SECURITY System Encryption DM-Crypt with LUKS

Uit Gentoo Linux Wiki

Sjabloon:Wikify

[bewerken] Introduction

There are a lot of howto's out there on how to encrypt your system, this guide is heavily based on some of them(see References), and just presents the method I used . I call it just a guide since it lacks some of the technical details a howto must have.

This guide will show you how to encrypt your system from scratch using DM-Crypt with cryptsetup-luks with a 256 bit key, by system encryption, I mean encrypting your root partition, swap, and any other; the /boot partition must be left unencrypted or if you're up for it, you can read about booting from a usb stick. Encrypting your entire system will protect you from having "others" reading confidential information, the point is that nobody except you will be able to read its contents, that's all. This does not protect you from:

• Someone wiping out your entire disk(s)
• Someone hacking into your system from your network(internet)
• If someone steals your computer when it's on(notebooks)
• If someone tortures you to death to get the passprase
• If someone plant a hardware keylogger in your computer(or other similar hardware)

And let me emphasize the later one, if "someone" physically access your computer, he/she/it can plant one of those hardware keyloggers, see here.

I will refer constantly to the gentoo installation guide, and I will point you up, when you have to do stuff Also note that although this guide was written with the amd64 arch in mind, it can be used as a base for other architectures.

DM-Crypt: Device-mapper is a new infrastructure in the Linux 2.6 kernel that provides a generic way to create virtual layers of block devices that can do different things on top of real block devices like striping, concatenation, mirroring, snapshotting, etc... The device-mapper is used by the LVM2 and EVMS 2.x tools. dm-crypt is such a device-mapper target that provides transparent encryption of block devices using the new Linux 2.6 cryptoapi. The user can basically specify one of the symmetric ciphers, a key (of any allowed size), an iv generation mode and then he can create a new block device in /dev. Writes to this device will be encrypted and reads decrypted. You can mount your filesystem on it as usual. But without the key you can't access your data. It does basically the same as cryptoloop only that it's a much cleaner code and better suits the need of a block device and has a more flexible configuration interface. The on-disk format is also compatible. In the future you will be able to specify other iv generation modes for enhanced security (you'll have to reencrypt your filesystem though).

cryptsetup-luks: LUKS stands for Linux Unified Key Setup, here it's a short descripton: LUKS for dm-crypt is implemented in cryptsetup. cryptsetup-luks is intended as a complete replacement for the original cryptsetup. It provides all the functionally of the original version plus all LUKS features, that are accessable by luks* action.

[bewerken] Warning

This guide is not foolproof, do not copy each step verbatim. Power Users only!

Although I actually tried the steps described in this guide, I can't assure you that this method will work, there is always a risk.

" The author of this guide assumes no responsibility for anything done with this document, nor does he make any warranty, implied or explicit. If you break it, it's not my fault. "

And remember,"If something can go wrong, it will"

So make a BACK-UP of everything important in your system before proceeding, I am not joking with this. You have been warned!

[bewerken] Requirements

• Arch: amd64
• Kernel: > 2.6.5 specifically: 2.6.12-r6
• Udev
• Minimal gentoo livecd(2005) or any other with proper kernel configuration(see Kernel Config),Knoppix?
• Lemon Martini ;)

[bewerken] Before you start

Alternative: If you already have a working gentoo system, you can opt for creating the initrd image there instead of creating it inside the chrooted enviroment, the procedure is the same in both cases.

Boot the minimal livecd kernel with nofb. Why nofb? I had some strange problems once when I used fb inside the livecd, long story, plus you don't need those fancy graphics anyway. :)

International users, please make sure you are using the right keymap.

 #for example, latin american users might need to do: 
 loadkeys es-cp850
 # man loadkeys

For security reasons, it is wise to create the root password, and a normal user:

 passwd
 useradd -m -G users <username>
 passwd <username>

This guide will constantly refer to the Gentoo Installation guide, and it will point you up exactly in which steps you need to divert from it, and do the extra work required for encrypting your system. Therefore it is recommended that you browse this guide and the Gentoo installation guide with lynx(or links2) while you are in the process; just open lynx in ttys 3 and 4.

[bewerken] Encrypting

Great, let's start. Follow the Gentoo installation guide until you reach step 4(Preparing the Disks)

[bewerken] Preparing the Disk

First check the hard disk for errors, then fill it with random data. While these steps are optional, they are extremely recommended. Read below to see the reasons behind each step.

[bewerken] Checking the hard disk for errors

It's probably a good idea to check your entire disk for errors before you start. Not only is this good practise, but modern hard disks contain a few 'spare' sectors, and if they detect errors in reading, they can silently replace the bad sector with a backup sector (this is invisible to the OS). So writing and reading the entire disk before you start should allow this to happen. Make sure you know exactly which devices belongs to each disk or you might overwrite existing data.

Testing the hard drive for bad blocks

 /sbin/badblocks -c 10240 -s -w -t random -v /dev/sdc
 (wait several hours...)
 Checking for bad blocks in read-write mode
 From block 0 to 295360984
 done
 Reading and comparing: done
 Pass completed, 0 bad blocks found. 

[bewerken] Filling the disk with random data

If you want your encryption to defeat a full cryptoanalytic attack, not just casual snooping, you need to fill the disk with high quality random data. Filling the disk with random data makes breaking the passphrase harder.

When you checked the disk for bad blocks it was filled with not-so-random data, So, if you want you can skip this step, but it is highly recommended to do it.

Right below there are listed 3 possible ways to fill the disk with random data:

• Badblocks:

badblock uses 'libc' random(), but is fast (your limitation will be disk speed, not CPU speed).

• shred:

From the man page: shred overwrites the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. shred is faster than using /dev/urandom, but it is not as good as /dev/urandom is.

• /dev/urandom:

/dev/urandom will fill the disk with "random" data, it won't be as random as /dev/random though :), but it is the best practical solution available. It will protect you against a full cryptoanalytic attack better than badblock.

• /dev/random:

In theory, this is the best way to fill your disk with random data, since it is much more random than any of the above. It works by using the kernel entropy pool, so if you run out of entropy it will kind of freeze. You can see what I am talking about just by doing this: 'cat /dev/random', it will eventually stop. Now move your mouse, :)

Filling the disk with random data

 dd if=/dev/urandom of=/dev/sda
 (go and take a nap, because this takes a long time to finish)
    # if you used /dev/random come back in 100 years

[bewerken] Partitioning Scheme

The scheme recommended by this guide is the same scheme the Gentoo installation guide recommends:

Scheme recommended:

             # Guide convention
 /boot       /dev/sda1
 swap        /dev/sda2
 /           /dev/sda3

Follow the Gentoo installation guide until you reach step 4.d(Creating Filesystems)

[bewerken] Create mapping between logical and physical partitions

DM-Crypt works by transparently translating (in the kernel) between a physical on-disk partition (which is encrypted) and a logical partition which you can then mount and use as normal. This step takes no time and writes no data, it just establishes the mapping for future use.

The physical (encrypted) root partition will be /dev/sda3

The logical (unencrypted) root partition will be /dev/mapper/root

This guide will use the serpent and the blowfish ciphers, the aes cipher is not part of the current(2005) minimal livecd gentoo, you can however use whatever you want, see this for cipher's information.

[bewerken] Loading the necessary modules

Since the current minimal gentoo livecd does not provide the aes cipher, this guide will use the serpent cipher as an example. The modules you have to load depends on the ciphers you plan to use, please see this section for some information about different available ciphers, and of course edit the commands accordingly.

modprobe dm-crypt     
modprobe dm-mod       
modprobe serpent
modprobe sha256
modprobe blowfish
# 'cat /proc/crypto' will show you the loaded modules

[bewerken] Cryptsetup-luks binary

For all actions described from now on, you need a working cryptsetup-luks binary for your host platform, since the gentoo minimal livecd(2005) doesn't provide one, you need to get it from somewhere else. Lucky for us, a static precompiled cryptsetup-luks binary exists on http://luks.endorphin.org/dm-crypt , so download it from there:

  cryptsetup-1.0.1-i686-pc-linux-gnu-static.bz2 - Precompiled binary, version 1.0.1

This binary is for the i686 plataform, but it also works on amd64. After you download it, rename it to cryptsetup for convenience.

 # decompress it, and chmod +x it and rename it to a more simple name (optional)
 bunzip2 cryptsetup-1.0.1-i686-pc-linux-gnu-static
 chmod +x cryptsetup-1.0.1-i686-pc-linux-gnu-static
 mv cryptsetup-1.0.1-i686-pc-linux-gnu-static cryptsetup
 # remember that every time you are going to execute it you must indicate the path, like this
 # /root/cryptsetup

Note: You can easily check wheter your livecd contains the luks version of cryptsetup, by doing: 'cryptsetup --help', if you don't see any luks* options there, then you don't have cryptsetup-luks

[bewerken] Encrypting swap for installation

There is an easier and gentoo integrated way for doing this. See Gentoo Crypto Doc

First we will encrypt swap for use during the installation

Encrypting swap

 cd /root
 head -c 32 /dev/random > swap.key
 cat ./swap.key | ./cryptsetup --cipher blowfish-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sda2
 cat ./swap.key | ./cryptsetup luksOpen /dev/sda2 swap0
 check: ls -l /dev/mapper/ see swap0
 mkswap /dev/mapper/swap0
 swapon /dev/mapper/swap0
 # 'cat /proc/swaps'

[bewerken] Creating the mapping

 cryptsetup --verbose -y luksFormat --cipher serpent-cbc-essiv:sha256 --key-size 256 /dev/sda3
 WARNING!
 ========
 This will overwrite data on /dev/sda3 irrevocably.
 
 Are you sure? (Type uppercase yes): YES
 Enter LUKS passphrase: (enter your passphrase, and write it down somewhere!)
 Verify passphrase: (repeat passphrase)

Enter your passphrase and write it down somewhere, make a very strong and quite long passphrase, but it must not contain special characters like Ñ If you feel that you entered the wrong passphrase(say you accidentaly pressed an extra key) then do:

 ./cryptsetup luksDelKey /dev/sda3 0

and luksFormat it again, Make sure you remember your passphrase, if you ever forget it, game-over

Now it's time to luksOpen it

 cryptsetup luksOpen /dev/sda3 root
 # Check it:
 ls -l /dev/mapper/
 # you should see control,swap0 and root

[bewerken] Create the filesystem on the logical root partition

The important thing to mention here is that whenever you operate on your root partition, you must do it by using /dev/mapper/root instead of /dev/sda3. Example:

 /sbin/mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/root   # or just do: mke2fs -j /dev/sda3
 (wait several minutes...)
 mke2fs 1.35 (28-Feb-2004)
 Filesystem label=
 OS type: Linux
 Block size=4096 (log=2)
 Fragment size=4096 (log=2)
 36634624 inodes, 73258400 blocks
 732584 blocks (1.00%) reserved for the super user
 First data block=0
 2236 block groups
 32768 blocks per group, 32768 fragments per group
 16384 inodes per group
 Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
        4096000, 7962624, 11239424, 20480000, 23887872, 71663616
 
 Writing inode tables: done
 Creating journal (8192 blocks): done
 Writing superblocks and filesystem accounting information: done
 
 This filesystem will be automatically checked every 39 mounts or
 180 days, whichever comes first. Use tune2fs -c or -i to override.   

Create the filesystem for the /boot partition as indicated on the Gentoo installation guide, but do not initialize nor activate the swap partition. We already did this in a previous step.

[bewerken] Mounting

Mounting the filesystem

 mount -t ext3 /dev/mapper/root /mnt/gentoo

Great, now follow the Gentoo installation guide from step 5, until you reach step 7.c(Default: Manual Configuration).

[bewerken] Creating the initrd image

Alternative

You can opt to let genkernel-luks build the initrd for you instead of having to go by all the process yourself. If you're interested please go here. The rest of us, keep reading.

Now it is time to create the initrd image, it is a simple task, but pay attention, the size of the image varies, so it is best to first to put all the contents in a directory, then see its size, and after that create the initrd image.

Let's start!

cd /root
mkdir initrdimg
cd initrdimg

[bewerken] Populating the image

cd /root/initrdimg
mkdir -p bin dev etc lib64 proc root usr/lib64
ln -s lib64 lib
touch etc/fstab
touch linuxrc
chmod +x linuxrc

Inside the initrd image, there must be the correct nodes, so dm-crypt can perform its operations, there are two ways of creating these nodes. You can create them yourself manually with mknod(man mknod), this was the way I did it, or you can leave that job to the devmap_mknod.sh script. This guide will explain both ways, is up to you, to choose which one to use.

If you want to let devmap_mknod.sh handle the nodes:

touch devmap_mknod.sh
chmod +x devmap_mknod.sh
# You must create the nodes below
# Switch to tty2(outside chrooted enviroment)
# write down the values and perms of the nodes below
ls -l /dev/console /dev/null /dev/tty /dev/sda /dev/sda1 /dev/sda2 /dev/sda3
# Switch back to tty1(chrooted enviroment)
# the lines below are just an example, adjust accordingly
cd /root/initrdimg/dev
mknod console c 5 1
mknod null c 1 3
mknod tty c 5 0
mknod sda b 8 0
mknod sda1 b 8 1
mknod sda2 b 8 2
mknod sda3 b 8 3
# Double check that the created nodes are correct !!

If you want to create the nodes yourself:

# Switch to tty2(outside chrooted enviroment)
# write down the values and perms of the nodes below
ls -l /dev/console /dev/null /dev/tty /dev/sda /dev/sda1 /dev/sda2 /dev/sda3
ls -l /dev/mapper/control
# Switch back to tty1(chrooted enviroment)
# the lines below are just an example, adjust accordingly
cd /root/initrdimg/dev
mknod console c 5 1
mknod null c 1 3
mknod tty c 5 0
mknod sda b 8 0
mknod sda1 b 8 1
mknod sda2 b 8 2
mknod sda3 b 8 3
mkdir mapper
mknod mapper/control c 10 62
# Double check that the created nodes are correct !!

Populating the bin directory: Copy the following binaries to the initrdimg bin/ directory

/bin/bash
/bin/sh          # /bin/sh -> bash , symbolic link. do: 'ln -s bash sh' instead(man ln)
/bin/cat
/bin/chroot
/bin/dmesg
/bin/gzip        #    International users
/bin/loadkeys    #       for loading the right keymap, more below
/bin/mkdir
/bin/rm
/bin/sleep
/bin/mount
/bin/umount
/sbin/pivot_root
/sbin/blockdev
# If you are going to use devmap_mknod.sh, copy this three too
/bin/mknod
/bin/sed
/usr/bin/test    # just to be sure, plus it only adds 28K

And of course the cryptsetup(luks) you downloaded from the cryptsetup luks site

# Switch to tty2(which is outside the chrooted enviroment)
cp /root/cryptsetup /mnt/gentoo/root/initrdimg/bin/
# Switch back to tty1(which is inside the chrooted enviroment)

Alternative

If you're an international user, you might also want to use the correct keymap inside the initrd, otherwise, you will have a hard time accessing your system. :)

Here is an example procedure for latin-american users that uses the es-cp850 keymap(me :))

ls /usr/share/keymaps/      # here are all the keymaps
cd /root/
cp /usr/share/keymaps/i386/qwerty/es-cp850.map.gz .
gzip -d es-cp850.map.gz
# now, you need to find out wich other files it includes
less es-cp850.map
   "es-cp850.map" may be a binary file.  See it anyway? (yes)
# Now, write down the included files: 
# example of the included files for es-cp850:
#                     include "qwerty-layout"
#                     include "linux-with-alt-and-altgr"
cp /usr/share/keymaps/i386/include/qwerty-layout.inc . 
cp /usr/share/keymaps/i386/include/linux-with-alt-and-altgr.inc .
# Again, you need to find out wich files they include
less qwerty-layout.inc   
       # no includes
less linux-with-alt-and-altgr.inc
       # include "linux-keys-bare"
# So now, you see that you also need that file
cp /usr/share/keymaps/i386/include/linux-keys-bare.inc .
less linux-keys-bare.inc
       # no includes
# Now, you know exactly which files are needed, so lets put them in the initrdimg
cd /root/initrdimg
mkdir usr/share
mkdir usr/share/keymaps
mkdir usr/share/keymaps/i386
mkdir usr/share/keymaps/i386/include
cp /usr/share/keymaps/i386/qwerty/es-cp850.map.gz .
cd usr/share/keymaps/i386/include/
cp /usr/share/keymaps/i386/include/qwerty-layout.inc . 
cp /usr/share/keymaps/i386/include/linux-with-alt-and-altgr.inc .
cp /usr/share/keymaps/i386/include/linux-keys-bare.inc .
cd /root/initrdimg
# done, 

Populating the lib64 directory Now comes the tricky part, you need to find out which libs files each binary(the ones inside the initrdimg) needs, for this job you need to use the ldd program with each binary.

It is tricky because some libs aren't exactly libraries but rather they're symbolic links to the real libraries, I have no idea why the gentoo developers do this, for example this causes loop-aes build_initrd script to fail,

This is what you'll need to do, run ldd for each binary, and then check whether if the library is really a library or just a symbolic link.

Here is an example of what I am talking about:

 ldd /bin/cat
              libc.so.6 => /lib/libc.so.6 (0x00002aaaaabc1000)
              /lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000)
 ls -l /lib64/ld-linux-x86-64.so.2
              lrwxrwxrwx  1 root root 11 Aug  7 19:38 /lib64/ld-linux-x86-64.so.2 -> ld-2.3.4.so

Ok, let's start. I am not going to post the output of ldd for each program and tell you whether some of its libraries are real or just a symbolic links, that's your job :) . I will however show you an example of how to do it.

Example:

  cd /root/initrdimg/lib64
  ldd /bin/chroot
       libc.so.6 => /lib/libc.so.6 (0x00002aaaaabc1000)
       /lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000)
  # are they real libraries?
  ls -l /lib/libc.so.6 
       lrwxrwxrwx  1 root root 13 Aug  7 19:38 /lib/libc.so.6 -> libc-2.3.4.so
  ls -l /lib/libc-2.3.4.so 
       -rwxr-xr-x  1 root root 1270528 Mar  4 23:00 /lib/libc-2.3.4.so
  ls -l /lib64/ld-linux-x86-64.so.2 
       lrwxrwxrwx  1 root root 11 Aug  7 19:38 /lib64/ld-linux-x86-64.so.2 -> ld-2.3.4.so
  ls -l /lib64/ld-2.3.4.so
       -rwxr-xr-x  1 root root 92552 Mar  4 23:00 /lib64/ld-2.3.4.so
  # copy the real libraries
  cp /lib/libc-2.3.4.so .
  cp /lib64/ld-2.3.4.so .
  # create the links (man ln)
  ln -s libc-2.3.4.so libc.so.6
  ln -s ld-2.3.4.so ld-linux-x86-64.so.2
  # done with chroot, proceed with the next one.

I know it's a tedious job, but it's needed. I highly recommend you to do it this way. Do it for all your binaries, remember all the libraries go to lib64, lib/ is just a link to lib64/.

Of course, you don't have to do it for cryptsetup(luks) since it was statically compiled :)

[bewerken] Checking the binaries

Check all the binaries inside the initrdimg by chrooting and running them with --help one by one. You should get no error messages about missing libraries.

  chroot /root/initrdimg /bin/sh
  /bin/cat --help
  /bin/chroot --help
  /bin/mkdir --help
  ....
  exit

[bewerken] Initrd Scripts

It's time now to create the initrd scripts, you will need two scripts(or only one of you chose not to use devmap_mknod.

linuxrc

Basically its job will be to setup dm-crypt, decrypt the root partition, mount it and then pivot_root to it. This linuxrc also has a "correct passphrase while loop", which means it will give the user n times to enter the right passphrase, if you don't supply the right passphrase it will halt the system, it's just a simple but effective security feature. Ok, here it's

#!/bin/sh
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
# Filter kernel messages on boot
dmesg -n 1
haltme() {
b=0
while [ "$b" = 0 ]
 do
 sleep 60
done
}
mount -t proc none /proc
CMDLINE=`cat /proc/cmdline`
## Create /dev/mapper/control nod for udev systems     # Only if you choosed
#sh devmap_mknod.sh                                  # to use devmap_mknod
umount -n /proc
## loadkeys                    # Only for international users, 
#loadkeys ./es-cp850.map.gz
# correct password while loop
c=0
while [ "$c" != 5 ]
 do
 cryptsetup luksOpen /dev/sda3 root 
 mount -t ext3 /dev/mapper/root /root
 if [ "$?" = 0 ]; then
  echo "Root Decrypted"
  break
 else
  umount /root
  cryptsetup luksClose root
  let c=$c+1
  if [ "$c" = 5 ]; then
   echo "Illegal Trasspassing attempted"
   echo "Halting..."
   haltme
  fi
 fi
done
echo "Switching..."
cd /root
mkdir initrd
pivot_root . initrd
# start init and flush ram device
exec chroot . /bin/sh <<- EOF >dev/console 2>&1
umount initrd
rm -rf initrd
blockdev --flushbufs /dev/ram0
exec /sbin/init ${CMDLINE}
EOF

If you want, you can put a nice ascii art to spice things up on boot :), simply STFW for an ascii art you like, name it ascii and put it inside the initrdimg, now edit linuxrc and put the following lines:

echo ""
echo ""    # adjust the number of echos to suit your needs, you probably will have to do this later
echo ""    # in order to know exactly how many echos you will need.
cat ./ascii
echo ""
echo ""
echo ""
echo ""

devmap_mknod

And here it's the devmap_mknod script.

#! /bin/sh

# Startup script to create the device-mapper control device 
# on non-devfs systems.
# Non-zero exit status indicates failure.

# These must correspond to the definitions in device-mapper.h and dm.h
DM_DIR="mapper"
DM_NAME="device-mapper"

set -e

DIR="/dev/$DM_DIR"
CONTROL="$DIR/control"

# Check for devfs, procfs
if test -e /dev/.devfsd ; then
        echo "devfs detected: devmap_mknod.sh script not required."
        exit
fi

if test ! -e /proc/devices ; then
        echo "procfs not found: please create $CONTROL manually."
        exit 1
fi

# Get major, minor, and mknod
MAJOR=$(sed -n 's/^ *\([0-9]\+\) \+misc$/\1/p' /proc/devices)
MINOR=$(sed -n "s/^ *\([0-9]\+\) \+$DM_NAME\$/\1/p" /proc/misc)

if test -z "$MAJOR" -o -z "$MINOR" ; then
        echo "$DM_NAME kernel module not loaded: can't create $CONTROL."
        exit 1
fi

mkdir -p --mode=755 $DIR
test -e $CONTROL && rm -f $CONTROL

echo "Creating $CONTROL character device with major:$MAJOR minor:$MINOR."
mknod --mode=600 $CONTROL c $MAJOR $MINOR

Note: this script belongs to the device-mapper package.

[bewerken] Building the initrd image

Great, now that you already have the initrdimg created, it's time to build the initrd image, remember that I previously told you that the initrdimg directory was first created to know the exact size the initrd image is going to have, well it's time to know the size. :)

 cd /root
 du -hs initrdimg  #(man dh)
 # write down the size.

Create the initrd image

 # Switch to tty2(outside the chrooted enviroment)
 cd /root
 touch initrd
 dd if=/dev/zero of=initrd bs=1024k count=<n> # n is a natural number, modify this value to set the proper
                                              # initrd size, for example a value of 8, will give you 8.1M
                                              # note that if you plan to use one of those fancy bootsplashes
                                              # you must keep in mind its size too.
 losetup /dev/loop4 initrd
 mke2fs /dev/loop4
 mkdir /mnt/initrd
 mount /dev/loop4 /mnt/initrd 
 cp -Rpv /mnt/gentoo/root/initrdimg/* /mnt/initrd/
 umount /mnt/initrd
 losetup -d /dev/loop4

Alternative

// I haven't tested it, but according to other guides, it should work

If you will use a bootsplash:

 cat /mnt/gentoo/boot/bootsplash-initrd >> initrd
 cp initrd /mnt/gentoo/boot/

If you don't use a bootsplash:

 cp initrd /mnt/gentoo/boot/

[bewerken] Kernel Configuration

This are the needed kernel options:

CONFIG_BLK_DEV_DM
CONFIG_DM_CRYPT
CONFIG_BLK_DEV_LOOP
CONFIG_BLK_DEV_INITRD
CONFIG_BLK_DEV_RAM
CONFIG_BLK_DEV_RAM_SIZE(multiple of 4096) depends on the size of your initrd: 16384 
CONFIG_BLK_DEV_RAM_COUNT reduce number to 2
IA32 EMULATION under Executable file
CONFIG_IA32_EMULATION
CONFIG_IA32_AOUT
COMPILE in neccesary Cryptos

Compile your kernel, and as a good practice copy your .config to /boot just in case.

Alternative

Genkernel users:

genkernel comes with a nice facility to build initrds. if you use genkernel you can opt to divert a little from this guide and follow the steps described here.

Follow the Gentoo installation guide until you reach step 8.a

[bewerken] Creating /etc/fstab

Here is an example, adjust it to suit your system

/dev/sda1               /boot           ext2    defaults,noatime        1 2
/dev/mapper/swap0       none            swap    sw                      0 0
/dev/mapper/root        /               ext3    noatime                 0 1
none                    /proc           proc    defaults                0 0
none                    /dev/shm        tmpfs   nodev,nosuid,noexec     0 0
/dev/cdroms/cdrom0      /mnt/cdrom      auto    noauto,user             0 0

Follow the Gentoo installation guide from step 8.b until you reach step 10(Configuring the Bootloader)

[bewerken] Grub configuration

Before configuring grub, it's time to install some userspace tools, you have to install device-mapper.

emerge device-mapper

Now, continue configuring grub

grub.conf example:

default 0
timeout 5
splashimage=(hd0,0)/grub/splash.xpm.gz

title=Gentoo
root (hd0,0)
kernel /kernel-2.6.12-gentoo-r6 root=/dev/ram0 rw init=/linuxrc vga=0x318 video=vesafb:mtrr,ywrap 
initrd (hd0,0)/initrd

title=kernel-bak
root (hd0,0)
kernel /kernel-2.6.12-gentoo-r6-bak root=/dev/ram0 rw init=/linuxrc vga=0x318 video=vesafb:mtrr,ywrap
initrd (hd0,0)/initrd

It is wise to have a kernel back-up image, remember, "shit happens" :)

genkernel users:

Use the Gentoo installation guide's grub.conf example.

Now, just 'grub-install /dev/sda'

Done.

Don't reboot the system yet, more stuff need to be done first. :)

[bewerken] Encrypting the swap partition

You already have the swap partition encrypted but that was just for the installation, now you are going to set it up for good. This guide will show you a way to encrypt your swap partition with an unknow random key generated at each boot. The cipher and mode to use is your choice, this guide will use blowfish because it's faster.

First, you need to find out which init takes care of the activating the swap partition on boot,

 cd /etc/init.d
 grep swapon *

You will probably see something like this:

         - halt.sh:if [[ -n $(swapon -s 2>/dev/null) ]]; then
         - localmount:     /sbin/swapon -a

localmount is the man in charge here, lets modify it:

All these lines must be set before the '/sbin/swapon -a ' line.

 ebegin "Encrypting Swap"
 head -c 32 /dev/random > /root/swap.key
 cat /root/swap.key | cryptsetup --cipher blowfish-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sda2
 cat /root/swap.key | cryptsetup luksOpen /dev/sda2 swap0
 mkswap /dev/mapper/swap0
 swapon /dev/mapper/swap0

Note if you see the following line in localmount:

 # Start dm-crypt mappings, if any
 start_addon dm-crypt

Comment it, we already took care of all the mappings, do the same with '/etc/init.d/checkfs'

Notes:

• If you use /dev/random for the swap.key, when you boot the system it may seem that it'll never end, just move the mouse(mice) a little. :) Or read the key from /dev/urandom instead.
• In this example, swap.key is in the /root directory which is encrypted, if you used a different partition scheme in which /root is left unencrypted, you should place swap.key inside an encrypted partition, please note that it's highly recommended to encrypt all your partitions.

[bewerken] Cryptsetup-luks & Portage

Since the portage ebuild for cryptsetup-luks(amd64) is masked you need to copy the cryptsetup(luks) you downloaded previously to your system.

# Switch to tty2(which is outside the chrooted enviroment)
cd /root
cp ./cryptsetup /mnt/gentoo/usr/sbin/
# Switch to tty1(which is inside the chrooted enviroment)
chmod o-rwx /usr/sbin/cryptsetup

Now you need to inform portage that you're in charge of maintaining cryptsetup

emerge --search "^cryptsetup"

It will print two programs:

sys-fs/cryptsetup (which you won't use)
sys-fs/cryptsetup-luks (which is masked at the moment of this writing: 10/08/2005)

This is how to do it, if you need more details, read the gentoo guide about portage. Edit(create it if it doesn't exist) /etc/portage/profile/package.provided and add this line to it: sys-fs/cryptsetup-luks-<version> , example: sys-fs/cryptsetup-luks-1.0.1

Now lets mask those cryptsetup packages, to inform portage that it should never attempt to install those programs. Remember, you will take care of cryptsetup-luks. Edit /etc/portage/package.mask (you can see an example of how this work, by looking at /usr/portage/profile/package.mask): Example of /etc/portage/package.mask

sys-fs/cryptsetup
sys-fs/cryptsetup-luks

Masking cryptsetup-luks is really your choice, for example, maybe you'll want to use cryptsetup-luks from portage someday when it isn't masked anymore. It's really up to you.

Protecting the configuration files. You need to protect /etc/init.d/localmount and /etc/init.d/checkfs, so pay special attention when updating the system. It is wise to copy those files to a backup directory, just in case they get overwritten,

[bewerken] Finishing Up

Creating necessary nodes You need to create the /dev/mapper/root and /dev/mapper/control nodes before you boot your system for the first time, otherwise it will fail.

# Switch to tty2 and do: ls -l /dev/mapper/
# write down the exact values somewhere, now switch back to tty1, and create the nodes:

example:

mkdir /dev/mapper
mknod /dev/mapper/control c 10 62
mknod /dev/mapper/root b 254 0
# and set the proper permissions(like you saw them in tty2)

The reason for creating this nodes is that after the initrd executes pivot_root, there must be the necessary nodes in order for dm-crypt to perform its operations, if they the nodes aren't there it will fail.

[bewerken] Finalizing

# Switch to tty1
# Exit the chrooted enviroment:
exit
cd 
umount /mnt/gentoo/boot
umount /mnt/gentoo/proc
umount /mnt/gentoo
sync 
cd /root
./cryptsetup luksClose root

Now, reboot your system! Good Luck!!

Don't forget to burn the paper where you wrote down the passphrase

Final note: Keep an eye on the dm-crypt mailing list, and its site.

[bewerken] Credits

Guide: Written by Reikinio

- contact: reikinio |a|t| gmail |.| com

All the people involved in dm-crypt & cryptsetup-luks.

[bewerken] References

• Encrypted Device Using LUKS - Major reference, credit goes to William Owen Smith
• Encrypting root filesystem with Dm-crypt
• dm-crypt wiki
• dm-crypt site
• dm-crypt mailing list
• loop-AES.README
• Some other minor guides I can't recall right now

[bewerken] Ciphers

Some of the available ciphers found on the cryptographic kernel menu:

• Blowfish
• Serpent
• AES
• Twofish
• DES
• CAST5
• CAST6
• SHA*
• Tiger
• RIPEMD

[bewerken] FAQ

• What if "someone" try to crack my system?

 :) Cracking a 256 bit key by brute force is next to impossible with current technology, however if they do try, they would have to search among 2²⁵⁶ possible passphrases, even if they use large Distributed Networks like the NSA or the SS, the task is next to impossible. They will probably use other methods, like spying and/or hardware keyloggers. If you happen to have your computer 1Km underground, inside a Pb bunker :D, then you can be safe for about 10 or 20 years until Quantum computers show up.

• Help! A three letter goverment agency is after me!, Will my data be safe?

You definitely have bigger problems than just the data, depending of what you did, they'll try to capture you and then torture you to death to get the passphrase.

Solution: Run like Forest!!! :P

Partial Solution: Put your unknown randomly generated encryption key in a USB-Stick, while you're on the run, make sure you delete its contents, see this article.

You're a dead either way.

• Could it be possible for someone to infect my computer so that my random number generator no longer produces "random" numbers?
• Is this possible if I use a hardware random number generator?

It may be possible for someone to target a user in this way, if the root partition or kernel is not encrypted when the computer is shutdown. Even if you use hardware to generate random numbers, an infected machine could opt not to use those properly. Over time, new data on the drive could be decrypted more easily and the effective search space for the key would be reduced should a brute-force attack be attempted.

Solution: Do a hash of the relevant parts of your system and store it on removable media. Check intermittently to see if the hash has changed.

• Help! I screwed my system, what should I do?

RTFM again, and again, STFW, think, then post either on the gentoo forums, or the dm-crypt mailing list.

Don't give up, screwing things up is the best way to learn :)

• I need to edit the initrd, how shall I do it?

losetup /dev/loop4 initrd
mkdir /mnt/initrd
mount /dev/loop4 /mnt/initrd
# edit it 
umount /mnt/initrd
losetup -d /dev/loop4
# done

• Help! I have this error:

failed to setup dm-crypt mapping
failed to read from key storage
Command failed: No key available with this passphrase</pre>

Check that you have dm-crypt and device-mapper included in the kernel.

Check you have the necessary ciphers included in the kernel.

Check the nodes inside the initrd.

The minor device number of control during boot with live cd doesn't have to be the same with later kernel. The only way to be sure to have the correct one is to check it after booting with the final kernel. Temporaly add a /bin/bash to your linuxrc and uncomment the unmounting of proc, then boot it. Being in bash with the final kernel do a cat /proc/misc and see the "real" minor device number.

[bewerken] Extra

All the information provided in this section were not tested, if you feel adventurous by all means try it, and let me known the results. :)

[bewerken] Booting from a USB stick

This will show you how to prepare a USB stick to boot an encrypted root partition. The kernel, keyfiles and other files needed to access encrypted root partition are stored on the removable USB stick. All harddisk partitions can be encrypted. This example uses the syslinux bootloader and a FAT formatted USB-stick.

Note: all information here was shamelessly copied from loop-AES readme section: 7.7

What are the benefits of using a USB stick to boot my encrypted system?

It will provide you with another layer of security, for example, it will protect you against hardware keyloggers and/or altered kernel images. But it won't protect you if "they" use "some other" hardware technology to read the information that travels between the USB devices and your computer. That's way I say that you can't ever trust your computer again if "someone" had physical access to it; Of course we're not talking about your little brother here :).

Requisites

• Make sure your motherboard supports booting from a USB device.
• Make sure that you have a 16 MB or larger USB stick
• Both USB 1.1 and USB 2.0 versions should work

Procedure The procedure is similar to the one on the guide, however you will have to adjust it. In the sections below there is the information you might need.

Kernel Configuration

CONFIG_MINIX_FS=y
CONFIG_PROC_FS=y
CONFIG_CRAMFS=n (or CONFIG_CRAMFS=m)
CONFIG_SCSI=y
CONFIG_BLK_DEV_SD=y
CONFIG_USB=y
CONFIG_USB_STORAGE=y
CONFIG_FAT_FS=y
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y

Depending on your USB hardware enable one or more of these. If unsure, enable all of them:

CONFIG_USB_UHCI=y (or CONFIG_USB_UHCI_HCD=y)
CONFIG_USB_OHCI=y (or CONFIG_USB_OHCI_HCD=y)
CONFIG_USB_EHCI_HCD=y

All kernel subsystems needed by root file system (IDE drivers, ext2/ext3/reiserfs/whatever) must be compiled directly into kernel. They can't be modules. FAT file system needs these:

CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_CODEPAGE_850=y
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_ISO8859_15=y
CONFIG_FAT_DEFAULT_CODEPAGE=850
CONFIG_FAT_DEFAULT_IOCHARSET=iso8859-15

Accessing files on USB-stick will fail if correct codepage is not included in the kernel. For kernel and initrd file names, use short MSDOS compliant file names on the USB-stick with no capitals and no special characters. Short MSDOS names is syslinux limitation.

syslinux configuration

Contents of /boot/syslinux.cfg configuration file:

default linux
timeout 100
prompt 1
label linux
kernel vmlinuz
append initrd=initrd root=100 init=/linuxrc rootfstype=minix

Preparing the USB-Stick

Prepare USB-stick to act as boot device. For some reason syslinux fails to write boot code to MBR on partitioned device. This example uses partitionless /dev/sdb USB-stick device so that syslinux actually ends up writing boot code to MBR. If your USB-stick has pre-existing boot code on its MBR, then partitioned device may boot normally without syslinux actually writing anything to MBR. Warning: Partitionless USB-stick may be unreadable in MS-Windows operating systems.

First, make sure that the USB-stick is not mounted.

umount /dev/sdb1
umount /dev/sdb

If it wasn't mounted, just ignore error messages.

Wipe clear first 5 MB of USB-stick device. This clears out existing MBR, partition table and beginning of existing file system.

dd if=/dev/zero of=/dev/sdb bs=1024k count=5 conv=notrunc

Write a FAT16 file system to USB-stick device.

mkfs -t vfat -I /dev/sdb

Note: Syslinux will not work with FAT32 file system.

Copy files from /boot to USB-stick device.

mkdir /mnt/usb
mount -t vfat /dev/sdb /mnt/usb
cp -pR /boot/<kernelimage>  /mnt/usb
cp -pR /boot/.config /mnt/usb   #kernel configuration
cp -pR /boot/System.map /mnt/usb
cp -pR /boot/syslinux.cfg /mnt/usb
cp -pR /boot/initrd /mnt/usb

Install syslinux on FAT16 formatted USB-stick device.

syslinux /dev/sdb
sync   

Good luck!! Post back the results :)

[bewerken] Howto add additional passphrases

Don't ask me why people do this, but it's a feature, it will allow you to unlock your partition with a choice of different passphrases: (you can do this with the encrypted partition mounted, if you wish):

cryptsetup -y luksAddKey /dev/sda3
Enter any LUKS passphrase: (enter an existing password for this partition)
key slot 0 unlocked.
Enter new passphrase for key slot: (enter the extra password)

To delete an existing passphrase (but don't delete the last one, your data will be lost forever, you will be warned if you try this), you need to know which slot the password is in. The first passphrase goes in slot 0, any additional passphrases go in slot 1, 2 etc. You can do this with the encrypted partition mounted, if you wish. So to delete the very first passphrase you used, use:

cryptsetup luksDelKey /dev/sda3 0

[bewerken] Recommended reading

Cracking Attacks:

• Brute force
• Linear cryptanalysis
• Differential cryptanalysis
• Mod n cryptanalysis
• Related-Key attack
• XSL attack

Misc:

• Avalanche effect
• Block-size
• IV
• Key size
• Modes of Operation
• Piling-up lemma
• Weak key
• Passphrase FAQ

Please note that serious organizations create their own dictionaries with some of the techniques you may find in the web, so it's recommended that you also come up with your own way for creating passphrases.

• Secure Deletion of Data from Magnetic and Solid-State Memory

Other interesting stuff

• Tools for secure wiping of data: wipe - bcWipe - shred
• A simple benchmark, comparing the performance of various ciphers.
• Steganography

[bewerken] Support

Please post them here.

Criticism, suggestions, corrections, information, and of course feedback are welcome. It is nice to know that someone actually reads this stuff :)