DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 14th October 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Thanked 0 Times in 0 Posts
Default Reliability concerns on full disk encryption

Hi all,

In case you're interested, since I'm new I've introduced myself in Misc > Off-topic. Bet let's get on topic with this thread


My goal:
Shortly: full disk encryption. In the occasion I need the encrypted data, then I'll mount it manually. No fancy stuff like booting off it and such. I'm also not considering a line in /etc/fstab and/or a credentials file.

My worry:
Currently I'm reading Absolute OpenBSD 2nd edition by Michael W Lucas and in his chapter that deals with filesystems, Michael does repeatedly say: "Don't come crying to me if you lost your data. I know you eventually will. Keep good backups!" and last but not least he also mentions about bioctl potentially ruining your entire disk. I want some data encrypted and I could live with one or two files being broken or lost but not all!

My question:
I'm looking for advice what the possible threats are except for the User layer (engraving your passphrase on your keyboard, not having backups and such). What about the software layer? How mature is the driver, will it eat up my entire disk if something goes wrong? What about the hardware layer? Bit rot, degrading/old harddisks that occasionaly might miss a few bits/bytes, sudden power failures, ... . To put it really shortly: what is the danger of encryption apart from human error?

Trying to be the perfect newbie I've done the following:
I've read through Michael's chapters regarding filesystems
I've read the manpages: bioctl(8), softraid(4), bio(4)
I've searched DF here and found a threat regarding disk encryption
I went search the official OpenBSD misc mailing list for encryption bioctl and found a guy having problems after a sudden power down.

Unfortunately I can't link to the former 2 since I'm disallowed to post URL's (<5 posts).

Yet after this reading and trying to understand the whole process as well as possible, I don't feel confident enough to trust my data to softraid encryption. So as said under My question: what is the danger of encryption apart from human error?

I doubt the relevancy in this matter but here is the dmesg output anyway:
Code:
$ dmesg
OpenBSD 5.3 (GENERIC.MP) #62: Tue Mar 12 18:21:20 MDT 2013
    deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8164786176 (7786MB)
avail mem = 7924944896 (7557MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9070 (52 entries)
bios0: vendor American Megatrends Inc. version "1202" date 04/13/2011
bios0: ASUSTeK Computer INC. E35M1-I DELUXE
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG HPET SSDT SSDT
acpi0: wakeup devices SBAZ(S4) PS2K(S4) PS2M(S4) UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) USB3(S4) UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) PE20(S4) PE21(S4) RLAN(S4) PE22(S4) PE23(S4) BR14(S4) PWRB(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD E-350 Processor, 1600.14 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache
cpu0: 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD E-350 Processor, 1599.94 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache
cpu1: 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 21, 24 pins
ioapic0: misconfigured as apic 3, remapped to apid 0
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 6 (PE20)
acpiprt2 at acpi0: bus 7 (PE21)
acpiprt3 at acpi0: bus 8 (PE22)
acpiprt4 at acpi0: bus 9 (PE23)
acpiprt5 at acpi0: bus -1 (BR15)
acpiprt6 at acpi0: bus -1 (PCE6)
acpiprt7 at acpi0: bus -1 (PCE7)
acpiprt8 at acpi0: bus -1 (PCE8)
acpiprt9 at acpi0: bus 1 (BR14)
acpicpu0 at acpi0: C2, PSS
acpicpu1 at acpi0: C2, PSS
acpibtn0 at acpi0: PWRB
cpu0: 1600 MHz: speeds: 1600 1280 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00
vga1 at pci0 dev 1 function 0 "ATI Radeon HD 6310" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 1 function 1 "ATI Radeon HD 6310 HD Audio" rev 0x00: msi
azalia0: no supported codecs
ppb0 at pci0 dev 4 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 vendor "PLX", unknown product 0x8604 rev 0xba
pci2 at ppb1 bus 2
ppb2 at pci2 dev 1 function 0 vendor "PLX", unknown product 0x8604 rev 0xba: msi
pci3 at ppb2 bus 3
ahci0 at pci3 dev 0 function 0 "Marvell 88SE9123 SATA" rev 0x11: msi, AHCI 1.0
scsibus0 at ahci0: 32 targets
ppb3 at pci2 dev 5 function 0 vendor "PLX", unknown product 0x8604 rev 0xba: msi
pci4 at ppb3 bus 4
ahci1 at pci4 dev 0 function 0 "Marvell 88SE9123 SATA" rev 0x11: msi, AHCI 1.0
scsibus1 at ahci1: 32 targets
ahci2 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 0 int 19, AHCI 1.2
scsibus2 at ahci2: 32 targets
sd0 at scsibus2 targ 0 lun 0: <ATA, FUJITSU MHW2080B, 891F> SCSI3 0/direct fixed naa.500000e04064ad79
sd0: 76319MB, 512 bytes/sector, 156301488 sectors
sd1 at scsibus2 targ 1 lun 0: <ATA, WDC WD5000BEVT-0, 01.0> SCSI3 0/direct fixed naa.50014ee6ab01fb3d
sd1: 476940MB, 512 bytes/sector, 976773168 sectors
sd2 at scsibus2 targ 2 lun 0: <ATA, SAMSUNG HD103UJ, 1AA0> SCSI3 0/direct fixed naa.50000f000b314563
sd2: 953869MB, 512 bytes/sector, 1953525168 sectors
cd0 at scsibus2 targ 3 lun 0: <ATAPI, iHAS122, ZL0C> ATAPI 5/cdrom removable
ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 0 int 18, version 1.0, legacy support
ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 0 int 17
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 19 function 0 "ATI SB700 USB" rev 0x00: apic 0 int 18, version 1.0, legacy support
ehci1 at pci0 dev 19 function 2 "ATI SB700 USB2" rev 0x00: apic 0 int 17
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "ATI EHCI root hub" rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 "ATI SBx00 SMBus" rev 0x42: polling
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600
spdmem1 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600
pciide0 at pci0 dev 20 function 1 "ATI SB700 IDE" rev 0x40: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD10EADS-65L5B1>
wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 6
azalia1 at pci0 dev 20 function 2 "ATI SBx00 HD Audio" rev 0x40: apic 0 int 16
azalia1: codecs: Realtek/0x0892
audio0 at azalia1
pcib0 at pci0 dev 20 function 3 "ATI SB700 ISA" rev 0x40
ppb4 at pci0 dev 20 function 4 "ATI SB600 PCI" rev 0x40
pci5 at ppb4 bus 5
ohci2 at pci0 dev 20 function 5 "ATI SB700 USB" rev 0x00: apic 0 int 18, version 1.0, legacy support
ppb5 at pci0 dev 21 function 0 "ATI SB800 PCIE" rev 0x00
pci6 at ppb5 bus 6
athn0 at pci6 dev 0 function 0 "Atheros AR9285" rev 0x01: apic 0 int 16
athn0: AR9285 rev 2 (1T1R), ROM rev 14, address e0:b9:a5:7e:f2:11
ppb6 at pci0 dev 21 function 1 "ATI SB800 PCIE" rev 0x00
pci7 at ppb6 bus 7
re0 at pci7 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), apic 0 int 17, address f4:6d:04:72:47:7c
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 4
ppb7 at pci0 dev 21 function 2 "ATI SB800 PCIE" rev 0x00
pci8 at ppb7 bus 8
"NEC xHCI" rev 0x03 at pci8 dev 0 function 0 not configured
ppb8 at pci0 dev 21 function 3 "ATI SB800 PCIE" rev 0x00
pci9 at ppb8 bus 9
"NEC xHCI" rev 0x03 at pci9 dev 0 function 0 not configured
ohci3 at pci0 dev 22 function 0 "ATI SB700 USB" rev 0x00: apic 0 int 18, version 1.0, legacy support
ehci2 at pci0 dev 22 function 2 "ATI SB700 USB2" rev 0x00: apic 0 int 17
usb2 at ehci2: USB revision 2.0
uhub2 at usb2 "ATI EHCI root hub" rev 2.00/1.00 addr 1
pchb1 at pci0 dev 24 function 0 "AMD AMD64 14h Link Cfg" rev 0x43
pchb2 at pci0 dev 24 function 1 "AMD AMD64 14h Address Map" rev 0x00
pchb3 at pci0 dev 24 function 2 "AMD AMD64 14h DRAM Cfg" rev 0x00
km0 at pci0 dev 24 function 3 "AMD AMD64 14h Misc Cfg" rev 0x00
pchb4 at pci0 dev 24 function 4 "AMD AMD64 14h CPU Power" rev 0x00
pchb5 at pci0 dev 24 function 5 "AMD AMD64 14h Reserved" rev 0x00
pchb6 at pci0 dev 24 function 6 "AMD AMD64 14h NB Power" rev 0x00
pchb7 at pci0 dev 24 function 7 "AMD AMD64 14h Reserved" rev 0x00
usb3 at ohci0: USB revision 1.0
uhub3 at usb3 "ATI OHCI root hub" rev 1.00/1.00 addr 1
usb4 at ohci1: USB revision 1.0
uhub4 at usb4 "ATI OHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb5 at ohci2: USB revision 1.0
uhub5 at usb5 "ATI OHCI root hub" rev 1.00/1.00 addr 1
usb6 at ohci3: USB revision 1.0
uhub6 at usb6 "ATI OHCI root hub" rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhidev0 at uhub4 port 1 configuration 1 interface 0 "Logitech Logitech USB Keyboard" rev 1.10/28.00 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub6 port 1 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 2
uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
ugen0 at uhub6 port 3 "Atheros Communications AR3011" rev 1.10/2.00 addr 3
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (b96c29bed200663d.a) swap on sd0b dump on sd0b

Last edited by virtuvoos; 14th October 2013 at 03:18 PM. Reason: formatting
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeNAS 8.3.1 introduces full disk ZFS encryption J65nko News 0 22nd March 2013 02:54 AM
Security concerns over new Thunderbolt I/O technology J65nko News 1 25th February 2011 09:39 PM
Hard disk reliability ephemera General Hardware 32 20th April 2010 10:17 AM
Security: Encryption: Disk Encryption eurovive Other BSD and UNIX/UNIX-like 17 6th March 2010 04:09 AM
Full disk encryption with Loop-AES deviant085 OpenBSD Security 9 23rd November 2009 12:51 AM


All times are GMT. The time now is 02:14 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick