Hey all,
I'm planning to customise a RPi with Raspbian already running, and using cryptsetup (LUKS) to have a partition more secure for some reasons... So the goal is to move some existing sensitive folders to this new encrypted partition. Some sym-links will be used for those directories.
About Tor, if I'm not wrong, those directories can be moved to this encrypted partition : /var/lib/tor : so I'm planning to move /var...
So at final, planning to move : /home /var /tmp (why not swap file ?)
Any suggestions and master's thoughts are welcome :)
On 24.10.2016 09:53, Petrusko wrote:
Any suggestions and master's thoughts are welcome :)
:-)
Yes, why not use a full disk encryption? You could encrypt the root partition. I know, it's harder to do this on a running system and Raspbian doesn't offer you encryption within setup. The best thing would be an ssh shell on initrd to start the system.
Why not also encrypt the swap partition, if there is one? Raspbian uses a swapfile afaik.
http://resources.infosecinstitute.com/luks-swap-root-boot-partitions/
The passphrase to use the encrypted partitions is stored in RAM. If some of the contents of the RAM are kept in the swapfile, you could easily read this. It should be better to encrypt the swap file, too. Swapfile's previous contents remain transparent over reboots. But anyway, the swapfile in Raspbian is located in /var.
https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#Using_a_swap_f...
You shouldn't encrypt the boot partition unless you know what you are doing. Having a backup of your partitions LUKS headers is important. If a LUKS key slot or the header itself becomes damaged and you don't have a good copy to restore to the encrypted partition, the partition becomes unusable. You can use a key file to automatically decrypt e.g. /home on boot. Store the key files on encrypted partitions.
The performance of the SD card could be very slow:
https://raspberrypi.stackexchange.com/questions/42100/performance-with-an-en...
Regards,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 10/24/2016 09:53 AM, Petrusko wrote:
Any suggestions and master's thoughts are welcome :)
I played few weeks ago with folder based encryption at an EXT4FS, but gave up - it won't work reliable here (hardened stable Gentoo Linux). But maybe with kernel 4.8.x that would work ?
- -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
Many thx for your contribution, thx to you 2 :)
I was thinking too about the full disk encryption. No problem to backup/restore current files.
Sadly Raspbian, and many others OS for the RPi, have not many options like x86 when you set up the system. That's why it can be hard to understand how to proceed with a running system, harder than set up a fresh Debian with the main useful menu with "use full disk encryption" option ;)
I'll read the links in your previous mail, it will be helpful.
Thx for your lights, to all ;)
On 10/24/2016 04:04 PM, Petrusko wrote:
With Raspbian, you can: 1) install normally; 2) backup with rsync to another device on LAN; 3) wipe root partition; 4) encrypt, and configure LVM2; 5) setup logical volumes, create mount points, and mount them; 6) restore from backup; and 7) fix various broken stuff. Now everything except /boot is encrypted.
I have a how-to guide, if you're interested.
On 10/25/2016 03:39 AM, Ralph Seichter wrote:
I'm assuming that the list doesn't accept attachments :)
Basically, I stopped working on Pi, for several reasons. Mainly the USB NIC. And so my guide is just a first draft. Also, there's nothing novel there about cryptsetup. Raspbian is essentially Debian. But if anyone wants to reuse parts of it, that's cool. Just ask for a copy.
It turns them into links. They work fine.
T
Hi folks,
I am not sure it is more secure. What are we trying to protect here? As long as the relay is running,it is unencrypted. Disk encryption only prevents physical access - are you at risk of this? At any rate, the relay shouldn't be storing personal data.
Having it encrypted also makes remote management an absolute pain.
Can someone clarify this? -- D
On 24 October 2016 08:53:14 BST, Petrusko petrusko@riseup.net wrote:
I am not a lawyer, but I've heard that it helps to prove you have no personal data. This is harder when there is encrypted data on the machine.
Tim
T
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 10/25/2016 12:03 PM, Duncan Guthrie wrote:
Having it encrypted also makes remote management an absolute pain.
Depends on - an encrypted ext4fs needs just to be decrypted after boot as I tried in [1].
And the use case is to avoid that the private key of the tor exit relay can be accessed by somebody having physical access to the hard disk.
[1] https://github.com/toralf/torutils/blob/master/unlock_tor.sh
- -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
... while the machine is unpowered.
If the machine is powered, physical access likely gives them physical access to the contents of memory as well. (Not just cold boot-style attacks, but DMA hardware as well.)
Tim
T
Right, it's so easy and quick to duplicate a SD card with this hardware, by only unplugging it from the board... If it's not stored under your bed, it can be useful :p
And 2nd, it can be a cool challenge to make it working ? To understand how those security softwares and how to config them nicely is really cool. It's always good to make your head thinking about a new way you don't know ;) And exploring some new things you never seen working... and sharing informations you found with others by trying to make it work.
By this way, if I become more friendly with encrypting data and system with this test, it will be useful for future RPi installs, like mail servers and other stuff to secure by encrypting personal data... hosting some friends backups for example...
Thx ;)
Duncan Guthrie :
Disk encryption only prevents physical access - are you at risk of this?
tor-relays@lists.torproject.org
-
diffusae -
Duncan Guthrie -
Mirimir -
Petrusko -
Ralph Seichter -
teor -
Toralf Förster