Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

How to en/decrypt an fs image before copying to a ramdisk?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Sadako
Advocate
Advocate


Joined: 05 Aug 2004
Posts: 3792
Location: sleeping in the bathtub
PostPosted: Tue Jan 15, 2008 4:59 pm    Post subject: How to en/decrypt an fs image before copying to a ramdisk? Reply with quote
I'm playing with a custom livecd that will copy the filesystem image to ram and boot from there, but I want the image to be encrypted on the livecd and decrypted before or as it is copied to the ramdisk, and was wondering what the best way to do this is?

I was originally thinking dmcrypt/cryptsetup, but I don't think that would make a whole lot of sense in this case.

Something like aespipe looks suitable, but I just wanted to get the opinions of others first, so any other ideas?

(also, the latest aespipe in portage is over two years old, which gives me some concerns...)

Thanks.
_________________
"You have to invite me in"
Back to top
View user's profile Send private message
richard.scott
Veteran
Veteran


Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
PostPosted: Tue Feb 12, 2008 6:04 pm    Post subject: Reply with quote
I've seen threads about this support in Catalyst:

http://www.nabble.com/Encrypted-livecd's---need-testers-td11341634.html

I'm not sure what's come of it tho.

In theory, if catalyst can do it, then anyone can!
Back to top
View user's profile Send private message
Sadako
Advocate
Advocate


Joined: 05 Aug 2004
Posts: 3792
Location: sleeping in the bathtub
PostPosted: Tue Feb 12, 2008 11:54 pm    Post subject: Reply with quote
richard.scott: Thanks for that link, I had already dismissed using cryptsetup as that would require using losetup as well, but it gave me another idea;

Rather than storing the squashfs image on the iso filesystem itself, I could simply append it to the end of the iso image, and I could even add extra random data before and after the squashfs, too.
Then I could use cryptsetup with an offset on the cd device itself (eliminating the need for losetup), and use dd to copy from the decrypted dev map to a ram disk.

Of course, I realise all this is just extra security by obscurity, and any idiot could figure it out by looking at my linuxrc anyways, but this just has a certian perverse appeal to me, so I think I'll give it a shot.

I really don't understand why the guy creating that livecd is using the luks extensions, though.

Anyways, thanks again for the link, it gave me some interesting ideas.
_________________
"You have to invite me in"
Back to top
View user's profile Send private message
richard.scott
Veteran
Veteran


Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
PostPosted: Wed Feb 13, 2008 10:30 am    Post subject: Reply with quote
I can sort of understand why he's wanting to encrypt the RootFS on a CD as I'm wanting to do the same :D
It'd stop people reverse engineering your hard work if you use this as a platform for a project.

Would it be possible to put the RootFS in an encrypted image inside SquashFS and then mount that as your root?.... rather than placing it in a random place on the CD as it would save the effort of working that out?

You could also easily copy the iso contents onto a usb stick too and boot from that if you wanted!
Back to top
View user's profile Send private message
Sadako
Advocate
Advocate


Joined: 05 Aug 2004
Posts: 3792
Location: sleeping in the bathtub
PostPosted: Wed Feb 13, 2008 4:38 pm    Post subject: Reply with quote
richard.scott wrote:
Would it be possible to put the RootFS in an encrypted image inside SquashFS and then mount that as your root?.... rather than placing it in a random place on the CD as it would save the effort of working that out?
That would be quite possible and was my original idea, however in my case it would create additional and unnecessary overhead.

I'll be copying the squashfs image to ram and mounting it from there, and having it encrypted while in ram is somewhat pointless, for me it makes more sense to decrypt it while I'm copying it in the first place, that way it'll only need to be decrypted once.

Unfortunately can't boot from usb, the old hardware I have in mind for this doesn't support it.

I could have a very barebones initramfs on a cd, boot that and have it copy the squashfs image to ram, however I don't think it's really worth the extra work.

I'm not questioning that guys desire for an encrypted livecd (which is what I'm after too, after all), just his use of the luks extensions rather than plain old cryptsetup...
_________________
"You have to invite me in"
Back to top
View user's profile Send private message
richard.scott
Veteran
Veteran


Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
PostPosted: Thu Feb 14, 2008 11:08 am    Post subject: Reply with quote
I'd forgotten that copying the image to ram before encrypting it would use up memory! doh! :oops:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy