You are not logged in.

#1 2018-12-12 05:49:12

justinnoor
Member
Registered: 2017-12-02
Posts: 5

Clarification needed on a wiki step for installing Arch on LVM

When installing Arch on LVM with encryption, there is a step in the Arch wiki that has become a point of confusion. This is the Luks on LVM guide directly above the Preparing the logical volumes section. Here there is a short note that says: Randomise /dev/sda2 according to https://wiki.archlinux.org/index.php/Dm … _partition. This step creates a temporary encrypted container and fills it with zeros.

What exactly are we achieving with this step and how is it different from # dd if=/dev/zero of=/dev/sda2?

This is being performed on a single disk laptop with an SSD that has been completely wiped with Solid state drive/Memory cell clearing. Is it really necessary?

Last edited by justinnoor (2018-12-12 05:50:09)

Offline

#2 2018-12-12 08:26:07

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 592

Re: Clarification needed on a wiki step for installing Arch on LVM

It's different from dd if=/dev/zero of=/dev/sda2 in that you're not filling the physical partition with zeros but the encrypted container /dev/mapper/to_be_wiped, which in turn writes encrypted data to /dev/sda2. The result is that /dev/sda2 has random data. It's purpose is to hide the used and unused sectors of the filesystem that will be in the your LUKS volume.

If you plan to use TRIM, then it's completely unnecessary.

Offline

#3 2018-12-12 20:46:26

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247

Re: Clarification needed on a wiki step for installing Arch on LVM

nl6720 wrote:

If you plan to use TRIM, then it's completely unnecessary.

Can you clarify what you mean by that? AFAIK TRIM is a completely independent topic; furthermore, it is specific to SSDs, which have questionable encryption properties anyway.

Offline

#4 2018-12-13 08:34:24

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 592

Re: Clarification needed on a wiki step for installing Arch on LVM

The first post says that an SSD is involved, that's why I mentioned TRIM.
As for why it's unnecessary, that's because, if your file system, encrypted container and everything in between uses TRIM, all the random data on the unused disk sectors, that you spend hours to write, will just get discarded. You'll be right back were you started from.

Offline

#5 2018-12-13 21:13:50

justinnoor
Member
Registered: 2017-12-02
Posts: 5

Re: Clarification needed on a wiki step for installing Arch on LVM

Thanks, nl6720. Also thanks for pointing out the TRIM issue.

Just to clarify. Randomizing the partition as mentioned above would prevent any forensic analyses from seeing the logical volumes, but the partition itself /dev/sda2 would likely be visible?

Offline

#6 2018-12-14 07:04:28

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 592

Re: Clarification needed on a wiki step for installing Arch on LVM

The data inside the encrypted container (except for the LUKS header) would just be "random noise", but the partition table, partitions and the LUKS header would still be visible.
If you want to hide everything look at https://wiki.archlinux.org/index.php/Dm … n_dm-crypt or one of the alternatives listed in the tip.

If you just want to protect the data in case the hardware gets stolen, then most of it is overkill.

Offline

#7 2018-12-14 15:56:26

justinnoor
Member
Registered: 2017-12-02
Posts: 5

Re: Clarification needed on a wiki step for installing Arch on LVM

Awesome. Thanks again.

Offline

Board footer

Powered by FluxBB