI with CryptoLoop support built-in.  I guess all I can do is try 

 

I believe that you could set up loop-AES so that it is compatible with kerneli -- by specifying the RIPEM160 hash for passwords -- but you need to know to do that up front, when you initially set up the loop-AES encryption.

Since the passing of the (hashed) password is a userspace process, using a loop-AES disk with the kerneli cryptoloop driver is probably a matter of passing the correct parameters to losetup or mount.

Please look at the mailing list archives on kerneli.org for more details... I am having some config probs with my system at the moment... when I have more time I can post more info.

----------

## Aonoa

Oh well.. I've unencrypted my partitions now and trying to get a decent setup with 2.6.0-test1 working. (Some issues with my USB mouse). After that I'll see what I'll do about encryption.

Most likely I'll use the CryptoAPI when encrypting my root again, perhaps with another cipher than AES.

----------

## Wilhelm

Eonic doesn't the new 2.6.0 kernel have the cryptAPI (or whatever crypto system) directly built into and better integrated into the kernel??

Could you report back on what they did with cryptology and if so how easy it works  :Wink: 

Oh btw AES is one of the very best cyphers around. I assume yu want a less known cypher. What would be even kewler is your very own cypher so that the Feds wouldn't even know how the cypher was encoded decoded  :Smile: 

----------

## Aonoa

Wilhelm:

Yes, the new 2.6.0-test1 does have cryptoAPI built-in along with cryptoloop so it should be rather easy to implement it to any system.

However, I can't be arsed trying until my USB mouse works with 2.6.

There has been a few others too that's having trouble with USB devices so I hope this get's fixed soon.  When it does I will try the cryptoAPI in the 2.6 kernel.

As for a cipher; I might try blowfish.. it supports up to 448bit encryption, though uncertain about whether or not losetup can be used with 448bit blowfish encryption.

----------

## Wilhelm

Hope you get your mouse running soon then  :Wink: .

I might give the development sources a go on my logging server after i get back from holiday. Then i'll check out encryption too.

According to the man-pages you can't do 448bit blowfish. blowfish256 is the max. What i would suggest if you don't beleive 256bit to be safe then run it through 2 loop devices both with a different password. Also 448 bit key would require a BIG password.

----------

## Aonoa

Blowfish256 is max, bugger. Oh well, does not matter much as I consider 256bit good, I know I read that blowfish itself has up to 448bit encryption.. just not possible to go that high in this case I guess.

Mm.. my friends gawked at my 20+ key password, hehe which is the minimal for loop-AES.

Which is faster, do you know ? blowfish256 or AES256

Any specific flaws in either ?

----------

## Wilhelm

 *eonic wrote:*   

> Blowfish256 is max, bugger. Oh well, does not matter much as I consider 256bit good, I know I read that blowfish itself has up to 448bit encryption.. just not possible to go that high in this case I guess.
> 
> Mm.. my friends gawked at my 20+ key password, hehe which is the minimal for loop-AES.
> 
> Which is faster, do you know ? blowfish256 or AES256
> ...

 

What i know is what i read.

According to some websites:

Blowfish is fast and a bigger key doesn't cause longer computation time.

Blowfish has vulnerabilities if less than 14 rounds are used (i thing that's the iteration count). Some other attacks are available on specific strains of keys.

AES is the newest standard and according to my literature the best choice.

AES has no known threats but it's still to early to be certain. There are some attacks which can get the key in sub-exponential time, so called XSL attacks, but they are complex and still don't threaten AES as long as you use a good number for the iteration count like 100. Reading this made me think darn i forgot the iterationcount on my root partition.

Here are the comments according to my literature

Computer Networks, Andrew S. Tranenbaum 4th edition

Blowfish    1-448bit                 Old and slow

DES          56bit                     Too weak to use now

IDEA         128bit                   Good, but patented

RC4           1-2048bit              Caution; some keys are weak

RC5                 128-256bit      Good, but patented

Rijndael(AES)    128-256bit      Best choice

Serpent             128-256bit      Very strong

Triple DES         168bit             Second best choice

Twofish             128-256bit       Very strong widely used

What my literature says about AES

In 2001 one it was nominated as the US government standard which imo says enough. 

Also AES is open source and so there are no backdoors to allow the US government to eavsdrop on encrypted traffic.

AES uses state of the art cryptographic features that stop all known standard attacks.

AES has provable security attributes.

A 128bit AES encryption has a keyspace of 2^128 approx. 3x10^38 keys. Even if NSA manages to build a machine with a billion parallel processors, each being able to evaluate 1 key per picosecond it would still take 10^10 years to search the keyspace. By then the sun will be burnt out, so the folks present will have to read te results by candlelight.

Now imagine 256bit yep i think that is secure  :Smile: .

Software implementations of AES on a 2Ghz machine would give you a 700Mbps encryption rate.

Ok this is enough for me t say AES please  :Smile:  but it could be that my literature is a bit pro-AES.

If you wnat hardcore security you could combine two different ciphers i'd recommend AES and serpent or AES and twofish.

----------

## watersb

Apparently you CAN use your old loop-AES encrypted disks with cryptoapi that is in the new kernel -- from the loop-AES author:

 *Quote:*   

> 
> 
> Yes, on-disk formats are compatible.
> 
> If you use loop-AES' loop.o module with mount+losetup from kerneli.org, no
> ...

 

I have been using cryptoAPI with the 2.5 and now 2.6 kernels, with a util-linux 2.11z with recent patches from Jari that work with both loop-AES and 2.6 kernel.

I have this setup working from an init ramdisk, so that one could have encrypted root, except that I cannot get pivot_root() to work at the end of my initrd setup with newer kernels. I can get this to work with 2.4.20+ kernels, though.

I encourage people to try the cryptoloop in the 2.6test kernel. You should be able to use your loop-AES partitions without re-encrypting, if I understand jari correctly... I have posted links to the util-linux patches in this thread; read back a couple of pages.

Good luck!Last edited by watersb on Sat Jul 19, 2003 11:58 pm; edited 1 time in total

----------

## watersb

 *Wilhelm wrote:*   

> 
> 
> Here are the comments according to my literature
> 
> Computer Networks, Andrew S. Tranenbaum 4th edition
> ...

 

My information comes from reading Bruce Schneier; see http://www.counterpane.com

As I understand, triple-DES is a good choice because it is very well-researched, it has been around for a long time. Most likely there are hardware implementations optimized to attack triple-DES, but virtually no one is likely to have access to such.

That said, you want to use one of the AES candidates. I believe that Serpent has been broken -- don't use it.

That leaves Rijdael (now AES) or Twofish. There is a theoretical attack against AES, but not a working attack against AES with full rounds (that is, any real AES implementation is not likely to be vulnerable). There are no known attacks against twofish in the literature.

Experts who do not publish, who were involved in the selection of Rijndael over Twofish, may know something that the open-source crypto community does not about respective vulnerabilities.

 *Quote:*   

> 
> 
> Also AES is open source and so there are no backdoors to allow the US government to eavsdrop on encrypted traffic.
> 
> 

 

Hmm.. the details of the S-boxes in Rijndael were approved by the US government employees. The last time there was an encryption standard selection process, in the late 70's, these folks modified the S-boxes in DES (without telling people why) before accepting DES as the standard... this modification turned out to strengthen DES against differential cryptanalysis attacks, which were not known in the published literature of the time.

Which is to say that yes, it's open-source, but actually there is quite a bit of empirical kludging in the construction of these routines, and only time will tell if they have vulnerabilities or not.

Better to say that there are no *obvious* back-doors. And that the last time the US government was involved in a selection process like this, the only changes they made seemed to *strengthen* the algorithm.

 *Quote:*   

> 
> 
> If you wnat hardcore security you could combine two different ciphers i'd recommend AES and serpent or AES and twofish.
> 
> 

 

I would agree that you might want to use two different ciphers, but I would suggest that you combine a new cipher, either AES or twofish, with an old, well-understood cipher like CAST5. It might be Really Bad Idea to combine two new ciphers like AES and serpent; vulnerabilities of one of them (e.g. serpent) might weaken your encryption.

As a practical matter, it is likely to be too difficult to combine ciphers effectively -- you are likely to screw it up.

As I have gained a better understanding of how the different pieces of the util-linux hard disk encryption works, I have added features like a random password protected by a GPG encryption.

I would suggest that if you are starting out with all this, to keep it as simple as possible.

----------

## viperlin

hey just asking everyone who uses an encrypted root partition (i'm one of them)

at shutdown/reboot i get:

```

/sbin/rc: line 1: /proc/cmdline: No such file or directory

Give root password for maintenance

(or type Control-D for normal startup):

```

this must be because the root FS has been unmounted or something, just wondering if there is a way to make it go away, it look un-proffesional to have errors on PC bootups/shutdowns (especially laptops). so for cosmetic reasons any way to kill this zit.

----------

## Wilhelm

Yes, i believe that for the system to go to maintenance mode it has to mount the root partition as read-only, Since repairng disks and doing low level maintenace requires exclusive disk access.

I'm not so bothered because i use a pass-phrase that's easy to remember instead of a 20+ character random generated password.

Also i don't mind the error but you could put in an if-test before wxecuting line 1.

So open up the script file and fix it somehow  :Smile: 

----------

## Wilhelm

btw. mm-sources has a new 2.6.0 test version it might have better USB support.

----------

## DesertFox

I recently bought a new hard drive (upgrade) a 200 gig 8mb cache, over my old 40 gig 2m cache.  In the process, I upgraded to the encrypted file system.  A couple of things that I noticed in finally getting this to work were:

I had to mount the new hard drive (encrypted) and copy everything over with cp -a / /mnt/encrypt (or whatever)

also, I had been using

```
kernel /boot/bzImage root=/dev/hda5 mem=0xF000000 vga=0F00
```

for my kernel options in grub, but I learned that the mem option for some reason made it so the ram disc wouldn't load (F000000 is only 256 megs, which is what I have.  I guess the 4 meg ramdisc wasn't given any space to load).  By removing the mem=0xF000000 option, I was able to get the ramdisc to load.

my new grub option is:

```
title=Gentoo Linux

root (hd0,0)

kernel /bzImage.crypt ro root=/dev/ram0 init=/linuxrc rootfstype=minix

initrd /initrd.gz
```

I also had to specify the actual location of the hard drive partitions, ie: BOOTDEV=/dev/ide/host0/bus0/target1/lun0/part1.  Aside from also changing BOOTTYPE, CRYPTROOT, ROOTTYPE, and CIPHERTYPE, I also enabled USEPIVOT, as recommended in the build-initrd.sh. 

 *Quote:*   

> # 1 = use pivot_root, 0 = use old change_root
> 
> # See above header for root= and append= lilo.conf definitions.
> 
> # pivot_root is not available on 2.2 and older kernels.
> ...

 

To get build-initrd.sh to actually process, I also had to enable USEDEVFS 

 *Quote:*   

> # 1 = use devfs, 0 = use classic disk-based device names. If this is
> 
> # enabled (USEDEVFS=1) then setting USEPIVOT=1 is also required and kernel
> 
> # must be configured with CONFIG_DEVFS_FS=y CONFIG_DEVFS_MOUNT=y

 

from the beginning of build-initrd.sh:

 *Quote:*   

> #  Initrd can use two different methods to switch to encrypted root device:
> 
> #  change_root (USEPIVOT=0) and pivot_root (USEPIVOT=1). change_root method
> 
> #  is present in at least 2.2 and 2.4 kernels, and it works ok. pivot_root
> ...

 

I acually had to use the USEPIVOT=0 kernel config settings (for those who couldn't find the CONFIG_BLK_DEV_RAM_SIZE=4096, it is under block devices, RAM disk support (once you enable RAM disc support, you get the RAM disk size option)).

Anyway, those were just a few of my findings.  Also, when I enter the password at boot, or when mounting the encrypted partition under my unencrypted gentoo setup, the mount takes about 5 seconds, is this normal for a 200 gig partition? or is just something about the large encryption size.

----------

## chadders

What filesystem is best for a encrypted root?  I used both XFS and Reiserfs and they worked good but before I make a new root with a 2.6 kernel pretty soon I want to make sure its going to be ok for a long time.

Chad  :Very Happy: 

----------

## Aonoa

I have been using ReiserFS for a long time now without any issues at all.

The computer has abruptly gone down some times as well, due to power shortages and that's not corrupted any files.

I consider ReiserFS fast and stable. Soon we'll even get Reiser 4.   :Smile: 

----------

## TenPin

I've always thought having an encrypted root fs would be really thrifty. If for whatever reason the law confiscates your machine then you can be quite smug knowing it would be near impossible for them to retrieve anything.

Another interesting idea would be to have a self destruct system setup so that if for whatever reason you were forced to give away your password then you could give away a specific wrong password that would trigger the hard disks blanking mechanism. This is assuming they have left your setup intact.

----------

## watersb

 *chadders wrote:*   

> What filesystem is best for a encrypted root? 
> 
> 

 

I have many problems with XFS-over-CryptoAPI-loops with recent kernels. Many I/O errors. From the kerneli-dev mailing list, I see I am not alone.

So although I think XFS is a great filesystem, I would not use it with an encrypted loop.

I've been using ReiserFS for some time now on encrypted loops. Seems fine... well, I have to report that I just lost my entire encrypted partition, which was reiser 3.6 encrypted with kerneli, but I think that has something to do with user error and really bad use of --rebuildtree.

 *Quote:*   

> 
> 
> but before I make a new root with a 2.6 kernel pretty soon I want to make sure its going to be ok for a long time.

 

Ooh, then don't use encryption or linux, use something boring.   :Razz: 

Seriously -- this is all relatively new. Make certain you have backups that you understand. I used an encrypted root for almost a year with no problems once I set it up, but it's a new ball game with the 2.6. kernels -- this setup phase is a real tough one. 

I can't get buildinitrd.sh to do anything reasonable for a 2.6 kernel. I've tried many many things. So if you get kerneli to work with encrypted root on 2.6, please let me know!

(Oh, if you're feeling brave, you might want to wait a few days for Resier4

----------

## watersb

Me again.

New Util-Linux 2.12 in portage

This new one has been released and supports the cryptoAPI in the 2.6 kernel -- but does NOT incorporate the patches from loop-AES that I've posted earlier in this thread.

So I have to look up how to pipe gpg passwd to losetup again... no big deal...

For loop-AES users, this new util-linux should work just like the previous (2.11z unpatched) one; that is, it will work with your loop-AES partition if you had set up your loop-AES partition to use rmd160 password hashing.

The main change here is the support for 2.6 kernel cryptoloop.

----------

## esapersona

I've been using XFS with loop-AES for a while now (4 months) (and have done a few benchmarks, and I'll be doing more and posting them when I get a round tuit) and I'm surprised to hear that you had IO errors....

But i havn't been using 2.5.x, so I suppose that may have something to do with it...

Which is the best file system?

Don't touch ext3 or JFS.  In my benchmarks their results were quite erratic, and I don't like erratic.

I'm using XFS because it loads my mp3s faster.  I noticed that doing an ls in my mp3 larger subtrees of my mp3 directory too ages under ext3 and reiser, so I gave xfs a go and am quite impressed...I recommend XFS, but you do run that risk of IO errors that some people get =/

----------

## tomaw

Just a few questions before I go ahead and try all this:

1)  What happens when portage upgrades mount?

2)  How long would it take (roughly) to encrypt a root partition of 10GB on a Athlon MP 2000 system?

3)  Does partimage still work to backup the root system?

----------

## viperlin

1) you will have to copy the mount and umount back over (i made copys in /root/encryption) of mount, umount, swapon, losetup.

2) not sure, if an Athlon MP 2000 is 1GHz and the harddrive is empty then not too long.

3) i assume you use knoppix and partimage, just run the losetup command you used and put in the password, use /dev/loop5 or whatever for the backup instead of the hda3 (or whatever your root partition is)

----------

## tomaw

sorry my post on the CPU was incorrect, they are Athlon MP 2400's that run at 2GHz.  It's a dual processor system, but I am not sure that will help too much with the encryption.

Also, could partimage not backup the encrypted file system, so the backup cd's don't actually contain plaintext data?

----------

## chadders

I don't think that you want to use partimage.  If you want to have backups where everthing on the backup is encrypted you should use dd to copy all of the encrypted blocks.

If a backup program has to know about the filesystem (like partimage) then it is reading and backing up UNencrypted stuff.

Chad  :Very Happy: 

----------

## tomaw

OK, here's my next question - does anyone have the patch working for util-linux 2.12?  Without this I doubt much will work.

This is what I get from it:

```
patching file mount/Makefile

Hunk #3 FAILED at 78.

1 out of 3 hunks FAILED -- saving rejects to file mount/Makefile.rej

patching file mount/aes.c

patching file mount/aes.h

patching file mount/lomount.c

Hunk #1 FAILED at 6.

Hunk #2 FAILED at 23.

Hunk #3 FAILED at 140.

Hunk #4 FAILED at 218.

Hunk #5 FAILED at 523.

Hunk #6 FAILED at 549.

Hunk #7 FAILED at 627.

Hunk #8 succeeded at 721 with fuzz 2 (offset 79 lines).

Hunk #9 FAILED at 730.

Hunk #10 succeeded at 719 (offset 57 lines).

Hunk #11 FAILED at 757.

Hunk #12 FAILED at 865.

10 out of 12 hunks FAILED -- saving rejects to file mount/lomount.c.rej

patching file mount/losetup.8

Hunk #1 FAILED at 1.

Hunk #2 FAILED at 7.

Hunk #3 succeeded at 55 with fuzz 2 (offset 24 lines).

Hunk #4 FAILED at 72.

Hunk #5 FAILED at 142.

4 out of 5 hunks FAILED -- saving rejects to file mount/losetup.8.rej

patching file mount/loumount.c

patching file mount/mount.8

Hunk #3 succeeded at 1698 (offset 8 lines).

patching file mount/mount.c

Hunk #2 succeeded at 198 (offset 3 lines).

Hunk #3 succeeded at 208 (offset 3 lines).

Hunk #4 FAILED at 1402.

Hunk #5 FAILED at 1441.

Hunk #6 succeeded at 1489 (offset 19 lines).

2 out of 6 hunks FAILED -- saving rejects to file mount/mount.c.rej

patching file mount/rmd160.c

patching file mount/rmd160.h

patching file mount/sha512.c

patching file mount/sha512.h

patching file mount/swapon.8

patching file mount/swapon.c
```

Also, since I'm posting, I notice that my distfiles contains

```
tawesley util-linux-2.12 # ls /usr/portage/distfiles/util*

/usr/portage/distfiles/util-linux-2.11z-crypt-gentoo.patch.bz2

/usr/portage/distfiles/util-linux-2.11z.tar.bz2

/usr/portage/distfiles/util-linux-2.12.tar.gz
```

Is the gentoo patch related to this experiement at all?

----------

## watersb

 *tomaw wrote:*   

> OK, here's my next question - does anyone have the patch working for util-linux 2.12?

 

util-linux-2.12 seems to be a CryptoAPI-only sort of thing.

For loop-AES, look back to page 4 or so of this thread; I posted some patches against 2.11z that I tested with loop-AES.

I did NOT write the patches, I just posted them from the loop-aes mailing list

----------

## chadders

Watersb profile said: "Where the hell is Socorro, New Mexico?" Its between Las Cruces and Albuquerque (home of Gentoo) and is a good place to see UFOs and planets and star parties!  I want to come!  

Chad  :Very Happy: 

----------

## Leen

Hi, well i have a strange problem:

Yesterday i encrypted my laptop and everything went fine, today i tried it on my desktop-pc, and at first it seemed that everything went just fine, too.

But when i tried to boot the new encrypted machine, it asked for my passphrase, accepts it....then the normal boot procedure runs but after 

"Activating (possibly) more swap" when the system tries to mount the root filesystem it says that the superblock on /dev/loop0 would be defect. Then Gentoo mounts it read-only and suggests that i should recover it with --rebuild-sb.

Well...i tried it, and it just don't work (the programm says that a 0 byte blocksize cannot be recovered [or something simmilar]). 

I thought:

Uhh, all my data lost? Then i put in the knoppix-cd again, mounted the device without problem, no bad superblock message, nothing seems to be wrong at all. Of course i checked the partition...and there were no errors on it.

So now my question: What's the error...and, most important of all, how can i fix it? (So that i can use it in my desktop pc again)

I allready tried to dd_rescue it to a file, then to format it with mkreiserfs and then to dd_rescue it back, but i think dd_rescue copies everything 1:1 so that the "error" or whatever it is remains still on the disk (me does actually not exactly know how dd_rescue is working..  :Smile:  ).

----------

## rwar

hi all, ive also got a problem.

encrypting worked, and i can mount and unmount the partition manually from knoppix, but booting does not work.

i built the utils, the loop module, initrd, configured it all (devfs=1 etc), the modules and some libs are on /boot, but when i boot i get virtually no errors except a kernel panic? i get one error that is a insmod scsi error but i believe thats pcmcia related.

also, since the kernel panics i cant scroll up to read more, and since the fs is encrypted its not logging it, how can i read the rest of my debug msgs (to see if initrd and the loop module are even being loaded, i dont see them when its scrolling by, but then again it scrolls by really fast :O)? cant login and use dmesg, its not logged in the first place, rebooting with knoppix and using dmesg of course shows knoppix's messages

i tried passing rootfilesystem=minix to the kernel but to no avail.

(side question: what does init=/linuxrc do?)

anyway this is whats left on the screen everything else looks normal

kmod: failed to exec /sbin/modprobe -s -k scsi_hostadapter errno = 2

NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.

spurious 8259A interrupt: IRQ7

Yenta IRQ list 04b8

spurious 8259A interrupt: IRQ7

Yenta IRQ list 04b8 

Kernel panic: VFS: Unable to mount root fs on 01:00

is this from the ramdisk or from the actual root fs? /dev/loop5 from fstab in this case 

one thing, im using 2.4.20-ck6, i have the kernel modules configured right but im wondering if theres a patch thats causing trouble?

----------

## Bersi

Sethrab:

 *Quote:*   

> An earlier post (contigab) made the comment that similar results can be achieved using modules taken from the cryptoloop package. If the similar result is an encrypted "root" filesystem then additional work is needed. The kernel will not have access to the root file system to retrieve the encryption module untilt he encryption module is retrieved... a chicken and egg problem. This is the reason that an intermediate root (initrd=/dev/ram) is required to boot. Contigab handles encrypted home, etc, very well and is useful, but does not appear to handle the encrypted root case. The original loop-AES post that started this thread does address this. 

 

Im just wondering. If one has a /home partition encrypted then WHY would one need to encrypt the root partition too? All your personal files are in the /home partition and the root filesystem keeps libs,binaries and docs. There is nothing to hide in the root partition?

----------

## watersb

 *chadders wrote:*   

> Watersb profile said: "Where the hell is Socorro, New Mexico?" Its between Las Cruces and Albuquerque (home of Gentoo) and is a good place to see UFOs and planets and star parties!  I want to come!  
> 
> Chad 

 

Come along sometime -- I can give tours of the Very Large Array -- although (contrary to the move "Contact") I have to admit we haven't found any space-alien transmissions yet!   :Razz: 

----------

## watersb

 *sethrab wrote:*   

> An earlier post (contigab) made the comment that similar results can be achieved using modules taken from the cryptoloop package. If the similar result is an encrypted "root" filesystem then additional work is needed. The kernel will not have access to the root file system to retrieve the encryption module untilt he encryption module is retrieved... a chicken and egg problem. This is the reason that an intermediate root (initrd=/dev/ram) is required to boot. 

 

Not quite... I suggest that you compile the cryptoloop drivers as part of the kernel -- not as modules -- with the 2.6.0 kernel this is available. You still need some way to tell init to decrypt the root filesystem at boot-time, that is what the initrd is for.

 *Bersi wrote:*   

> 
> 
> Im just wondering. If one has a /home partition encrypted then WHY would one need to encrypt the root partition too? All your personal files are in the /home partition and the root filesystem keeps libs,binaries and docs. There is nothing to hide in the root partition?

 

The problem with security is that it is hard to anticipate what should be hidden. If you can guarantee that your system is not "leaking" information, then by all means stick with an encrypted home. Just note that your /etc directory will be readable by anyone with physical access to your disk (if they steal a laptop, for example). Likewise /var/spool/mail and /var/cache/squid...

The point is that, after careful consideration, I gave up on trying to select which things might be worth encrypting and decided to encrypt the whole shebang.

----------

## Wilhelm

 *rwar wrote:*   

> hi all, ive also got a problem.
> 
> encrypting worked, and i can mount and unmount the partition manually from knoppix, but booting does not work.
> 
> i built the utils, the loop module, initrd, configured it all (devfs=1 etc), the modules and some libs are on /boot, but when i boot i get virtually no errors except a kernel panic? i get one error that is a insmod scsi error but i believe thats pcmcia related.
> ...

 

Ok what's happening to my limited knowledge is that your scsi driver isn't getting loaded *duh* and because of that the root partition won't get mounted. Remember that laptops have scsi hard drives mostly. Then after the initrd is finished you end up with the kernel panic and blinking keyboard because it doesn't have anything to boot.

Your root file system should not be set to minix. Remember fstab is on your encrypted root. Only the files on the boot dir can be faulty like the kernel itself, the modules, the loop-AES files.

Here's what you should check

Make sure all modules needed are available in the boot dir (read the loop-AES manual for exact location). Make sure /boot  is mounted when you stick stuff on it. If i where you i'd compil all modules like scsi into your kernel if possible, this will make life easier.

Make sure the DEVROOT applies to your drive this will be different for your scsi laptop drive.

DEVROOT=/dev/ide/host0/bus0/target0/lun0/part1

----------

## mmealman

 *TenPin wrote:*   

> I've always thought having an encrypted root fs would be really thrifty. If for whatever reason the law confiscates your machine then you can be quite smug knowing it would be near impossible for them to retrieve anything.
> 
> 

 

Well be careful with that. The passphrase to get into your encrypted filesystem can be ordered from you by the courts. Don't give it up? You'll be in contempt and go to jail.

Anyone make use of deniable encryption like what's at http://www.rubberhose.org?

It seems to me the weak link in crypto these days isn't the algorythm so much as the human who owns the key who may be forced to give it up.

----------

## viperlin

seems stupid but surely (ok i won't call you shirley) you could just say you have forgotton the password, what proof do they have that you have not forgotton it.

"i've not rebooted in ages and never entered the password much, i have forgotton it"

(other than a lie detector test that is, and even they can be fooled with training)

----------

## mmealman

So you've forgotten the password to boot the computer you use every day? Do you think a judge would actually believe that?

A judge doesn't need proof to throw you in a jail cell for contempt of court.

----------

## belgarion

 *Quote:*   

> Well be careful with that. The passphrase to get into your encrypted filesystem can be ordered from you by the courts. Don't give it up? You'll be in contempt and go to jail. 

 

No. Just plead the Fifth. Unless you've actually got the key written down somewhere, they can't ask you to reveal it yourself, as you can't subpoena thought. Of course, I don't think it'll come up.  :Razz: 

----------

## tomaw

They can here in the UK.

----------

## mmealman

The 5th doesn't protect you. The 5th basically states that testimony against yourself can't be coerced from you. But you were never coerced into putting the materials onto your encrypted drive. The passphrase is merely the key to access those contents and the 5th doesn't apply to the key.

It's sort of like if you shot someone with a gun, placed a gun in a safe that only you had the key to. You can't be forced into saying that a gun exists in the safe or that you used it, but you can be forced into giving the police the key to open the safe.

If you just say you lost the passphrase then you'll get into a question answer phase about your computer use(when did you last use it, where did you send email X, Y, Z from? Where did you post to forums.gentoo.org from?) that you're going trip up on somewhere as they cross check what you tell them.

Deniable encryption like rubberhose and I think bestcrypt basically setup ways for you to give up lesser encrypted materials and keep others safe. If I have an encrypted hard drive that gets confiscated, I can give up the key that opens up level A, my financial records, and keep B(mp3 collection), C(pirated software), D(money laundering accounts), and E(JFK assassination files) to myself.

And it works in a way that when A is opened up there's no way to tell that B, C, D and E even exist.

----------

## Garbz

i may have jumped the gun posting this problem but my seach found nothing about it.

Basically the encryption works fine, even for the swap file.  You're instructions completely failed for me so i edited the file according to the comments, with devfs=1 and a few other minor changes but that doesn't matter because the encryption works.

The problem occures when shutting down.

Straight after 

```
"Unmounting filesystems... [OK]"

"Remounting remaining filesystems readonly... [!!]"
```

im greeted with:

```
/sbin/rc: line 1: /proc/cmdline: No such file or directory

Give root password for maintenance

(or type Control-D for normal startup):
```

The end result of all this is that if i Hit Control-D the computer instantly shuts down.  If i wait 15 sec the computer shuts down, and if i give the password i get dropped into a shell.

So the question is how to i stop this.  It appears to be having a problem remounting the filesystems readonly although i can't figure out which file system it can't remount.

The shell i get dropped into appears to have the proc filesystem mounted.

Out put from mtab

```
 none /proc proc rw 0 0 
```

However an ls of the /proc directory clearly states otherwise.

Every attempt to mount proc with "mount -t proc none /proc" Fails misserabbly for reasons giving a standard error.

And umounting /proc gives "umount: none: not found umount: /proc: not mounted."

really? that's not what mtab said!

devfs is still mounted.

Any ideas?  i for one am out of them! All i know is that proc is the source of the evil.

----------

## chadders

DeletedLast edited by chadders on Mon Aug 11, 2003 10:45 pm; edited 2 times in total

----------

## Garbz

not the answer i was looking for   :Rolling Eyes: 

----------

## xi

How can disk encryption be safe ?

Let's assume someone wants to break the encryption, he has several places to start.

He knows what kind of operating system and filesystem you use, so he is able to search for filesystem structures (probably he even knows the position of certain information) and for directories like /etc /bin /sbin and so on.

By checking /boot he can find out what kernel version you run and by getting the sources of this version he gets another 200megs (!) of plaintext data to search for.

----------

## watersb

Please take a look at 

http://mica.nfshost.com/HOWTO/Disk-Encryption/

-- I think a GREAT aspect of this article is the Threat Model, which is germane to recent posts to this thread.

-- Please provide David with some feedback

-- I have asked David for permission to edit/modify/expand this document for inclusion in Gentoo Documentation. Perhaps Chadders and others can do a better job than I can.

-- I am working on an extension/modification of this document which explains how to do this with the built-in crypto in Kernel 2.6

 *Quote:*   

> 
> 
> Subject: Request for comments on "Disk Encryption HOWTO"
> 
> Date: 14 Aug 2003 01:24:42 -0700
> ...

 

----------

## xi

great document, thanks

 *Quote:*   

> This method won't work (yet) with Software Suspend for Linux

 

it does work in newer versions of swsusp (kernel 2.4, not 2.6) with initrd before resume patch included

----------

## TheCoop

hmm, im confused...

what do you need to get an encrypted system under 2.6? do you need to patch util-linux now, and install the loop-AES patches? what kernel options do you need for 2.6?

----------

## chadders

 *xi wrote:*   

> How can disk encryption be safe ?
> 
> Let's assume someone wants to break the encryption, he has several places to start.
> 
> He knows what kind of operating system and filesystem you use, so he is able to search for filesystem structures (probably he even knows the position of certain information) and for directories like /etc /bin /sbin and so on.
> ...

 

Yep, but it isn't as bad as it sounds.  Good crypto uses CBC mode (cipher block chaining) and not ECB mode (electronic code book) AND USES INITIAL VECTORS.  So its LOTS harder to break because EVERY BLOCK has its own key.  That means you can't make a table of ciphertext that corresponds to plaintext even if you know what the plaintext is.  A real good book is Applied Cryptography.  If you go to sci.crypt news group and to http://www.counterpane.com there is lots of stuff about known plain text attacks, differential attacks, and other cool stuff.

The reason that I like to encrypt root is because I think lots of stuff leaks out to logs and to other places and because I don't want people to know what stuff I got installed on it because that might help them to break it.  I think that there is lots more risk from stuff like keyboard sniffers and breaking in from the net than there is someone decrypting it.

My next project is to save up enough money to get a big enough flash pen drive and put the whole /boot and /root on it encrypted.  That way the whole operating system goes in my pocket and that would be way cool.  

I wish someone would make a Gentoo based Knoppix for a pen drive too.  Maybe I will do that but I'm kinda broke because my nazi fake dad won't give me more allowance and summer is almost over and school is starting up so I have to quit my job next week and I spent half my money on 1.4 CDs that didn't come yet grrrr.

----------

## bonsaikitten

While reading through this thread I noticed a misconception about the Linux CryptoAPI:

It does not encrypt on a per-file basis. There is no way to know which filesystem is used!

Encryption is done below the fs, block by block. Since the fs structures are stored as blocks themselves (!) the whole device is encrypted. No known plaintext-attack can break this. 

Encryption by itself does not make secure: If you use an automounter for an encrypted fs don't even bother to encrypt it. An adversary can get your password in plaintext form... D'Oh!  :Smile: 

It's better to encrypt only /home since then you can use the system, but you have to explicitly mount /home to get at the important information.

Just my $ 0.02

----------

## TheCoop

you basically encrypt it so you cannot mount it (even on another computer) without a password or gpg key file. the system login isnt enough, as someone can just mount the fs on another computer

----------

## chadders

 *bonsaikitten wrote:*   

> 
> 
> While reading through this thread I noticed a misconception about the Linux CryptoAPI:
> 
> It does not encrypt on a per-file basis. There is no way to know which filesystem is used!
> ...

 

I think there is some stuff that could be thought about as plain text even though the whole filesystem is encrypted.  If they can guess what filesystem is used then they probably can guess what some of the stuff is in some of the directory blocks. So gotta be real careful about that.

 *bonsaikitten wrote:*   

> 
> 
> Encryption by itself does not make secure: If you use an automounter for an encrypted fs don't even bother to encrypt it. An adversary can get your password in plaintext form... D'Oh! 

 

 I don't think anyone can get your passphrase for an automounter if the root file system where the passphrase is stored at is encrypted,  unless they break into your computer from the network or use a keyboard sniffer or something like that while /root is already mounted.  If they do that then disk encryption is pretty worthless anyways.  So D'Oh back  :Smile: 

 *bonsaikitten wrote:*   

> 
> 
> It's better to encrypt only /home since then you can use the system, but you have to explicitly mount /home to get at the important information. 

 

It's better to encrypt everything you can so NOTHING, or at least as little as you can help it, leaks out.

Chad  :Very Happy: 

----------

## Death Valley Pete

I'd like to try an encrypted fs with the 2.6 kernel. I know that several people have gotten it to work but I'm a bit nervous about trying it (especially since Knoppix is still on a 2.4 kernel). Can someone who knows how to make this work post a step-by-step guide? (maybe like the guide for 2.4 kernels posted at the start of this thread?) I know that the Cryptoloop stuff can be built into the kernel now, but I'm not sure how to do the initrd stuff.

----------

## innocentbeats

Houston, we have a problem!!!

Hello everybody,

I tried to encrypt my root file system (which is reiserfs), I did exactly like in the installation procedure described, but when I booted Knoppix and did the dd command , my computer went off (maybe the power was gone...no, I am not in NYC   :Laughing:  ), I rebooted and -of course- a reiserfs fs cannot be found. The system does not boot anymore.

What can I do? Is everything lost?

CU

----------

## chadders

 *innocentbeats wrote:*   

> Houston, we have a problem!!!
> 
> Hello everybody,
> 
> I tried to encrypt my root file system (which is reiserfs), I did exactly like in the installation procedure described, but when I booted Knoppix and did the dd command , my computer went off (maybe the power was gone...no, I am not in NYC   ), I rebooted and -of course- a reiserfs fs cannot be found. The system does not boot anymore.
> ...

 

Yep.  dd has to complete.  Might be able to restart it if you know what last block was that it encrypted but I don't know of anyone that ever could find that out.

Chad   :Sad: 

----------

## watersb

 *Death Valley Pete wrote:*   

> I'd like to try an encrypted fs with the 2.6 kernel. I know that several people have gotten it to work but I'm a bit nervous about trying it (especially since Knoppix is still on a 2.4 kernel). Can someone who knows how to make this work post a step-by-step guide? (maybe like the guide for 2.4 kernels posted at the start of this thread?) I know that the Cryptoloop stuff can be built into the kernel now, but I'm not sure how to do the initrd stuff.

 

Working on it, every spare moment!

The initrd stuff is quite difficult for me with a 2.6 kernel.

I hope to have some documentation for using CryptoAPI with initrd and a 2.6 kernel within a month.

----------

## Garbz

u mean encrypt root fs so u can brag to ur friends, i know i do  :Very Happy: :

----------

## watersb

Oh, f00k:

[url]

http://marc.theaimsgroup.com/?l=linux-kernel&m=106086430703815

[/url]

I am testing this patch.... maybe this will help me get the pivot_root thing resolved on 2.6.

Not holding my breath though...

----------

## Death Valley Pete

 *watersb wrote:*   

> 
> 
> Working on it, every spare moment!
> 
> The initrd stuff is quite difficult for me with a 2.6 kernel.
> ...

 

Much obliged. This stuff's pretty much over my head.  :Smile: 

----------

## pharm

I am going to attempt this encrypted root and various other partitions on my box.  My configuration is pretty safe anyways with this it makes it even better!! 

I use one two flash cards connected via IDE controller.  One contains /boot /root and /home because i am the only one that uses it.  The other flash card contains the rest of the system.  I also have on harddrive connected incase i wanna back up something.  no cd rom or anything.  

if u want to use my machine u need the flash cards.  If i can encrypt them like this young guy can .. than that makes it even better!  

Anyone else here ever tried using a ide lash card as a boot.. it works great.. no card no boot!

=)

----------

## watersb

 *pharm wrote:*   

> 
> 
> if u want to use my machine u need the flash cards.  If i can encrypt them like this young guy can .. than that makes it even better!  
> 
> Anyone else here ever tried using a ide lash card as a boot.. it works great.. no card no boot!
> ...

 

Yep, that sounds good... I am using a USB memory stick in much the same way.

If your IDE "flash cards" are "Secure Digital" format, then there is some simple encryption already, I think, something about a symmetric crypto between the hardware reader/writer and the flash media. Not the same thing as hard disk encryption, and perhaps not a good idea for most uses (since you could only use data on a particular bit of hardware), but interesting even so...

----------

## Leen

 *watersb wrote:*   

> Oh, f00k:
> 
> [url]
> 
> http://marc.theaimsgroup.com/?l=linux-kernel&m=106086430703815
> ...

 

So....got it working now?

Cannot wait to try 2.6. :>

----------

## revoohc

Has anyone done this sort of encryption when using lvms?  My entire laptop runs off of logical volumes (except /boot).  I believe that it should work except for the initrd.  Since my system has the root as a lvm, I have to use an initrd to boot.  Is it possible to combine initrd's somehow?

Thanks,

Chris

----------

## Garbz

initrd is nothgin more than a minux filesystem (in a file) which containts libraries and startup scripts.

Unless u run the framebuffer background u should be able to combine the initrds,  just mount them using loopback device, and copy some parts of one into the other and combine the startup scripts.

----------

## viperlin

not all initrd's are minix filesystem, i assume that both of the ones he needs to use are though, and sadly the framebuffer initrd's are some form of compressed data and picture so all my attempts at merging the two failed.   :Crying or Very sad: 

so my dreams of booting up with a progress bar, having a box popup asking for a password, then continue booting if i get it corect have been held back some more. oh well......

----------

## Garbz

yeah been tehre.

But it is possible,  just load evreything u need for the framebuffer into the initrd and edit the script to reflect that.

I did it, once, kinda worked, the encription didn't go to well considering everthing falls apart and kernel oopsed when the key was wrong. but all in all it worked.

With my lack of time i gave up on the idea, and now use the framebuffer at my runlevel scripts.

And yes the one he needs is a minix filesystem, and most are, framebuffer is the most drastic excuse i've seen for a while.

----------

## gentooalex

It would be nice if there were an ebuild for this encryption method.  Also, why dont you just emerge loop-AES instead of excracting the files?  Is it possible to emerge most of the stuff that you tar in your examples?  I am looking forward to trying this out.

----------

## viperlin

AHHHHHHHHHHHHHHHHHHHHHH

i was doing dd like normal and at the end i got loads of errors at the end (liek dma ribon cable errors ish) and then half my filesystem is fucked , i've lost everything FUUUUUCKKKKKKKK

AHHHHHHHHHHH

why did it do it it's worked 4 times in a row perfectly, NOOOOOOOOOOOO FUUUUCCCCCKKKK

AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHhhh

----------

## Garbz

you need the tars becuase they contiain the patches. Correct me if i'm wrong.

----------

## gentooalex

If the tars had the patches, couldnt there be another ebuild that containted the patches?  Ebuilds are not that hard to make.  As a matter of fact, there could only be a script that could do the whole thing.

----------

## gentooalex

If the tars had the patches, couldnt there be another ebuild that containted the patches?  Ebuilds are not that hard to make.  As a matter of fact, there could only be a script that could do the whole thing.

----------

## watersb

 *viperlin wrote:*   

> AHHHHHHHHHHHHHHHHHHHHHH
> 
> i was doing dd like normal and at the end i got loads of errors at the end (liek dma ribon cable errors ish) and then half my filesystem is fucked , i've lost everything FUUUUUCKKKKKKKK
> 
> AHHHHHHHHHHH
> ...

 

Ouch. I feel your pain... similar thing has happened to me, although not with recent encryption stuff. It can happen!

Folks, BACK THIS STUFF UP COMPLETELY and do a RUN-THROUGH of RESTORING it -- convince yourself that you have a safe copy somewhere before trying this!

I have to say that once I got my system set up, it was very stable. The hard part is getting it all set up, you are likely to skip something, or suffer a hardware failure, at a critical time, and f00sh all your data.

And once I did get my system set up, I kept a full backup disk image, a mirror, reasonably up to date. The mirror can be encrypted, too, if you are convinced you can get it back...

Another thing: I see a lot in this forum of people using some sort of streaming thing to encrypt their data in-place or something. I would recommend against this.

Instead, I COPY my unencrypted root to the encrypted one, making a full image like this:

```

# cd /

# mount encrypted-loop /mnt/loop

# find bin boot etc home lib opt root sbin usr var -print0 -depth | cpio -pmdv --null /mnt/loop

```

This operates on TOP of the filesystems; if something dies, the filesystem will catch it, it isn't block-level bit-banging. At most you will fail to copy the data starting from the point where the failure occurred, and a simple repeat of this procedure will work, and will only copy stuff that has changed.

I use this for my disk-mirror, too; also you could use rsync.

Good luck and be careful!

----------

## viperlin

yes be VERY carefull, i only de-crypted my system to upgrade some hardware and therefor the kernel. the problem i had was that the knoppix 3.2 disk i was using did not have support from my IDE chipset (i now have the 2.4.21 kernel knopix disk which has support) i have managed to scrape a bit of info back off the drive, and amazingly Gentoo still booted (i did everything by the book no mistakes other than the knoppix cd) it errored everywhere but still got me to CLI login. i used a new knoppix CD to copy as much as possible over to a second harddrive, i'm starting a complete new Gentoo install today and once all set up i wil only use the second harddrive encrypted having an fstab setup that asks me for the password when trying to mount it at boot. i'll put all sensitive info on that drive and use symlinks on the other drive. i must urge everyone MAKE BACKUPS BEFORE DOING ANYTHING SLIGHTY RISKY! if something bad CAN happen, there is a very high chance that it will, and that goes for anything not just on computers.

----------

## chadders

Everyone should remember to DO NOT HAVE THE FILE SYSTEM MOUNTED at the time that you encrypt the partition!

That is because if you unmount it AFTER IT HAS BEEN ENCRYPTED some meta data stuff is written back to the disk as clear text and then you can't mount it ever again (at least without doing some hard recovery stuff).

Chad  :Very Happy: 

----------

## joeatsalot

Gosh - I'm 28 and a half and I'm confused.

I've been following the instructions from the Linux from Scratch people, to do a similar thing. http://archives.linuxfromscratch.org/mail-archives/hints/2003-February/001539.html

I've got the encrypted part all working, but then /sbin/init crashes horribly, because of the way I'm running it. Perhaps LFS is different to gentoo?

Is the LFS stuff out of date? Badly?

I hope somebody can help. 

Jonathan

PS My init script on the unencrypted partition is as follows:

#/sbin/init

#!/bin/sh

/bin/mount -n -t proc proc /proc

/sbin/losetup -e aes -k 128 /dev/loop0 /dev/hda9

/bin/mount -n -t reiserfs /dev/loop0 /mnt

/bin/umount /proc

cd /mnt

/sbin/pivot_root . loader

exec /usr/sbin/chroot . /sbin/init

----------

## watersb

Kernel 2.6 System Encryption

I am pleased to announce that with Mike Petullo's and David Braun's help, I have been able

to get an encrypted-root system WORKING with my Gentoo 2.6 laptop, using

a random string that is stored on a USB dongle; this string is encrypted

with GPG.

Work in progress documentation is available at

http://www.sdc.org/~leila/usb-dongle/rough-readme.txt

and at

http://www.sdc.org/~leila/usb-dongle/readme.html

The entire setup - a minix-based RAMDisk, and a tarballed filesystem for

the USB-dongle - has been posted to

http://www.sdc.org/~leila/usb-dongle/

This setup is working for me on an x86 system; you will need to replace

the binaries on the usb tarball with your actual binaries (just copy

them over from a working linux system, taking care to copy over any

shared libs as well).

Although I am starting to use this setup in production use, I keep

backups of everything, and assume it is going to eat my hard disk at any

moment. More pounding is needed.

At this point I want to focus on getting the documentation completed.

How does it look so far?

----------

## chadders

Woah COOL!  I'm gonna try that!  Thanks watersb  :Smile: 

Chad  :Very Happy: 

----------

## gmoney

I've had no luck at all getting my filesystems which were originally encrypted with the loopback-aes system to work with the kernli crypto systems in the 2.6 kernel.  The 2.12 util-linux package seems to work fine but doesn't give me all the options the kernli crypto seems to need (-k, -p, etc...).  I've tried every combination of losetup I can think of and some of them actually "work", but when I try to mount no valid filesystem is found.  My existing fstab entry is:

/secure/home /home ext3 encryption=AES256,sync,exec,noatime 0 0

and my 2.6 version is:

/secure/home /home ext3 sync,loop,keybits=256,encryption=aes,exec,noatime 0 0

I've seen information on the kernli website about how to convert your losetup options for loopback-aes to the kerneli version,  but the gentoo build for util-linux doesn't include the needed options.  Has anyone has any luck with mounting a loopback-aes encrypted filesystem from 2.4 to the kernli system in 2.6?

----------

## Death Valley Pete

Looks promising. I'm trying to figure out how to make this whole thing work, but without the usb dongle. (i.e. with a prompt for a password, the thought being that a dongle would be too easily compromised). Any hints?

----------

## bonsaikitten

 *Death Valley Pete wrote:*   

> Looks promising. I'm trying to figure out how to make this whole thing work, but without the usb dongle. (i.e. with a prompt for a password, the thought being that a dongle would be too easily compromised). Any hints?

 

The key on the dongle is password protected, so effectively you add another level of encryption by using a dongle. Using a plaintext key would be quite dumb from a crypto point of view.

----------

## watersb

 *Death Valley Pete wrote:*   

> Looks promising. I'm trying to figure out how to make this whole thing work, but without the usb dongle. (i.e. with a prompt for a password, the thought being that a dongle would be too easily compromised). Any hints?

 

I am sincerely sorry if the documentation is too complex -- I am trying to write it all down, and afterwards some editing to get some simple "paths" through all this.

I will be adding the more-simple, non-USB method to the documentation soon. The section "framework" should already be there.

Until then, see http://www.flyn.org/projects/cryptoswap/index.html

----------

## watersb

 *gmoney wrote:*   

> My existing fstab entry is:
> 
> /secure/home /home ext3 encryption=AES256,sync,exec,noatime 0 0
> 
> and my 2.6 version is:
> ...

 

What sort of error are you getting?

One thing to try, with new util-linux, is to specify key size in the encryption name:

```

/secure/home /home ext3 sync,loop,encryption=aes-256-cbc,exec,noatime 0 0

```

I recommend that you build the crypto TESTING MODULE in the kernel options under CRYPTOGRAPHIC OPTIONS, then load it with 

```

# modprobe tcrypt

```

and then examine the kernel debug message output with dmesg -- you will see the names of the various crypto algorithms in the format the kernel is expecting, which you can then try as arguments to the encryption option to mount.

----------

## Death Valley Pete

 *watersb wrote:*   

> 
> 
> I am sincerely sorry if the documentation is too complex -- I am trying to write it all down, and afterwards some editing to get some simple "paths" through all this.
> 
> I will be adding the more-simple, non-USB method to the documentation soon. The section "framework" should already be there.
> ...

 

Well then, I guess I'll just shut up and let you finish.   :Wink: 

 *bonsaikitten wrote:*   

> 
> 
> The key on the dongle is password protected, so effectively you add another level of encryption by using a dongle. Using a plaintext key would be quite dumb from a crypto point of view.
> 
> 

 

Good point. I guess I'll start saving my pocket change...

----------

## usingloser

--editted--

I left out the "lun0" in my partition identifier in my initrd build script.

All better now.

----------

## lazarous

If a court has a search warrant in the US and you do not give the password for the system, you can be held in contempt of the court and get jail time too.

----------

## Garbz

got similar issues in australia to the uk.

If the court has reason to believe there is incriminating evidence on the encrypted partition you can be forced to hand over the key.  Or else 5 years or max $200,000 AUD i believe.

If you destroy the key and render the partiton useless then u can be charged on destroying evidents (although there was apparently a loophole whereby someone escaped conviction for that act by claiming the evidents was still there in it's entireity and hadn't been touched, and that not being able to read it wasn't his problem.  It think there was also an arguement that if the data was scrambeled in such a way then the evidents which is presumably destroyed didn't exist in the first place :S )

----------

## chadders

Wooo! Im finally up on 2.6 kernel, now i can check out watersb stuff instead of loop-AES.  Anyone know of anything I gotta watch out for especially?  

Oh, Im supposed to say hi to Bo so hi Bo and everyone else ignore this part especially Garbz.

Chad  :Very Happy: 

----------

## Garbz

bah fine then  :Razz: 

----------

## cayenne

Hello...read through all this, and looks interesting. I noticed that this thread started awhile back...and had a question.

It originally says to get aes-loop from sourceforge. I did an emerge search and found there is app-crypt/aes-crypt availble.

Can this be a new starting point or are these 2 completely different apps?

Thanks!

cayenne

----------

## bosko

I have read the how-to posted earlier in this thread (http://www.sdc.org/~leila/usb-dongle/rough-readme.txt), but I still don't completely understand what I have to do.  

I would like to do is to use Linux 2.6 (so I would have to use the crypto api) and encrypt both my swap and my root partition. I want to store the key on a USB dongle (only the key, I want the kernel to be in /boot). But basically I have no clue about how I can do this. Could someone be so kind to post the exact steps I need to do?

I did try to extract the relevant information from the instructions posted in this thread, but it's a bit consufing to me  :Sad: 

Thank you very much in advance.

----------

## ro0t

this question is no really related to gentoo .. i m using slackware 9 and kernel 2.4.22 .. 

i followed the steps given by "Disk Encryption HOWTO"  David Braun 

2003-09-13 Revision History                                                             

Revision 1.1             2003-09-13           Revised by: DB 

the system is workin fine the only problem i am havin is that .. /initrd .. is mounted readonly .. 

if i try umount /initrd .. it sayz DEVICE BUSY .   :Confused: 

can n e one explain y its still mounted after booting and how to umount it automatically when system boots ..

----------

## curmudgeon

 *ro0t wrote:*   

> 
> 
> the system is workin fine the only problem i am havin is that .. /initrd .. is mounted readonly .. 
> 
> if i try umount /initrd .. it sayz DEVICE BUSY .  :? 
> ...

 

http://loop-aes.sourceforge.net/loop-AES.README

"Root partition loop device node is inside initrd, and that device node


will remain busy forever. This means that encrypted root initrd can't be


unmounted and RAM used by initrd file system can't be freed. This


unable-to-unmount side effect is the reason why initrd is intentionally


made as small as possible."

----------

## DingoStick

I seem to have everything going (mostly) fine, but when I try to mount my partition (it's non-root, so the system is up, but the encrypted partition is not yet mounted), it fails:

```
root@outback home # mount ./ftp

Password:

ioctl: LOOP_SET_FD: Device or resource busy

```

I've read a bit of the documentation, but can't find out why this is occurring. Anyone know about this? My /etc/fstab contains this line:

```
/dev/loop5              /home/ftp       reiserfs        defaults,noauto,loop=/dev/loop5,encryption=AES256       0 0
```

I've tried switching between loop5 and loop0 (the howto uses both, which seems kinda odd...). Nothing works as of now.

----------

## echto

Thanks for your time on this.

 *watersb wrote:*   

> Kernel 2.6 System Encryption
> 
> I am pleased to announce that with Mike Petullo's and David Braun's help, I have been able
> 
> to get an encrypted-root system WORKING with my Gentoo 2.6 laptop, using
> ...

 

----------

## watersb

Folks, nothing more to see here, just checking in to apologize for how long it's taking to complete that documentation.   :Embarassed: 

If you want to help out, then of course you are free to take a whack at it... 

Also, it is a complex document, and it would be useful to have a very quick step-by-step path through the cruft. If someone could post a particular trajectory of commands through it, in the "QuickStart Guide" style like you see in this unrelated document, then I'm sure people would be helped.

And FWIW, I'm up to kernel-test8-love3, the process has worked for all 2.6.0-series kernels that I've tried, and we're getting close to an API freeze for the test series...

----------

## rajl

Just my two cents on algorithm choice: While invesitgating harddisk encryption further, I've noticed that people have offered the opinion that Rinjdael should be used, and not Serpent;  Rinjdael was chosen as the winner of the AES, and some people are saying that Serpent has been possibly broken.  Doing some research, the only attack against Serpent I've found is one that also works against Rinjdael.  Because of similarities in the algorithms (essentially the same, AES is designed to be faster, Serpent throws in more transformations, rounds, etc than necessary to be more secure) they both suffer from the same algebraic exploit, detailed here:

http://eprint.iacr.org/2002/044/

a better explanation in prettier colors is here:

http://www.cryptosystem.net/aes/

and apparently, the initial publicity that got everyone scared is here:

http://slashdot.org/articles/02/09/16/0653224.shtml?tid=93

However, the workability of the attack is still in doubt, as shown here:

http://www.usdsi.com/aes.html

 but even if the attack turns out to be successful, both algorithms are still more secure than DES.

----------

## snowjob

Using aes with a 128 bit key was working great with a haredened 2.4.20 and 2.4.21 kernel but wont work with 2.4.22.  

The first problem I had was the losetup program couldn't find aes even though it is in /proc/crypto  

  - So I emerge util-linux-2.12.ebuild

The new losetup doesn't support -k so I told it to use aes-cbc-128.  That didn't complain but when I went to mount the /dev/loop0 device mount complained that it didn't know the fs type of the device.  (My guess is it isn't decrypting correctly)

Has anyone else had a problem with the gentoo hardened 2.4.22 kernel.  More importantly can anyone help me?

----------

## hulk2nd

hi there,

i have problems doing this. first i shoot my old installation but doesnt matter. then i reinstalled gentoo and did the following like BlackBart and turbobri said:

hda1: winxp

hda2: boot part. (ext3)

hda3: swap

hda4: root part. (reiserfs)

 *Quote:*   

> Ok boot into knoppix w/o the graphical
> 
> run losetup -e AES256 -T /dev/loop0 /dev/hda2 (or whatever is your root partition) 

 

i did "losetup -e AES256 -T /dev/loop0 /dev/hda4"

 *Quote:*   

> then do mke2fs /dev/loop0 (or whatever file system you want)

 

i did mkreiserfs /dev/loop

 *Quote:*   

> then mkdir /mnt/gentoo
> 
> and then mount /dev/loop0 /mnt/gentoo
> 
> and mkdir /mnt/gentoo/boot
> ...

 

done (except of replacing "mount /dev/hda1 with mount /dev/hda2" i did the same).

 *Quote:*   

> patch -p1 <../util-linux-2.11y.diff
> 
> export CFLAGS=-O2
> 
> export LDFLAGS='-static -s'
> ...

 

done

 *Quote:*   

> cd /usr/src/loop-AES-v1.7b
> 
> make LINUX_SOURCE=/usr/src/linux-2.4.19-gentoo-r10 (or whatever vers. you have) 

 

i did "cd /usr/src/loop-AES..." and then "make LINUX_SOURCES=/usr/src/linux-2.4.22-ac4"

 *Quote:*   

> cp -p /lib/modules/2.4.19-gentoo-r10/block/loop.o /boot/loop-2.4.19-gentoo-r10.o

 

i did "cp -p /lib/modules/2.4.22-ac4/block/loop.o /boot/loop-2-4.22-ac4.o"

 *Quote:*   

> and then do these steps
> 
> In the loop-AES directory edit build-initrd.sh. Change BOOTDEV, BOOTTYPE, CRYPTROOT, ROOTYPE and CIPHERTYPE to what you want. Then type sh build-initrd.sh . This makes a ramdisk so that the kernel knows how to get the pass phrase when you boot later.
> 
> 

 

i did BOOTDEV=hda2, BOOTTYPE=ext3, CRYPTOROOT=hda4, ROOTYPE=reiserfs, CYPHERTYPE=AES256

 *Quote:*   

>  edit fstab to make your root say /dev/loop5 instead of /dev/hdawhatever. 

 

replaced /dev/ROOT with /dev/loop5 (/dev/hda4 wasn't there cause the installation was fresh where the default entries are /dev/BOOT, /dev/SWAP and /dev/ROOT). and changed the /boot filesystem to ext3 and the /root filesystem to reiserfs.

 *Quote:*   

> cd to /boot/grub and edit grub.conf to add a entry like this:
> 
> title=Encrypted Root
> 
> root (hd0,0)
> ...

 

jup, done.

but still doesn't work. anyone can see the error(s) i've done?

i tried to describe exactly what i've done with the hope that it would be most easy for you to find the errors i made.

thanks in advance and greets,

hulk

----------

## hulk2nd

i get a kernel panic, can not find reiserfs on ramdisk

----------

## hulk2nd

ok, i've done it. at boot it asks for the password and then everything works well. i had to do some changes in the build-initrd.sh and the grub.conf, which were meant somewhere on the net.

but i have another question. how can my hdd really be save if everyone can boot a computer with a knoppix cd and my hdd installed, do the "losetup -e AES128 -T /dev/loop0 /dev/hda4" command and then can mount the encrypted(?) root filesystem and have completely r/w access on it???

greets,

hulk

----------

## S_aIN_t

 *hulk2nd wrote:*   

> ok, i've done it. at boot it asks for the password and then everything works well. i had to do some changes in the build-initrd.sh and the grub.conf, which were meant somewhere on the net.
> 
> but i have another question. how can my hdd really be save if everyone can boot a computer with a knoppix cd and my hdd installed, do the "losetup -e AES128 -T /dev/loop0 /dev/hda4" command and then can mount the encrypted(?) root filesystem and have completely r/w access on it???
> 
> greets,
> ...

 

wouldn't ask you for the password when you're doing that?

----------

## hulk2nd

not really, it does not ask to enter a special password, it always asks to SET a password.

greets,

hulk

----------

## S_aIN_t

well.. all i can say is that i lost my root partition.. which really sucks.

i am getting this now:

```
read_super_block: can't find reiserfs filesystem on (dev 03:03, block 64, size 1024)
```

this is bad.. i think i have to reformat and reinstall.  :Sad: 

----------

## usingloser

Hulk, I just think it will report that the provided password can't read the superblock on the hard drive and fail.  At the very least they wont be able to just choose a password and get to your filesystem and I don't think it will corrupt it.

----------

## hulk2nd

@S_aIN_t: DON'T DO THAT!!!!

i can help you out!!!!! Just msg if you didn't already reformatted.

@usingloser: ahh, i found out what it is. i can enter whatever password i want but only with the correct password i can mount the partition. ... i really could have come on this before ...

thanks for your help and greets,

hulk

----------

## S_aIN_t

 *hulk2nd wrote:*   

> @S_aIN_t: DON'T DO THAT!!!!
> 
> i can help you out!!!!! Just msg if you didn't already reformatted.
> 
> @usingloser: ahh, i found out what it is. i can enter whatever password i want but only with the correct password i can mount the partition. ... i really could have come on this before ...
> ...

 

alright.. message sent. i haven't reformated and reinstalled yet.. i am completely tempted by freebsd 5.1. and it supports encryption of all partitions.

----------

## Wilhelm

Don't know if some can use this info but after loads of messing around my system is working fine with loop-AES.

One of my main problems was when a filesystem was badly unmounted.

Here's my smart way of mounting and checking all encrypted filesystems.

My init.d/loop-AES script

```

#!/sbin/runscript

 

 

depend() {

        need checkroot modules

        before localmount

        after checkroot

}

 

start() {

 

        ebegin "Setting up encryped loop devices"

 

        echo myPasswordGoesHere;) | losetup -p 0 -e AES256 /dev/loop4 /dev/hdb2 -C 100 -S mySeedGoesHere;)

        echo myPasswordGoesHere;) | losetup -p 0 -e AES256 /dev/loop3 /dev/hdb1 -C 100 -S mySeedGoesHere;)

 

        eend $? "Failed to start encrypted loop devices!"

}

```

Then to get rc to execute the mounting before the file system checks i found this solution.

In /etc/runlevels/boot create a file .critical this file is read by rc to allow you to add highly critical init.d scripts. BEWARE get this wrong and you'll need your knoppix-CD  :Wink: .

Here's my .critical

```

checkroot hostname modules loop-AES checkfs localmount

```

See how my loop-AES mounting is before checkfs.

Hope this helps some peeps.

----------

## hulk2nd

anyone knows what to change to get this working with 2.6? couldnt get it working with the steps described here ...

greets,

hulk

----------

## Q

Please could someone in the know update this for 2.6

----------

## hulk2nd

https://forums.gentoo.org/viewtopic.php?t=108162&start=0

greets,

hulk

----------

## alexander_g_1

hi all,

what a lovely thread, thanx for this one!!  :Smile: 

my question for today is:

if i encrypt let's say f.e. /dev/hda und /dev/hdb (which is 200 gig altogether).....what would be the best method to do a full desaster recovery backup (encrypted) just in case one of the hdd's goes defect with the time ?

200 gig getting burned on 700 mb cd's would be to time consuming of course.

any ideas ?

Best Regards,

Alexander

----------

## Paulten

What is your experiance with benchmark / overhead for running a encrypted file system (reiserfs here)

I have a 160GB disc running with AES256, and when I burn a DVD from it, loop takes about 40-50% cpu  :Sad: 

Which makes my DVD burner only burn 3.2x of 4x. 

The disk is almost full. (5gb) free, could this affect the preformance? 

Can I gain speed using like blowfish32? (probably, how much ?:p )

Thanks.

----------

## hulk2nd

i would have used 128 instead of 256 cause 128 is not hackable with bruteforce so 256 is not safer. and it takes much more performance compared to 128.

greets,

hulk

----------

## Paulten

256 is hackable with bruteforce, but not 128? Sound strange..

Where did you read about this? Have any good links?

What about blowfish32? Thanks

----------

## tageiru

 *Paulten wrote:*   

> 256 is hackable with bruteforce, but not 128? Sound strange..
> 
> Where did you read about this? Have any good links?
> 
> What about blowfish32? Thanks

 

No. he said that if 128 is not hackable with bruteforce why use 256 when it sucks more cpu.

----------

## io-

anyone have any ideas on setting 1 password to gain access, 1 password that when given wipes the drive as quickly and effectively as possible, and all other attempts at the password just fail as normal?

----------

## daemonb

At shutdown, every time I get the following error:

Remounting remaining filesystems readonly (FAILED)

Give root password for maintenance

(or type Control-d for normal startup): 

Can anybody help me?

Thanks

Dom

----------

## Lord Tocharian

Dom,

I had that problem for a long time.  I believe it is a problem with the Gentoo halt script.  However, the other day it stopped on my ~x86 machine.  I believe it was after I updated to the latest masked baselayout.

----------

## wisdom

I doesnt have any loop.o in my /lib/....

where to get it?

----------

## daemonb

emerge the latest baselayout (1.8.6.8-r1) didn't solve my problem.....

Any tips?

mount shows me this:

/dev/loop/5 on / type xfs (rw,noatime)

none on /initrd/dev type devfs (rw)

/dev/loop/5 on / type xfs (rw,noatime)

none on /dev type devfs (rw)

none on /proc type proc (rw)

none on /dev/shm type tmpfs (rw)

Is it normal, that loop ist mounted 2times?

Is this the f. problem?

thanks

Dom

----------

## MrPrez

 *daemonb wrote:*   

> emerge the latest baselayout (1.8.6.8-r1) didn't solve my problem.....
> 
> Any tips?
> 
> mount shows me this:
> ...

 

same problem  :Sad: 

----------

## Jayh

Hi Guys,

I've read the loop-aes.README and this thread but I can't find any information about the following problem:

If I encrypted my disk using the dd=if/dev/blabla of=/dev/loopX using losetup, drive is encrypted and only with the password from the losetup, you can decrypt the harddisk.

But what if I create a new losetup password using a different loop device and I would rerun the dd command to encrypt the same hd again, would it be possible to see the information already stored on there encrypted by my previous password or is the data again re-encrypted with another ciphers?

I assume that the data is encrypted using ciphers from the old losetup password and when I re-encrypt the partition, the data would simply be gone because the data ciphers don't match.

Am I correct or is it possible to re-encrypt the data and see all the files on it? If it is possible to see the files, what's the use of encrypting it?

Greets,

Jayh

----------

## ultraViolet

 *daemonb wrote:*   

> At shutdown, every time I get the following error:
> 
> Remounting remaining filesystems readonly (FAILED)
> 
> Give root password for maintenance
> ...

 

You probably need to modify fstab, the last number of the entry for your encrypted partition should be 0 (to tell the system to not check your partition)

----------

## ultraViolet

Hi,

I've got another problem.

I am encrypting a partition (not boot). 

Here is my fstab entry :

/dev/hda7 /home/curvedtarantula/share/arachne  ext2 defaults,loop=/dev/loop0,encryption=twofish-128  0 0

All works fine when I mount it with a terminal, when my system is running, using "mount /home/curvedtarantula/share/arachne" .

But at boot time, the system prompt me for the password. When I give it, it writes the same error message I would get if the password was false. (Wrong fs type...blahblah)

I don't unterstand since the mount command is refering to fstab too...

Since I'm french, and using an azerty keyboard, I have tried to type it in qwerty (because the system load the keymaps later), and it hasn"t work much.

Could anybody help me please ?

----------

## Warped_Dragon

EDIT: Nevermind.... *sigh* forgot to *load* the loop-aes module......

Ok... first, sorry for dragging up an old thread, but I need a wee bit of help, and the gentoo forums have enough threads as it is ;)

I'm trying this out on my laptop ("this" being encrypting the entire filesystem and using a cd to boot). I've downloaded the latest loop-aes and compiled it, set up my kernel as the loop-aes readme specifies, compiled util-linux and gnupg with the patches that came with loop-aes. 

Now, I've hit a bit of a stumbling block. Running "make tests" to ensure the loop-aes kernel module compiled correctly dies really soon. Why? There are no loop devices in my /dev directory. None. Nada. That's a problem, I'm thinking.... how do I go about adding them? My guess would be enabling loop devices in the kernel.... except that I'm not supposed to do that. I'm using 2.6.9-gentoo-r9 and udev, by the way.

Once I get this solved, I think I should be able to do this.

Oh, and another question. Since I had to compile my own util-linux and gnupg, how would I stop emerge from upgrading them (thus undoing my patched versions), and from recompiling the (or, what it thinks is the) current installed version, say on an emerge -e? I put them both in /etc/portage/package.mask, but I'm wondering if theres anything else to do as well. Removing them from my worldfile doesn't seem like a smart plan, as something will surely try to remerge them as dependencies....

----------

## xbmodder

with AES 256

Tiotest results for 4 concurrent io threads:

,----------------------------------------------------------------------.

| Item                  | Time     | Rate         | Usr CPU  | Sys CPU |

+-----------------------+----------+--------------+----------+---------+

| Write          40 MBs |    1.2 s |  34.517 MB/s |   0.5 %  |  65.1 % |

| Random Write   16 MBs |    0.2 s |  69.030 MB/s |   1.3 %  | 117.9 % |

| Read           40 MBs |    0.2 s | 182.866 MB/s |   0.0 %  | 173.2 % |

| Random Read    16 MBs |    0.1 s | 180.306 MB/s |   5.8 %  | 183.4 % |

`----------------------------------------------------------------------'

Tiotest latency results:

,-------------------------------------------------------------------------.

| Item         | Average latency | Maximum latency | % >2 sec | % >10 sec |

+--------------+-----------------+-----------------+----------+-----------+

| Write        |        0.172 ms |      465.666 ms |  0.00000 |   0.00000 |

| Random Write |        0.069 ms |      170.724 ms |  0.00000 |   0.00000 |

| Read         |        0.049 ms |      112.693 ms |  0.00000 |   0.00000 |

| Random Read  |        0.035 ms |       40.625 ms |  0.00000 |   0.00000 |

|--------------+-----------------+-----------------+----------+-----------|

| Total        |        0.094 ms |      465.666 ms |  0.00000 |   0.00000 |

`--------------+-----------------+-----------------+----------+-----------'

none

Tiotest results for 4 concurrent io threads:

,----------------------------------------------------------------------.

| Item                  | Time     | Rate         | Usr CPU  | Sys CPU |

+-----------------------+----------+--------------+----------+---------+

| Write          40 MBs |    0.8 s |  52.141 MB/s |   0.8 %  | 113.5 % |

| Random Write   16 MBs |    0.2 s |  88.695 MB/s |   1.1 %  |  97.1 % |

| Read           40 MBs |    0.2 s | 192.995 MB/s |   2.9 %  | 183.8 % |

| Random Read    16 MBs |    0.1 s | 178.302 MB/s |   2.3 %  | 188.3 % |

`----------------------------------------------------------------------'

Tiotest latency results:

,-------------------------------------------------------------------------.

| Item         | Average latency | Maximum latency | % >2 sec | % >10 sec |

+--------------+-----------------+-----------------+----------+-----------+

| Write        |        0.139 ms |      295.947 ms |  0.00000 |   0.00000 |

| Random Write |        0.040 ms |       17.762 ms |  0.00000 |   0.00000 |

| Read         |        0.056 ms |      105.013 ms |  0.00000 |   0.00000 |

| Random Read  |        0.035 ms |       39.161 ms |  0.00000 |   0.00000 |

|--------------+-----------------+-----------------+----------+-----------|

| Total        |        0.081 ms |      295.947 ms |  0.00000 |   0.00000 |

`--------------+-----------------+-----------------+----------+-----------'

both mounted on loops

not my root file system

a 100 MB ext3 file system

/proc/cpuinfo

processor       : 0

vendor_id       : AuthenticAMD

cpu family      : 6

model           : 8

model name      : AMD Athlon(tm) MP 2400+

stepping        : 1

cpu MHz         : 2000.991

cache size      : 256 KB

fdiv_bug        : no

hlt_bug         : no

f00f_bug        : no

coma_bug        : no

fpu             : yes

fpu_exception   : yes

cpuid level     : 1

wp              : yes

flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mp mmxext 3dnowext 3dnow

bogomips        : 3940.35

processor       : 1

vendor_id       : AuthenticAMD

cpu family      : 6

model           : 8

model name      : AMD Athlon(tm) Processor

stepping        : 1

cpu MHz         : 2000.991

cache size      : 256 KB

fdiv_bug        : no

hlt_bug         : no

f00f_bug        : no

coma_bug        : no

fpu             : yes

fpu_exception   : yes

cpuid level     : 1

wp              : yes

flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mp mmxext 3dnowext 3dnow

bogomips        : 3997.69

/proc/meminfo

MemTotal:       904452 kB

MemFree:        162224 kB

Buffers:        127052 kB

Cached:         292444 kB

SwapCached:        608 kB

Active:         405572 kB

Inactive:       290488 kB

HighTotal:           0 kB

HighFree:            0 kB

LowTotal:       904452 kB

LowFree:        162224 kB

SwapTotal:     5012228 kB

SwapFree:      5009580 kB

Dirty:           62012 kB

Writeback:           0 kB

Mapped:         340320 kB

Slab:            30464 kB

Committed_AS:   402428 kB

PageTables:       2044 kB

VmallocTotal:   122804 kB

VmallocUsed:     25060 kB

VmallocChunk:    96176 kB

-----------------------------------------------------------

anything else post!

----------

## echto

Tape!  Tar the data, pipe it to gpg, and write it to tape.  :Smile:   Then keep the keys on a usb drive in your pocket.  :Cool: 

 *alexander_g_1 wrote:*   

> hi all,
> 
> what a lovely thread, thanx for this one!! 
> 
> my question for today is:
> ...

 

----------

## JloR

Resurrecting an ooold thread :) One of the best in here though, imo.

I'm playing around with this, bought an 80gb hitachi disk for the laptop for this single purpose.. And I've read through most of the pages here, a few in the beginning and a few in the end.

But would I be wrong to assume that you no longer need to manually download and compile loop-aes and util-linux? Don't the newer loop-aes ebuilds do the patching for you?

loop-aes-3.1d depends on util-linux being built with the crypt feature in it.

I realize this might be a silly question, but I am slightly confused. And if I could get around the manual compile and patching, I would be happy happy - mainly because I wouldn't want to redo this every time I recompile a kernel.

----------

## ozric

Well I for one can't seem to make it. Does this procedure work with kernel 2.6.x?

In fact, I think I'm going crazy. Good thing I seem to learn something every time I mess up my system though   :Embarassed: 

Can someone perhaps recomend a newer guide for loop-aes and encrypting the root partition (if its even needed, chances are that I am just not understanding this enough to make it werk)?

edit: Never mind, the problem for me was just pure lameness. I actually read the loop-aes readme, followed those instructions rather than Chadders' ones and it worked like a charm. Using Knoppix as a rescue system was very useful though, so thanks for that tip, Chad-man.

----------

## selig

Instead of compiling the loop-aes from the official package by hand, you can now use the ebuild. "emerge loop-aes" is sufficient. Other than that, I think this howto is still OK. But I would recommend not to leave the keys lying around on hard disk, take them with you on a floppy disk, USB stick or similar removable media. That way your data will be protected twice, because you need both the passphrase and encrypted key to be able to access the system. I will try and benchmark different ciphers today, but so far I like "serpent" the most.

----------

## selig

From what I have tried AES seems to be the fastest option (on my Pentium4-m 1.7GHz I get about 9MB/s for AES256 encryption), but the harddrive in my notebook is slow anyway, so I opted for Serpent 192 (about 7MB/s encryption on my hardware).

If you are using a journalling filesystem and you are journalling only filesystem metadata you can probably use an external journal to increase speed. (I am doing that and it works nicely) By journalling all data you get a security compromise, because someone could read the actual data from the journal (usually 32-128MB, which is not negligible). I do not think having access to metadata modifications provides a big security risk. It probably provides the potential attacker with some plaintext, which could maybe lower the security of AES encryption (its number of rounds is not too high..). On the other hand, AES is faster so you do not have to use tricks with external journal with it. I trust Serpent.  :Very Happy: 

----------

