You are not logged in.

#1 2009-11-10 00:18:41

milomouse
Member
Registered: 2009-03-24
Posts: 940
Website

loop-AES.. howto?

Ok, since I have little knowledge on this matter I'm going to straight out ask [any kind souls] how I would go about getting loop-AES encryption method to work on ARCH (x86_64). I know the default ARCH kernel26 doesn't support it and was wondering what kernel does..  I think the vanilla kernel would work, though I'm not positive. Anything from the AUR, maybe, or should I build from ABS?

And from there, I'm trying to figure out how to configure it, kinda of like LUKS with dm-crypt.. but without the dm-crypt, as I think it's another method.. as from the "System Encryption with LUKS for dm-crypt" Arch Wiki it says:

Why LUKS for dm-crypt?

There are either 3 or 4 rival disk encryption standards in Linux, depending on how you count them.

The old cryptoloop is deprecated: it's old, insecure and unreliable.

A much better version, loop-AES (http://loop-aes.sourceforge.net/), was created but, due to politics, never became favorable with the kernel developers. It's far more secure than either cryptoloop or straight device-mapper encryptions (and probably faster than any of the other 3 options), but is not user-friendly. It also requires non-standard kernel support, which ARCH's kernel26 doesn't have.

The standard device-mapper encryption (dm-crypt) is another choice.

LUKS essentially makes management of encrypted partitions easier. Without going into the hairy details (check out the LUKS home page if you're interested), it stores all the needed setup information on the disk itself. All you need then is the password, which can be in a separate file if you like. The Linux implementation uses dm-crypt and it can have up to eight different passwords, which can be changed or revoked easily. It is also supported by mkinitcpio in ARCH linux, which is nice.

So... from my understanding I would have to use loop-AES by itself and without dm-crypt.. but possibly with LUKS? Wondering about this seeing as I have to go about configuring this for my new system. I'll have a root partition encrypted, home encrypted, swap encrypted, and tmp/var tmp encrypted. Not sure if loop-AES will be for all of them.

Any tips are appreciated. My system is a x86_64, 2ghz AMD64 x2, 4GB RAM, nVidia GeForce 7150M/nForce 630M, laptop.. I'm about to do a complete re-install using the "archlinux-2009.08-netinstall-x86_64[.iso OR .img, not sure]".

Offline

#2 2009-11-10 09:46:31

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: loop-AES.. howto?

There is no need for support in the kernel. You can build the module out of tree, just by grabbing the loop-AES source and reading the instructions. It will compile a new loop.ko module (that replaces the stock one) and build other necessary modules. util-linux-ng is already patched to support loop-AES on Arch - out of the box. There might be some package I forgot that you have to rebuild.

Anyway - the instructions are pretty clear. If you'd rather rebuild your kernel (imho the cleaner solution), I made this patch for loop-AES:
ftp://nauseamedialis.org/stijn/pkgbuild … 1.patch.xz


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#3 2009-11-10 10:43:09

bender02
Member
From: UK
Registered: 2007-02-04
Posts: 1,328

Re: loop-AES.. howto?

Also I think B is not correct about not needing to build a new kernel with the loop support disabled - the instructions for loop-aes say that the compilation won't work if the loop module is compiled as a module (which it is on the arch kernel).

One thing that I don't know (but I think it is possible) and will be needed to have loop-aes on the root partition is to pass special mount options on grub's kernel line (so that the script in initramfs that does the mounting knows it's supposed to be loop-aes encrypted). ... err... now that I think about it, the 'mount' program in initramfs might not be the one that comes from util-linux-ng (which would be OK), but a different one... I need to check. Oh well. On the other hand, the loop-aes README has quite good instructions on how to build your own initramfs (ie not using mkinitcpio) that does the job, so you might want to go with that and disregard the beginning of this paragraph.

EDIT: it's a nice project to go with loop-aes, but if you'd ask me, i'd say it's too much hassle for little benefit. cryptsetup-luks (aka dm-crypt) is supported on arch out of the box, and provides enough security and performance (for me). you won't have to compile the kernel yourself every time you want to update it, you won't have to remember to always after updating copy around the new loop module. I'm unhappy that the kernel devs rejected loop-aes for (I guess) political reasons, but i'm too lazy to do all that work. There've been times when I was doing such stuff, but then I realized that it creates too much overhead.

Last edited by bender02 (2009-11-10 10:54:58)

Offline

#4 2009-11-10 20:13:08

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: loop-AES.. howto?

Cryptsetup allows to retrieve encryption keys from RAM, even after a reboot. That's why I went with loop-AES. There is no way to automate mounting though, I have to do it manually everytime.

As for the loop driver: one would think it could be replaced especially if it's not integrated statically into the kernel. I never tried to build against an existing kernel, so I might be wrong indeed. But it just seems not logical to me the other way around.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#5 2009-11-10 21:27:49

bender02
Member
From: UK
Registered: 2007-02-04
Posts: 1,328

Re: loop-AES.. howto?

B wrote:

Cryptsetup allows to retrieve encryption keys from RAM, even after a reboot. That's why I went with loop-AES. There is no way to automate mounting though, I have to do it manually everytime.

I don't understand what do you mean by this. Do you mean that it doesn't overwrite the keys in the memory on closing the device, so that if immediately after you shut down (or reboot) the computer someone physically freezes the memory and does some more high-tech stuff, they can get the keys out of there?

Offline

#6 2009-11-10 23:52:56

milomouse
Member
Registered: 2009-03-24
Posts: 940
Website

Re: loop-AES.. howto?

Hey, thanks a lot, these are the answers I was looking for. I'll do a few trial runs with the different methods above on fresh installs (just because that's what I'm planning). I'm going to give the loop-AES.README another [more thorough] read tonight while I'm offline. I downloaded all the bzips, sigs, patches and kernel source (just in case) to my laptop and a USB stick just so I have all my bases covered. This should be fine since I like to do things manually.

bender02 wrote:

Also I think B is not correct about not needing to build a new kernel with the loop support disabled - the instructions for loop-aes say that the compilation won't work if the loop module is compiled as a module (which it is on the arch kernel).

B wrote:

As for the loop driver: one would think it could be replaced especially if it's not integrated statically into the kernel. I never tried to build against an existing kernel, so I might be wrong indeed. But it just seems not logical to me the other way around.

So, I should compile from source and disable the loop module in kernel, and then install loop-aes via instructional readme? *dumb* hmm  I'm doing a fresh install with all this. I hate to ask, but B, assuming you use loop-AES, how did you go about applying it to your kernel?

bender02 wrote:

One thing that I don't know (but I think it is possible) and will be needed to have loop-aes on the root partition is to pass special mount options on grub's kernel line (so that the script in initramfs that does the mounting knows it's supposed to be loop-aes encrypted). ... err... now that I think about it, the 'mount' program in initramfs might not be the one that comes from util-linux-ng (which would be OK), but a different one... I need to check. Oh well. On the other hand, the loop-aes README has quite good instructions on how to build your own initramfs (ie not using mkinitcpio) that does the job, so you might want to go with that and disregard the beginning of this paragraph.

I need to pass certain options to GRUB (or Lilo) if I use mkinitcpio? Do you know what options those are.. if indeed I have to. Otherwise, I was thinking of using my own initramfs anyway, just for awareness' sake. I'll do some manual reading and internet searches about the mkinitcpio method.

Sorry if I missed something and asked a question already answered above.. hmm

Offline

#7 2009-11-11 08:08:27

bender02
Member
From: UK
Registered: 2007-02-04
Posts: 1,328

Re: loop-AES.. howto?

milomouse wrote:
bender02 wrote:

One thing that I don't know (but I think it is possible) and will be needed to have loop-aes on the root partition is to pass special mount options on grub's kernel line (so that the script in initramfs that does the mounting knows it's supposed to be loop-aes encrypted). ... err... now that I think about it, the 'mount' program in initramfs might not be the one that comes from util-linux-ng (which would be OK), but a different one... I need to check. Oh well. On the other hand, the loop-aes README has quite good instructions on how to build your own initramfs (ie not using mkinitcpio) that does the job, so you might want to go with that and disregard the beginning of this paragraph.

I need to pass certain options to GRUB (or Lilo) if I use mkinitcpio? Do you know what options those are.. if indeed I have to. Otherwise, I was thinking of using my own initramfs anyway, just for awareness' sake. I'll do some manual reading and internet searches about the mkinitcpio method.

Sorry if I missed something and asked a question already answered above.. hmm

Right now I think that the best method is not to rely arch's kernel or initramfs related things, just go with the loop-aes README file, he seems to have a special script/program which builds an initramfs suited for encrypted root setup.

BTW, in the README file there are also instructions on how to build the kernel module; essentially compile the kernel with certain config options set (notably CONFIG_BLK_DEV_LOOP=n), and then do the usual 'make' in the loop-aes directory.

Offline

#8 2009-11-11 12:35:20

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: loop-AES.. howto?

bender02 wrote:
B wrote:

Cryptsetup allows to retrieve encryption keys from RAM, even after a reboot. That's why I went with loop-AES. There is no way to automate mounting though, I have to do it manually everytime.

I don't understand what do you mean by this. Do you mean that it doesn't overwrite the keys in the memory on closing the device, so that if immediately after you shut down (or reboot) the computer someone physically freezes the memory and does some more high-tech stuff, they can get the keys out of there?

The term loop-AES devs use is 'scrubbing'. From their README:

If you want to enable AES encryption key scrubbing, specify KEYSCRUB=y on
make command line. Loop encryption key scrubbing moves and inverts key bits
in kernel RAM so that the thin oxide which forms the storage capacitor
dielectric of DRAM cells is not permitted to develop detectable property.
For more info, see Peter Gutmann's paper:
http://www.cypherpunks.to/~peter/usenix01.pdf

milomouse wrote:

So, I should compile from source and disable the loop module in kernel, and then install loop-aes via instructional readme? *dumb* hmm  I'm doing a fresh install with all this. I hate to ask, but B, assuming you use loop-AES, how did you go about applying it to your kernel?

You shouldn't assume tongue. I'm not creating those patches because I like it.

Your question makes me wonder: have you ever built a kernel? Have you ever applied a patch?

$ man patch

Judging from your questions I'd say just stick with the main kernel and build the modules separately.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#9 2009-11-11 17:09:55

milomouse
Member
Registered: 2009-03-24
Posts: 940
Website

Re: loop-AES.. howto?

Well, I read the README a few times over last night and made notes in vim. I think I'm going to follow their directions step-by-step at first and if all goes well I'll experiment with different config options and so on. I have to say thanks to you guys for all the help. And yes, B, I've built a kernel before and applied patches to various things, I was just curious if you took extra measures in configuring your rc.* files for startup/shutdown sequences, what ciphers (etc) you used for what partition, etc, etc.. I shouldn't have used the word "kernel" without elaborating, or at all. This is probably too much to ask and you can forget it if you like, I just like having real-world examples whenever I can. No biggie! I'll review your patch and see what's what. smile

And yeah, I noticed the info about Lilo/Grub in the README and examined the build-initrd.sh for further details, which I feel comfortable with. I think I'll try their method like I stated before, just to start with. Just throwing that out there.

Offline

#10 2009-11-11 21:21:38

bender02
Member
From: UK
Registered: 2007-02-04
Posts: 1,328

Re: loop-AES.. howto?

Good luck!

I would be interested in knowing whether is goes fine or whether there are any pitfalls... I may try the setup one day.

Offline

#11 2009-11-11 22:37:48

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: loop-AES.. howto?

The patch is nothing more than the author's original patch, with the removal of the loop.c and loop.h code integrated. Don't ask why he doesn't do it himself, I don't know... But applying the author's patch means you have to remove both files first and apply his patch only then. So code-wise, they're absolutely identical - mine is just easier.


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#12 2009-12-31 23:09:40

soloport
Member
Registered: 2005-03-01
Posts: 442

Re: loop-AES.. howto?

Arch kernel26 must be rebuilt to support the following change:

# .config Before
CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_CRYPTOLOOP=m


# .config After
# CONFIG_BLK_DEV_LOOP is not set

At the same time the loop patch is applied and module built.  Here's a pseudo-diff of PKGBUILD (<= 2.6.31):

  url="http://www.kernel.org"
- source=(ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_basekernel.tar.bz2
+ source=(loop-AES-latest.tar.bz2
+         ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_basekernel.tar.bz2
          ftp://ftp.archlinux.org/other/kernel26/${_patchname}.bz2
          # the main kernel config files


          # standard config files for mkinitcpio ramdisk
          kernel26.preset)
- md5sums=('260551284ac224c3a43c4adac7df4879'
+ md5sums=('060bec1ae3c5ba98d63c7d64d906faaf'
+          '260551284ac224c3a43c4adac7df4879'
           '57d123b271851aeee1b71a5f7f8245d5'
           '8f2c9b66c60ab48082c8fdcc7ab7efc8'


    # get kernel version
+   sed -i 's|CONFIG_BLK_DEV_LOOP=.|CONFIG_BLK_DEV_LOOP=n|' ./.config
    make prepare
    # load configuration


    # remove the firmware
    rm -rf ${pkgdir}/lib/firmware
+   cd ${srcdir}/loop-AES-v*
+   make clean
+   make LINUX_SOURCE=${srcdir}/linux-$_basekernel KBUILD_OUTPUT=${srcdir}/linux-$_basekernel INSTALL_MOD_PATH=${pkgdir}
}

Also util-linux-ng needs to be re-built as it gets update-released -- infrequent fortunately.  Typical steps to update util-linug-ng are:
* remove cryptoloop-support patch
* add loop-aes patch
* experiment with other patches (remove, re-order) until it builds

NOTE: Kernel 2.6.32 PKGBUILD differs a bit from kernel26 <= 2.6.31.

Last edited by soloport (2010-01-01 00:45:34)

Offline

#13 2010-01-25 02:56:02

soloport
Member
Registered: 2005-03-01
Posts: 442

Re: loop-AES.. howto?

For kernel 2.6.32 or greater, the last line should be changed from

+   make LINUX_SOURCE=${srcdir}/linux-$_basekernel KBUILD_OUTPUT=${srcdir}/linux-$_basekernel INSTALL_MOD_PATH=${pkgdir}

to

+   make LINUX_SOURCE=${srcdir}/linux-$_basekernel KBUILD_OUTPUT=${srcdir}/linux-$_basekernel INSTALL_MOD_PATH=${pkgdir}/kernel26

Offline

Board footer

Powered by FluxBB