DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th October 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Thanked 0 Times in 0 Posts
Default Reliability concerns on full disk encryption

Hi all,

In case you're interested, since I'm new I've introduced myself in Misc > Off-topic. Bet let's get on topic with this thread


My goal:
Shortly: full disk encryption. In the occasion I need the encrypted data, then I'll mount it manually. No fancy stuff like booting off it and such. I'm also not considering a line in /etc/fstab and/or a credentials file.

My worry:
Currently I'm reading Absolute OpenBSD 2nd edition by Michael W Lucas and in his chapter that deals with filesystems, Michael does repeatedly say: "Don't come crying to me if you lost your data. I know you eventually will. Keep good backups!" and last but not least he also mentions about bioctl potentially ruining your entire disk. I want some data encrypted and I could live with one or two files being broken or lost but not all!

My question:
I'm looking for advice what the possible threats are except for the User layer (engraving your passphrase on your keyboard, not having backups and such). What about the software layer? How mature is the driver, will it eat up my entire disk if something goes wrong? What about the hardware layer? Bit rot, degrading/old harddisks that occasionaly might miss a few bits/bytes, sudden power failures, ... . To put it really shortly: what is the danger of encryption apart from human error?

Trying to be the perfect newbie I've done the following:
I've read through Michael's chapters regarding filesystems
I've read the manpages: bioctl(8), softraid(4), bio(4)
I've searched DF here and found a threat regarding disk encryption
I went search the official OpenBSD misc mailing list for encryption bioctl and found a guy having problems after a sudden power down.

Unfortunately I can't link to the former 2 since I'm disallowed to post URL's (<5 posts).

Yet after this reading and trying to understand the whole process as well as possible, I don't feel confident enough to trust my data to softraid encryption. So as said under My question: what is the danger of encryption apart from human error?

I doubt the relevancy in this matter but here is the dmesg output anyway:
Code:
$ dmesg
OpenBSD 5.3 (GENERIC.MP) #62: Tue Mar 12 18:21:20 MDT 2013
    deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8164786176 (7786MB)
avail mem = 7924944896 (7557MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9070 (52 entries)
bios0: vendor American Megatrends Inc. version "1202" date 04/13/2011
bios0: ASUSTeK Computer INC. E35M1-I DELUXE
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG HPET SSDT SSDT
acpi0: wakeup devices SBAZ(S4) PS2K(S4) PS2M(S4) UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) USB3(S4) UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) PE20(S4) PE21(S4) RLAN(S4) PE22(S4) PE23(S4) BR14(S4) PWRB(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD E-350 Processor, 1600.14 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache
cpu0: 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD E-350 Processor, 1599.94 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache
cpu1: 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 21, 24 pins
ioapic0: misconfigured as apic 3, remapped to apid 0
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 6 (PE20)
acpiprt2 at acpi0: bus 7 (PE21)
acpiprt3 at acpi0: bus 8 (PE22)
acpiprt4 at acpi0: bus 9 (PE23)
acpiprt5 at acpi0: bus -1 (BR15)
acpiprt6 at acpi0: bus -1 (PCE6)
acpiprt7 at acpi0: bus -1 (PCE7)
acpiprt8 at acpi0: bus -1 (PCE8)
acpiprt9 at acpi0: bus 1 (BR14)
acpicpu0 at acpi0: C2, PSS
acpicpu1 at acpi0: C2, PSS
acpibtn0 at acpi0: PWRB
cpu0: 1600 MHz: speeds: 1600 1280 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00
vga1 at pci0 dev 1 function 0 "ATI Radeon HD 6310" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 1 function 1 "ATI Radeon HD 6310 HD Audio" rev 0x00: msi
azalia0: no supported codecs
ppb0 at pci0 dev 4 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 vendor "PLX", unknown product 0x8604 rev 0xba
pci2 at ppb1 bus 2
ppb2 at pci2 dev 1 function 0 vendor "PLX", unknown product 0x8604 rev 0xba: msi
pci3 at ppb2 bus 3
ahci0 at pci3 dev 0 function 0 "Marvell 88SE9123 SATA" rev 0x11: msi, AHCI 1.0
scsibus0 at ahci0: 32 targets
ppb3 at pci2 dev 5 function 0 vendor "PLX", unknown product 0x8604 rev 0xba: msi
pci4 at ppb3 bus 4
ahci1 at pci4 dev 0 function 0 "Marvell 88SE9123 SATA" rev 0x11: msi, AHCI 1.0
scsibus1 at ahci1: 32 targets
ahci2 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 0 int 19, AHCI 1.2
scsibus2 at ahci2: 32 targets
sd0 at scsibus2 targ 0 lun 0: <ATA, FUJITSU MHW2080B, 891F> SCSI3 0/direct fixed naa.500000e04064ad79
sd0: 76319MB, 512 bytes/sector, 156301488 sectors
sd1 at scsibus2 targ 1 lun 0: <ATA, WDC WD5000BEVT-0, 01.0> SCSI3 0/direct fixed naa.50014ee6ab01fb3d
sd1: 476940MB, 512 bytes/sector, 976773168 sectors
sd2 at scsibus2 targ 2 lun 0: <ATA, SAMSUNG HD103UJ, 1AA0> SCSI3 0/direct fixed naa.50000f000b314563
sd2: 953869MB, 512 bytes/sector, 1953525168 sectors
cd0 at scsibus2 targ 3 lun 0: <ATAPI, iHAS122, ZL0C> ATAPI 5/cdrom removable
ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 0 int 18, version 1.0, legacy support
ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 0 int 17
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 19 function 0 "ATI SB700 USB" rev 0x00: apic 0 int 18, version 1.0, legacy support
ehci1 at pci0 dev 19 function 2 "ATI SB700 USB2" rev 0x00: apic 0 int 17
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "ATI EHCI root hub" rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 "ATI SBx00 SMBus" rev 0x42: polling
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600
spdmem1 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600
pciide0 at pci0 dev 20 function 1 "ATI SB700 IDE" rev 0x40: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD10EADS-65L5B1>
wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 6
azalia1 at pci0 dev 20 function 2 "ATI SBx00 HD Audio" rev 0x40: apic 0 int 16
azalia1: codecs: Realtek/0x0892
audio0 at azalia1
pcib0 at pci0 dev 20 function 3 "ATI SB700 ISA" rev 0x40
ppb4 at pci0 dev 20 function 4 "ATI SB600 PCI" rev 0x40
pci5 at ppb4 bus 5
ohci2 at pci0 dev 20 function 5 "ATI SB700 USB" rev 0x00: apic 0 int 18, version 1.0, legacy support
ppb5 at pci0 dev 21 function 0 "ATI SB800 PCIE" rev 0x00
pci6 at ppb5 bus 6
athn0 at pci6 dev 0 function 0 "Atheros AR9285" rev 0x01: apic 0 int 16
athn0: AR9285 rev 2 (1T1R), ROM rev 14, address e0:b9:a5:7e:f2:11
ppb6 at pci0 dev 21 function 1 "ATI SB800 PCIE" rev 0x00
pci7 at ppb6 bus 7
re0 at pci7 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), apic 0 int 17, address f4:6d:04:72:47:7c
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 4
ppb7 at pci0 dev 21 function 2 "ATI SB800 PCIE" rev 0x00
pci8 at ppb7 bus 8
"NEC xHCI" rev 0x03 at pci8 dev 0 function 0 not configured
ppb8 at pci0 dev 21 function 3 "ATI SB800 PCIE" rev 0x00
pci9 at ppb8 bus 9
"NEC xHCI" rev 0x03 at pci9 dev 0 function 0 not configured
ohci3 at pci0 dev 22 function 0 "ATI SB700 USB" rev 0x00: apic 0 int 18, version 1.0, legacy support
ehci2 at pci0 dev 22 function 2 "ATI SB700 USB2" rev 0x00: apic 0 int 17
usb2 at ehci2: USB revision 2.0
uhub2 at usb2 "ATI EHCI root hub" rev 2.00/1.00 addr 1
pchb1 at pci0 dev 24 function 0 "AMD AMD64 14h Link Cfg" rev 0x43
pchb2 at pci0 dev 24 function 1 "AMD AMD64 14h Address Map" rev 0x00
pchb3 at pci0 dev 24 function 2 "AMD AMD64 14h DRAM Cfg" rev 0x00
km0 at pci0 dev 24 function 3 "AMD AMD64 14h Misc Cfg" rev 0x00
pchb4 at pci0 dev 24 function 4 "AMD AMD64 14h CPU Power" rev 0x00
pchb5 at pci0 dev 24 function 5 "AMD AMD64 14h Reserved" rev 0x00
pchb6 at pci0 dev 24 function 6 "AMD AMD64 14h NB Power" rev 0x00
pchb7 at pci0 dev 24 function 7 "AMD AMD64 14h Reserved" rev 0x00
usb3 at ohci0: USB revision 1.0
uhub3 at usb3 "ATI OHCI root hub" rev 1.00/1.00 addr 1
usb4 at ohci1: USB revision 1.0
uhub4 at usb4 "ATI OHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb5 at ohci2: USB revision 1.0
uhub5 at usb5 "ATI OHCI root hub" rev 1.00/1.00 addr 1
usb6 at ohci3: USB revision 1.0
uhub6 at usb6 "ATI OHCI root hub" rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhidev0 at uhub4 port 1 configuration 1 interface 0 "Logitech Logitech USB Keyboard" rev 1.10/28.00 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub6 port 1 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 2
uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
ugen0 at uhub6 port 3 "Atheros Communications AR3011" rev 1.10/2.00 addr 3
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (b96c29bed200663d.a) swap on sd0b dump on sd0b

Last edited by virtuvoos; 14th October 2013 at 03:18 PM. Reason: formatting
Reply With Quote
  #2   (View Single Post)  
Old 14th October 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

Hello, and welcome!
Quote:
Originally Posted by virtuvoos View Post
(My goal is) ...full disk encryption. In the occasion I need the encrypted data, then I'll mount it manually. No fancy stuff like booting off it and such...
There's nothing special about this requirement -- it could be a "full disk" or it could be a partition -- the use will be exactly the same operationally, only the size of the encrypted partition would be different.
Quote:
...Michael does repeatedly say: "Don't come crying to me if you lost your data. I know you eventually will. Keep good backups!" and last but not least he also mentions about bioctl potentially ruining your entire disk.
These are two separate issues. Let's start with filesystems: the most common reason for loss of data at rest (e.g. in a filesystem) is human error. The next most common reason is device failure. They're both very, very common. After those two, in a distant third place, are software problems.

This holds true with encrypted data. The same three causes for data loss -- human, hardware, and software -- apply. There may be more opportunities for human error, as you're adding a configuration layer. There is a minor opportunity for software error, though

Over the years since its incept, softraid(4) has had changes to stored metadata which , when we upgraded, required us to backup - recreate - restore softraid entities. I expect that to continue, as development is not complete for all disciplines.

You should back up your encrypted data -- whether your backup is a copy of the ciphered data or whether you back it up as planitext data will be dependent on your needs. In my case, I encrypt the /home partition on my netbook; its backups are stored in plaintext on another system that does not travel. My threat model for that data is loss/theft of the device when it is out of my home.
Quote:
I want some data encrypted and I could live with one or two files being broken or lost but not all!
properly configured and managed (including backups) you should be able to eliminate this risk, whether you encrypt data at rest or not.
Quote:
What about the software layer? How mature is the driver, will it eat up my entire disk if something goes wrong?
I consider the crypto discipline fairly mature, and I've been using it in production for at least four years. It was the second discipline added to softraid, in May 2007.
Quote:
What about the hardware layer? Bit rot, degrading/old harddisks that occasionaly might miss a few bits/bytes, sudden power failures, ... . To put it really shortly: what is the danger of encryption apart from human error?
Hardware failure is hardware failure. All drives fail, eventually. This is why we take backups. The difference, though, is that a partial failure -- sector losses, for example -- may have a much bigger impact on an encrypted filesystem. I've had drive failures with softraid RAID1 arrays and continued operation, as expected. I've not experienced a drive failure with the crypto discipline.

If you have the resources, you can use the crypto discipline atop an array created with the RAID1 discipline. This should mitigate hardware failure issues. However, the order you do things in is important, when you are nesting softraid disciplines. See this misc@ thread for details.

I've never had a problem with the encrypted /home partition on the netbook.
Reply With Quote
  #3   (View Single Post)  
Old 15th October 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Thanked 0 Times in 0 Posts
Default

Hi Jggimi. Your post is more than I could have hoped for, thanks!


Quote:
Originally Posted by jggimi View Post
This holds true with encrypted data. The same three causes for data loss -- human, hardware, and software -- apply. There may be more opportunities for human error, as you're adding a configuration layer. There is a minor opportunity for software error, though
Makes perfect sense! I'm going for a full disk encryption to keep it simple and avoid the most possible human errors. If I share my encrypted data with the root (/) directory I can't just plug it out and move it to another box for example.

Quote:
Originally Posted by jggimi View Post
Over the years since its incept, softraid(4) has had changes to stored metadata which , when we upgraded, required us to backup - recreate - restore softraid entities. I expect that to continue, as development is not complete for all disciplines.
I especially appreciate this piece of advice! I was going to backup anyway but this might change it to a certain extent!

Quote:
Originally Posted by jggimi View Post
I consider the crypto discipline fairly mature, and I've been using it in production for at least four years. It was the second discipline added to softraid, in May 2007.
Good seems to be more than stable enough for what I need. The book gave me the impression that the encryption was more less experimental.

Quote:
Originally Posted by jggimi View Post
If you have the resources, you can use the crypto discipline atop an array created with the RAID1 discipline.
Might be a good thing to think about. I've read the thread you linked to. Seems like human error and configuration are the most vulnerable things indeed. I'll see what I'm most comfortable with, a backup solution or RAID one with a backup solution.
Reply With Quote
  #4   (View Single Post)  
Old 15th October 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by virtuvoos View Post
The book gave me the impression that the encryption was more less experimental.
From my perspective, RAID 4/5 are incomplete -- there is no scrub and recovery is manual (backup/rebuild/restore). The other disciplines are quite complete. See the CAVEATS section of the softraid(4) man page.
Reply With Quote
  #5   (View Single Post)  
Old 31st October 2013
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 733
Thanked 36 Times in 32 Posts
Default

Quote:
Originally Posted by virtuvoos View Post
The book gave me the impression that the encryption was more less experimental.
I just got back from the work and do not feel like reading through Michael's book right now but I can assure you that there is nothing experimental about full disk encryption on OpenBSD

Last edited by Oko; 1st November 2013 at 12:07 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeNAS 8.3.1 introduces full disk ZFS encryption J65nko News 0 22nd March 2013 02:54 AM
Security concerns over new Thunderbolt I/O technology J65nko News 1 25th February 2011 09:39 PM
Hard disk reliability ephemera General Hardware 32 20th April 2010 10:17 AM
Security: Encryption: Disk Encryption eurovive Other BSD and UNIX/UNIX-like 17 6th March 2010 04:09 AM
Full disk encryption with Loop-AES deviant085 OpenBSD Security 9 23rd November 2009 12:51 AM


All times are GMT. The time now is 02:31 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick