updated

LDP/howto/docbook/Disk-Encryption-HOWTO.xml

@@ -15,9 +15,18 @@
       </affiliation>
     </author>
 
-    <pubdate>2003-12-18</pubdate>
+    <pubdate>2004-08-17</pubdate>
 
     <revhistory>
+      <revision>
+        <revnumber>1.4</revnumber>
+
+        <date>2004-08-17</date>
+
+        <authorinitials>DB</authorinitials>
+	<revremark>bug fixes, hints toward plausible deniability and dm-crypt</revremark>
+      </revision>
+
       <revision>
         <revnumber>1.3</revnumber>
 
@@ -73,7 +82,7 @@
     </abstract>
 
     <copyright>
-      <year>2003</year>
+      <year>2004</year>
 
       <holder>David Braun</holder>
     </copyright>
@@ -214,6 +223,10 @@
       url="http://www.tldp.org/mailinfo.html#maillists">The Linux
       Documentation Project mailing lists</ulink> who took the time to
       critique my writing and offer suggestions.</para>
+
+      <para>Thanks to alert readers Ladislao Bastetti and Norris Pouhovitch for
+      struggling through unusual hardware configurations, finding mistakes in
+      the HOWTO, and suggesting good ideas.</para>
     </sect2>
 
     <sect2 id="Feedback">
@@ -336,6 +349,19 @@
         being subpoenaed</ulink> and being told to hand over your laptop,
         keychain, and passphrase, you&#39;d better look at other solutions
         such as <ulink url="http://stegfs.sourceforge.net/">StegFS</ulink>.</para>
+
+        <para>The following solution to the deniability problem has been suggested by Norris Pouhovitch.
+        It should be possible to install a minimal Windows partition at the front
+        of the disk and to encrypt the remainder.  When the computer
+        is turned on without the keychain, it boots Windows normally.  When the
+        keychain is booted, it skips the Windows partition, decrypts the remainder of
+        the disk, and boots Linux.</para>
+
+        <para>The advantage of this scheme is that if the laptop is stolen and turned
+        on, it will look like what a casual attacker is expecting to see (a Windows
+        computer).  On the other hand, a serious attacker could notice the unusually
+        small partition and become suspicious.  I will flesh out this idea further in
+        a future version of the HOWTO.</para>
       </note>
 
       <table id="Attack_Tree">
@@ -606,18 +632,10 @@
     <sect2 id="LookingToTheFuture">
       <title>Looking to the Future</title>
 
-      <para>The method described here is specific to the 2.4 kernel for two
-      reasons: it doesn&#39;t have loopback encryption support built in and
-      there&#39;s no way to mount partitions within loopback devices. Both of
-      these will change in 2.6 so watch for changes to this HOWTO when
-      it&#39;s released. From what I&#39;ve read you&#39;ll probably be able
-      to use disks encrypted with today&#39;s method without requiring any
-      significant changes.</para>
+      <para>The method described here is specific to the 2.4 kernel.  Linux 2.6 includes a
+      new encryption infrastructure, called <ulink url="http://www.saout.de/misc/dm-crypt/">dm-crypt</ulink>, which makes the whole process simpler
+      and cleaner.  A future version of this HOWTO will explore the use of dm-crypt with Linux 2.6.</para>
 
-      <para>I chose the <ulink url="http://sourceforge.net/projects/loop-aes/">loop-AES</ulink>
-      patch to perform the encryption because it&#39;s <ulink
-      url="http://mail.nl.linux.org/linux-crypto/2003-07/msg00054.html">the
-      recommended solution for loopback encryption today</ulink>.</para>
     </sect2>
   </sect1>
 
@@ -845,8 +863,7 @@ means the initrd will have to stay mounted while the asset is mounted (not a big
         <para>Use <literal>ldd</literal> to find out which shared libraries are
           used by each program:</para>
 
-<blockquote><screen>
-<prompt>bash# </prompt><userinput>ldd /bin/{mount,sh,umount} /sbin/{losetup,pivot_root} /usr/sbin/chroot</userinput>
+<blockquote><screen><prompt>bash# </prompt><userinput>ldd /bin/{mount,sh,umount} /sbin/{losetup,pivot_root} /usr/sbin/chroot</userinput>
 <computeroutput>/bin/mount:
         libc.so.6 =&#62; /lib/libc.so.6 (0x40023000)
         /lib/ld-linux.so.2 =&#62; /lib/ld-linux.so.2 (0x40000000)
@@ -940,7 +957,7 @@ means the initrd will have to stay mounted while the asset is mounted (not a big
       <para>Again, initialize with random data.</para>
 
       <blockquote>
-        <screen><prompt>bash# </prompt><userinput>cd /tmp/keychain</userinput>
+        <screen><prompt>bash# </prompt><userinput>cd /tmp/initrd</userinput>
 <prompt>bash# </prompt><userinput>head -c 1m /dev/urandom &#62; keys</userinput></screen>
       </blockquote>
 
@@ -1163,10 +1180,16 @@ losetup -d /dev/loop1
 # Set up the root &#34;partition&#34; device.
 losetup -o $ROOT_OFFSET /dev/loop1 /dev/loop0
  
-# Mount the root file system.
-mount -n -t $ROOT_TYPE /dev/loop1 $MOUNT</programlisting>
+# Mount the root file system (read-only, so it can be checked with fsck).
+mount -n -r -t $ROOT_TYPE /dev/loop1 $MOUNT</programlisting>
       </figure>
 
+      <para>Make the script executable.</para>
+
+      <blockquote>
+        <screen><prompt>bash# </prompt><userinput>chmod +x decrypt.sh</userinput></screen>
+      </blockquote>
+
       <para>If you&#39;re encrypting only a file, skip to <xref
       linkend="TestingAndBackup" />. Otherwise, save the following boot
       script as <filename>linuxrc</filename> and place it in
@@ -1189,6 +1212,12 @@ shift 1
 exec chroot . /sbin/init $* &#60;dev/console &#62;dev/console 2&#62;&#38;1</programlisting>
       </figure>
 
+      <para>Make the script executable.</para>
+
+      <blockquote>
+        <screen><prompt>bash# </prompt><userinput>chmod +x linuxrc</userinput></screen>
+      </blockquote>
+
       <para>Okay, the keychain and asset are now ready. Unmount everything.</para>
 
       <blockquote>

LDP/howto/docbook/HOWTO-INDEX/adminSect.sgml

@@ -608,7 +608,7 @@ the 2.6 Linux kernel series. </Para>
 Disk-Encryption-HOWTO</ULink>,
 <CiteTitle>Disk Encryption HOWTO</CiteTitle>
 </Para><Para>
-<CiteTitle>Updated: Dec 2003</CiteTitle>.
+<CiteTitle>Updated: Aug 2004</CiteTitle>.
 A method is described for encrypting a hard disk,
 either in whole or in part, with the encryption key stored
 on an external medium for increased security. </Para>

LDP/howto/docbook/HOWTO-INDEX/howtoChap.sgml

@@ -1026,7 +1026,7 @@ Shows some typical scenarios for easy start using Diald.
 Disk-Encryption-HOWTO</ULink>,
 <CiteTitle>Disk Encryption HOWTO</CiteTitle>
 </Para><Para>
-<CiteTitle>Updated: Dec 2003</CiteTitle>.
+<CiteTitle>Updated: Aug 2004</CiteTitle>.
 A method is described for encrypting a hard disk, 
 either in whole or in part, with the encryption key stored
 on an external medium for increased security. </Para>

LDP/howto/docbook/HOWTO-INDEX/hwSect.sgml

@@ -791,7 +791,7 @@ and configuration information. </Para>
 Disk-Encryption-HOWTO</ULink>,
 <CiteTitle>Disk Encryption HOWTO</CiteTitle>
 </Para><Para>
-<CiteTitle>Updated: Dec 2003</CiteTitle>.
+<CiteTitle>Updated: Aug 2004</CiteTitle>.
 A method is described for encrypting a hard disk, 
 either in whole or in part, with the encryption key stored
 on an external medium for increased security. </Para>

LDP/howto/docbook/HOWTO-INDEX/osSect.sgml

@@ -802,7 +802,7 @@ the 2.6 Linux kernel series. </Para>
 Disk-Encryption-HOWTO</ULink>,
 <CiteTitle>Disk Encryption HOWTO</CiteTitle>
 </Para><Para>
-<CiteTitle>Updated: Dec 2003</CiteTitle>.
+<CiteTitle>Updated: Aug 2004</CiteTitle>.
 A method is described for encrypting a hard disk, 
 either in whole or in part, with the encryption key stored
 on an external medium for increased security. </Para>