View previous topic :: View next topic |
Author |
Message |
strm n00b
Joined: 26 Dec 2024 Posts: 6
|
Posted: Wed Jan 01, 2025 1:09 am Post subject: Encrypt disks at suspend to ram |
|
|
Hello everyone, I have a Gentoo box here with encrypted root and encrypted swap. Suspend to disk ("Hibernate") works and correctly asks for my decryption key on wake up.
However, I'd like to also encrypt the disks when suspending to ram, i. e. when the device wakes up, it should ask for the decryption key.
I know that there exists luksSuspend/luksResume and there are scripts out there like https://github.com/c6fc/ubuntu-lukssuspend.
My question is: Are there any recent solutions to this problem? The content that can be found on the web is rather old and probably needs porting etc.
Would appreciate any hints on this.
[Administrator edit: fixed implicit link. Forum auto-linking considers dots to be part of a URL, but the poster did not intend for a trailing dot to be included in the URL. -Hu] |
|
Back to top |
|
|
sublogic Apprentice
Joined: 21 Mar 2022 Posts: 297 Location: Pennsylvania, USA
|
Posted: Wed Jan 01, 2025 11:38 pm Post subject: Re: Encrypt disks at suspend to ram |
|
|
strm wrote: | However, I'd like to also encrypt the disks when suspending to ram, | It's always encrypted. Encryption and decryption is done on demand when you write or read through the cleartext block devices under /dev/dm-* . Quote: | i. e. when the device wakes up, it should ask for the decryption key. | I don't think that's possible, at least without a major redesign of the kernel. When you suspend, the RAM is kept live, including the LUKS volume key in the kernel keyring. When you resume, there is no need for a passphrase and your cleartext devices are immediately available. It also means that your data is present, if dormant, while suspended. You can trigger a screen locker on suspend, but that is much weaker protection.
If you want data protection at rest, you have to shut down or hibernate. |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 23017
|
Posted: Thu Jan 02, 2025 1:19 am Post subject: |
|
|
The cryptsetup luksSuspend command that OP referenced is documented to do part of this: freezing access to the device and removing the key from memory. The hard part is that if the suspended device is important (such as /, or /home), then the user program(s) that put the system into suspend need to arrange for themselves to remain functional while the device is frozen, and to get the key back and resume the device without relying on the frozen device. This is theoretically possible, but I wouldn't want to try to have a full working GUI with those limitations. I would switch to a text console, freeze the device, suspend the system, then resume the device and switch back to the graphical environment.
I am not aware of any turnkey solutions that can do what is requested. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9867 Location: almost Mile High in the USA
|
Posted: Thu Jan 02, 2025 2:59 am Post subject: |
|
|
Are there any windows solutions that do this?
I feel there's a lot of deadlock situations that could occur...imagine needing to pull code from the backing store, whether from swap or disk, in order to present the dialog box for the unlock key. Plus I suspect all apps need to be frozen while the key is being asked so the suspend unfreeze can't occur until after the disk is unlocked else they may try to access the disk and error, and who knows what the behavior of those apps would be if that happens...
The only possibility is if you leave rootfs unencrypted and only work in an encrypted container.
I'm just leaving my suspend as-is for now, if they have to pull the memory and do analysis to retrieve my key then that's what they have to do. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 23017
|
Posted: Thu Jan 02, 2025 3:07 am Post subject: |
|
|
From the manual: man cryptsetup-luksSuspend: | Suspends an active device (all IO operations will block and accesses to
the device will wait indefinitely) and wipes the encryption key from
kernel memory. Needs kernel 2.6.19 or later. | There is no risk of an application getting an error return from the device. Access to the device will simply hang until the resume is done. That is why the entire resume path needs to be independent of the suspended device. In turn, that is why I think using a GUI prompt would be very difficult on a full-disk encryption system. You would need the entire unlock path to be resident in a tmpfs or similar, so that there is no chance of it accessing the frozen backing device, and doing that for a well-integrated GUI system would be a pain. Doing that in a text console running from an initramfs-like environment would be easier. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9867 Location: almost Mile High in the USA
|
Posted: Thu Jan 02, 2025 3:39 am Post subject: |
|
|
shhh... no more systemd ideas...? _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
strm n00b
Joined: 26 Dec 2024 Posts: 6
|
Posted: Thu Jan 02, 2025 3:07 pm Post subject: |
|
|
Thx for the replies. To clarify: Doing suspend on console is fine with me. As far as I can tell, that is what the script I linked tries to do. I just wanted to make sure I am not reinventing the wheel when I try to make the script working again on a modern system. |
|
Back to top |
|
|
sublogic Apprentice
Joined: 21 Mar 2022 Posts: 297 Location: Pennsylvania, USA
|
Posted: Fri Jan 03, 2025 12:30 am Post subject: |
|
|
The link into github gave me a 404. There is a search box, typing 'lukssuspend' finds it.
Okay, it seems to do what @Hu described, but it is Ubuntu-specific. OP could use as a starting point but will have to modify it for Gentoo. May need to emerge sys-power/acpid and make sure it doesn't conflict with the desktop environment.
But, is it wise? The cryptsetup-lukssuspend man page points out that Quote: | While the luksSuspend operation wipes encryption keys from memory, it
does not remove possible plaintext data in various caches or in-kernel
metadata for mounted filesystems. |
|
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 23017
|
Posted: Fri Jan 03, 2025 1:11 am Post subject: |
|
|
Caches could be dropped separately, if that is a concern. Those caches also persist in the more common case where the LUKS device is not suspended, so even if they are allowed to linger, the LUKS-suspended case has stronger security properties than the common case. Whether those security properties are useful is dependent on the threat model.
The GitHub link being dead is because OP included a spurious dot in the URL. I will fix that with an administrative edit. |
|
Back to top |
|
|
strm n00b
Joined: 26 Dec 2024 Posts: 6
|
Posted: Fri Jan 03, 2025 8:23 pm Post subject: |
|
|
thx Hu. Also note: I think with an encrypted swap, caches should not be that much of a security issue. Also the security level I try to reach here is "a random notebook thief cannot access the data". It does not need to be NSA proof. |
|
Back to top |
|
|
zen_desu Tux's lil' helper
Joined: 25 Oct 2024 Posts: 104
|
Posted: Fri Jan 03, 2025 8:35 pm Post subject: |
|
|
If that's the case, I imagine plain disk encryption and it asking for a user password when it wakes up should be enough. _________________ µgRD dev
Wiki writer |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9867 Location: almost Mile High in the USA
|
Posted: Sat Jan 04, 2025 6:48 pm Post subject: |
|
|
Not sure what use model people are using. If just using echo mem >/sys/power/state then I see that upon resume you will be back at root prompt and this is no good. But if you're using a GUI+dbus and sending a suspend request through dbus, it should automatically lock your GUI session and without your root or current user password, or "NSA" techniques (like hot pulling your RAM to another machine, or hot reboot to custom OS) you should generally be safe leaving encryption keys in memory during suspend.
I suspect most notebook thieves are looking for low hanging fruit by selling the hardware and when seeing a useless linux install (compounded with FDE when their first pass attempt at getting around the password fails by power cycle/reboot) they'll reformat to windows and your data will be unrecoverable then... That is if you expect your thief to know you have sensitive, high value data on your computer, then you will have to consider NSA-proof techniques and possibly NSA-proof hardware too... _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
sublogic Apprentice
Joined: 21 Mar 2022 Posts: 297 Location: Pennsylvania, USA
|
Posted: Sun Jan 05, 2025 12:28 am Post subject: |
|
|
eccerr0r wrote: | Not sure what use model people are using. If just using echo mem >/sys/power/state then I see that upon resume you will be back at root prompt and this is no good. But if you're using a GUI+dbus and sending a suspend request through dbus, it should automatically lock your GUI session and without your root or current user password, or "NSA" techniques (like hot pulling your RAM to another machine, or hot reboot to custom OS) you should generally be safe leaving encryption keys in memory during suspend. | Yes, the threat model is key. Mine is loss or theft of my laptop. If it was hibernated to encrypted swap (LVM over LUKS), I think all the leak paths are plugged. The only cleartext is /efi , /boot and the Windows fragments in untouched sectors. They can have that. With nvme I can't revoke passphrases with the strict LUKS guarantees (cryptsetup FAQ 5.19) but I'm OK with that too. (I could use a detached header but that comes with a risk of loss.) Or if they know the wear leveling secret-sauce they can try forensics on filesystem allocation, but now we're approching NSA level and I'm not sure how much they can infer.
If it was only suspended to RAM with a GUI lock screen, I don't know, that seems a lot weaker. Even if lukssuspended and the caches dropped, I don't know what toeholds are exploitable. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9867 Location: almost Mile High in the USA
|
Posted: Sun Jan 05, 2025 11:10 am Post subject: |
|
|
Well, with the GUI lock screen, no password = no entry into the unlocked filesystem. At this point you either have to (hard, and maybe poweroff if you don't allow reboot in your GUI) reboot to custom OS (disabled by BIOS password) or extract the DIMM and hope it keeps its content without refresh (NSA level?) before it's placed in another machine for forensic analysis. Hopefully KASLR makes even that difficult. I think it's a reasonable compromise with easily available tools. Fortunately no windows on my FDE laptop, so only kernel, initramfs in the EFI partition.
From what it sounds your usage is similar to mine, I don't keep nuclear launch codes or top secret blueprints on my laptop. Maybe private keys for my VPN or ssh accounts. I can revoke those. Some http cookies may be an issue. So basically it's the hardware that's more valuable to me and the userspace GUI lock is sufficient.
A full shutdown is always an option too if need be... _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
strm n00b
Joined: 26 Dec 2024 Posts: 6
|
Posted: Sun Jan 05, 2025 11:19 pm Post subject: |
|
|
Thx for your thoughts guys! Really appreciate it. |
|
Back to top |
|
|
|