Musings about on-disk encryption in Fedora Core part II

W. Michael Petullo mike at flyn.org
Sat Aug 28 23:31:39 UTC 2004 

Almost two months ago Nils Philippsen started a thread about disk
encryption in Fedora Core.  I wanted to make some comments about the
progress that has been made and the things that still need to be done.

First, it was determined that the lowest hanging fruit was adding support
for encrypted swap.  This is generally a prerequisite for disk encryption
(note that it is possible that Apple didn't get this right[1]).

Russell Coker found a nice script from the Debian folks that can be
installed in /etc/init.d and used for initializing encrypted swap.  A new
configuration file, /etc/crypttab, determines how disks are encrypted.
[2] is a Bugzilla bug that tracks encrypted swap and includes a link to
the cryptdisk script and instructions.

Currently the ordering of events needs some work.  The cryptdisk
initializes encrypted swap after rc.sysinit but rc.sysinit executes
``swapon -a'' before the cryptdisk script runs.

Another goal is to add support to Fedora Core for an encrypted
root device.  In order to do this, mkinitrd must support creating an
initrd that can unlock the root filesystem.  [3] contains a patch for
mkinitrd that does this.  Thanks to comments from Russell Coker, the
patch now supports booting off a removable disk (only the kernel and
initrd reside on the removable disk -- the encrypted root does not need
to be removable).  The mkinitrd patch also receives it configuration
from /etc/crypttab.

The encrypted root patch at [3] requires that cryptsetup be statically
linked.  [4] provides a patch to the cryptsetup RPM specification that
does this.

Finally, [5] contains some notes about and a link to a patch for
util-linux that adds dm-crypt support to mount.  This allows one to
use the standard mount interface instead of the specialized cryptsetup
command to mount dm-crypt volumes.  The patch works, but depends on an
unreleased cryptsetup 0.2.  The author of the patch has not stated if he
is going to continue to maintain the patch.  The author of util-linux
has concerns about loop-aes vs. cryptoloop vs. dm-crypt that must be
addressed before he accepts the patch.

If you are interested in the util-linux patch, let me know and I will
fill you in.  Otherwise, this fruit seems out of reach for now.

Some progress has been made in implementing encrypted swap and root
support in Fedora Core.  Other than the requirements noted above, there
is still the need for documentation.  I plan on writing up some
instructions as well a rudimentary attack tree for all of this.

Happy hacking!

[1] http://www.securityfocus.com/archive/1/367116/2004-06-21/2004-06-27/0
[2] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127378
[3] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789
[4] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129926
[5] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56698

-- 
Mike

:wq

More information about the fedora-devel-list mailing list