| 1 |
On Tue, Jun 03, 2014 at 10:53:15PM +0300, Matti Nykyri wrote: |
| 2 |
> On Jun 4, 2014, at 0:05, "J. Roeleveld" <joost@××××××××.org> wrote: |
| 3 |
> |
| 4 |
> > On Tuesday, June 03, 2014 09:53:58 PM Matti Nykyri wrote: |
| 5 |
> >> On Jun 2, 2014, at 18:29, "J. Roeleveld" <joost@××××××××.org> wrote: |
| 6 |
> >>> I actually meant the software side: |
| 7 |
> >>> - How to wipe the keys and then wipe the whole memory. |
| 8 |
> >> |
| 9 |
> >> The dm-crypt module inside kernel provides a crypt_wipe_key function that |
| 10 |
> >> wipes the memory portion that holds the key. It also invalidates the key, |
| 11 |
> >> so that no further writes to the drive can occur. Suspending the device |
| 12 |
> >> prior is recommended: |
| 13 |
> >> |
| 14 |
> >> dmsetup suspend /dev/to-device |
| 15 |
> >> dmsetup message /dev/to-device 0 key wipe |
| 16 |
> > |
| 17 |
> > Thank you for this, wasn't aware of those yet. |
| 18 |
> > Does this also work with LUKS encrypted devices? |
| 19 |
> |
| 20 |
> Yes. |
| 21 |
> |
| 22 |
> Well LUKS is just a binary header that contains all the necessary setups for a secure disk encryption. If you don't use LUKS you must do all the steps it does by your self. From kernel point of view it does not see LUKS at all. When cryptsetup setups a LUKS drive in device-mapper it gives it only the portion of the drive behind the LUKS-header. LUKS is just a good way of storing your setup (cipher, master key etc...). There is a really good article about LUKS, but i failed to find it now. |
| 23 |
|
| 24 |
Begin by reading these: |
| 25 |
|
| 26 |
tomb.dyne.org/Luks_on_disk_format.pdf |
| 27 |
http://clemens.endorphin.org/TKS1-draft.pdf |
| 28 |
http://clemens.endorphin.org/nmihde/nmihde-A4-os.pdf |
| 29 |
|
| 30 |
These contain very good info about LUKS and disk encryption. The last one is probably a bit ruff one. |
| 31 |
|
| 32 |
http://clemens.endorphin.org/cryptography - a good one. |
| 33 |
|
| 34 |
I strongly suggest to dig into disk encryption before implementing it! |
| 35 |
|
| 36 |
> >> When you boot into your kernel you can setup a crash kernel inside your |
| 37 |
> >> memory. The running kernel will not touch this area so you can be certain |
| 38 |
> >> that there is no confidential data inside. Then you just wipe the area of |
| 39 |
> >> the memory of the original kernel after you have executed your crash |
| 40 |
> >> kernel. |
| 41 |
> >> |
| 42 |
> >> So I do this by opening /dev/mem in the crash kernel and then mmap every |
| 43 |
> >> page you need to wipe. I use the memset to wipe the page. Begin from |
| 44 |
> >> physical address where your original kernel is located and walk the way up. |
| 45 |
> >> Skip the portion where you crash kernel is! Crash kernel location is in |
| 46 |
> >> your kernel cmdline and the location of the original kernel in your kernel |
| 47 |
> >> config. |
| 48 |
> > |
| 49 |
> > Hmm.. this goes beyond me. Will need to google on this to see if I can find |
| 50 |
> > some more. Unless you know a good starting URL? |
| 51 |
> |
| 52 |
> Didn't find a good one either. Will continue searching. |
| 53 |
|
| 54 |
Here are few pages: |
| 55 |
|
| 56 |
http://naveengopala-embeddedlinux.blogspot.fi/2012/01/reading-physical-mapped-memory-using.html |
| 57 |
http://stackoverflow.com/questions/647783/direct-memory-access-in-linux |
| 58 |
|
| 59 |
and mmap man-page for sure... |
| 60 |
|
| 61 |
It is really straight forward... just mmap the page you want and erase it. You will just need to know what addresses to mmap and what not. Do it one page at a time and always align. |
| 62 |
|
| 63 |
The memory should not contain very sensitive data on how to access your disks if you wipe the keys. |
| 64 |
|
| 65 |
> There are many ways to do it though. Through the kernel or just write your own program that runs all by it self... Like memtest86. In its source there is everything you need to wipe the memory. But that is more advanced then doing it via kernel interface in my opinion.. |
| 66 |
> |
| 67 |
> >>> I would keep the system controlling all that off the internet with only a |
| 68 |
> >>> null-modem cable to an internet-connected server using a custom protocol. |
| 69 |
> >>> |
| 70 |
> >>> Anything that doesn't match the protocol initiates a full lock-down of the |
| 71 |
> >>> house. ;) |
| 72 |
> >> |
| 73 |
> >> But it is much more convenient to control everything from you phone via |
| 74 |
> >> internet. Just have everything setup in a secure manner. Anyways it's |
| 75 |
> >> easier for a common burglar to break the window then to hack the server! |
| 76 |
> >> And you can not steal the stereos by hacking the server ;) |
| 77 |
> > |
| 78 |
> > Perhaps, but I would have added security shutters to all the windows and doors |
| 79 |
> > which are also controlled by the same system. Smashing a window wouldn't help |
| 80 |
> > there. |
| 81 |
> > Especially if the only way to open those is by getting the server (which by |
| 82 |
> > then went into a full lock-down) to open them... |
| 83 |
> > Now only to add a halo fire suppression system to the server room and all you |
| 84 |
> > need to do is find a way to dispose of the mess.... ;) |
| 85 |
> |
| 86 |
> Lol. |
| 87 |
> |
| 88 |
> -M |
| 89 |
|
| 90 |
-- |
| 91 |
-Matti |
Archives