Arch Linux

Pastulio

Member

Registered: 2013-01-11

Posts: 6

Luks key hidden between MBR and first partition not found

Hey everybody,

I've been using archlinux for a while now, and this is the first time I'm posting.
I must probably be overlooking something simple, but I don't know what the problem could be.

I've installed archlinux on a fully encrypted HDD and am trying to add a luks secret key between my USB key's MBR and first partion.
(I've authenticated succesfully using a secret key file on the drive itself, so the udev rule is working correctly, but I want to add some obscurity)

I took the following steps to create my usb-key:

1. Overwrite the entire USB key with random data

dd if=/dev/urandom of=/dev/sdX

2. use dd to copy 2048 bytes of data to a secretkey file with an offset of 512 bytes

dd if=/dev/sdX of=/home/user/secretkey seek=1 bs=512 count=4

3. Create a partition table using fdisk

fdisk /dev/sdx

n for a new partition: number 1, first sector 2560
t for partion type: b (W95 FAT32)
w to write changes

4. Made a dos filesystem on the fist partion

mkdosfs /dev/sdX1

5. Added a luks key

crytpsetup luksAddKey /dev/sda2 --key-slot 7 /home/user/secretkey

6. Modified grup config file -> made changes to the following line

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:cryptroot cryptkey=/dev/lukskey:512:2048"

7. Updated grub

grub-mkconfig -o /boot/grub/grub.cfg

After this procedure it is still not working.

I'll note again that it was working with a key file stored on the first partion, so I doubt the problem lies in my initramfs.
But I'll post some info about it here anyway:

Extracted from mkinitcpio.conf

--- removed content ---
MODULES="vfat"
--- removed content ---
HOOKS="base udev autodetect modconf block keymap encrypt lvm2 filesystems keyboard fsck"
--- removed content ---

Thanks in advance for any help received! It would be greatly appreciated.

Best regards,
Pascal

Last edited by Pastulio (2013-02-25 13:35:44)

Pastulio

Member

Registered: 2013-01-11

Posts: 6

Re: Luks key hidden between MBR and first partition not found

It appears my topic has gone unnoticed, or maybe nobody knows the answer.
I'm pretty sure the error is just because of some error I made, but I just don't get it.

any hints of where too look would be great.

Thanks!

thatsmydoing

Member

Registered: 2022-09-24

Posts: 1

Re: Luks key hidden between MBR and first partition not found

Hi, I guess this post is pretty dead but it's linked to from https://nixos.wiki/wiki/Full_Disk_Encryption so I thought I should chime in on what's wrong here.

The problem is when copying the keyfile from the drive, you should have used skip instead of seek as seek affects the output file whereas skip affects the input file. You can see the problem if you dd before and after doing the fdisk, the files will differ as the keyfile actually contains the mbr.

So the command should probably have been

dd if=/dev/sdX of=/home/user/secretkey skip=1 bs=512 count=4