ZFS How to use Geli without type passphrase

N

napotila

I've follow this below link, but until now i can't setup my FreeBSD VM geli without type the passphrase.

https://forums.freebsd.org/threads/37570/
https://www.freebsd.org/cgi/man.cgi?query=geli
https://lists.freebsd.org/pipermail/freebsd-geom/2012-June/005324.html
https://forums.freebsd.org/threads/58634/
https://www.freebsd.org/doc/handbook/disks-encrypting.html
https://forums.freebsd.org/threads/40317/
https://lists.gnu.org/archive/html/grub-devel/2014-12/msg00047.html
https://github.com/trueos/freebsd/c...f0b685d#diff-f7afdd86e797e7af58bf47f5ce27076b
https://github.com/freebsd/freebsd/commit/bdb0ac02b9fd8f331fa70c8a4c29495b7ee43293
https://reviews.freebsd.org/D2105
https://svnweb.freebsd.org/base/head/sys/geom/eli/g_eli.c?view=log&pathrev=273489
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208251
https://www.openattic.org/posts/unlock-geli-ecrypted-zfs-volume-freenas/
https://serverfault.com/questions/848114/mount-freebsd-encrypted-zfs-from-live-cd-and find-the-root-partition
https://lists.freebsd.org/pipermail/freebsd-current/2015-April/055345.html

Help me how can i setup geli encryptor without type the passphrase....
Thanks for the Advice
 

Attachments

  • geli.jpg
    geli.jpg
    78.8 KB · Views: 832
The encryption is going to be pretty useless if the data can be decrypted without a password.
 
// CREATE
# geli init -e AES-XTS -l 256 -s 4096 -J newpassfile -K newkeyfile /dev/DEVICE

// ATTACH
# geli attach -j newpassfile -k newkeyfile /dev/DEVICE
 
SirDice said:
The encryption is going to be pretty useless if the data can be decrypted without a password.
Click to expand...
I mean, user just only access web content, not for login to FreeBSD OS. There is no user to access the VM and root password never give to user.

Sorry for my English...
 
Encrypting the disk is only useful if the disk is stolen. It doesn't protect anything if the server is up and running. If you can decrypt this disk without using any password the encryption is basically useless.
 
SirDice said:
Encrypting the disk is only useful if the disk is stolen. It doesn't protect anything if the server is up and running. If you can decrypt this disk without using any password the encryption is basically useless.
Click to expand...

Actually, my VM has been encrypted by geli passphrase, But this setup can be changed by using keyfile to continue booting proccess without passprase.
The question is "how to setup keyfile" I has been following the documentation and others tutorial...but unsuccess...:(
 
napotila said:
But this setup can be changed by using keyfile to continue booting proccess without passprase.
Click to expand...
This begs the question, where's the keyfile stored? If it's stored on the same disk the encryption is useless since I can decrypt the disk with the keyfile that's on that same disk.
 
Dear Napotila: What we have here is a "XY problem". You are asking us questions about the detail of the solution you are trying. We can not give you a good answer to that question (other than what SirDice and the others have already said above), without understanding what your problem is. Your proposed solution (while-disk encryption without a passphrase) makes no sense, in a vacuum of knowledge.

Please describe your problem to us. For example: "I have a server that is installed in a location in hostile territory, and I can't provide physical or network security. I need to run a FreeBSD VM on that server. I want the disk that stores the user data for that VM to be protected against physically being stolen by adversaries, and my data read. I am not worried about someone hacking into the server while it is running, since the people in that location are too stupid to use computers. But I worry about them carrying the server to their leader, who knows how to start the server in single-user mode and try to steal my data. I am not willing to log in to the server when it boots to enter a passphrase, so the machine has to boot automatically." That would be a good explanation of your real problem (obviously I made up crazy facts here). Once we understand what you are trying to do, we may be able to help you. It is quite possible that our help is simply going to be: what you want can not be accomplished, either not at all, or not this way.
 
SirDice said:
This begs the question, where's the keyfile stored? If it's stored on the same disk the encryption is useless since I can decrypt the disk with the keyfile that's on that same disk.
Click to expand...
Hi SirDice....
I see it...
perhap the keyfile auto randomized on the same storage, looklike auto generate OTP (one time password)
So that the end power security of my VM is...only root password.
Is it possible?

(notes:Sorry for my english)
 
ralphbsz said:
Dear Napotila: What we have here is a "XY problem". You are asking us questions about the detail of the solution you are trying. We can not give you a good answer to that question (other than what SirDice and the others have already said above), without understanding what your problem is. Your proposed solution (while-disk encryption without a passphrase) makes no sense, in a vacuum of knowledge.

Please describe your problem to us. For example: "I have a server that is installed in a location in hostile territory, and I can't provide physical or network security. I need to run a FreeBSD VM on that server. I want the disk that stores the user data for that VM to be protected against physically being stolen by adversaries, and my data read. I am not worried about someone hacking into the server while it is running, since the people in that location are too stupid to use computers. But I worry about them carrying the server to their leader, who knows how to start the server in single-user mode and try to steal my data. I am not willing to log in to the server when it boots to enter a passphrase, so the machine has to boot automatically." That would be a good explanation of your real problem (obviously I made up crazy facts here). Once we understand what you are trying to do, we may be able to help you. It is quite possible that our help is simply going to be: what you want can not be accomplished, either not at all, or not this way.
Click to expand...

Maybe the main problem is how to describe my hope for my problem...:)
Yeah....My English language skill too Bad...:)
Thanks in Advance for all respect to my This Post
 
SirDice said:
The encryption is going to be pretty useless if the data can be decrypted without a password.
Click to expand...
I know, But how can we encrypt it with password, without entering passphrase in booting OS??? can we inject passphrase as a file in config files ( such as loader.conf)?? I mean, I want to encrypt partitions with password without entering passphrase every time when os is booting ;-)
 
if someone has physical access to appliance who can move the appliance 's hard drive to another system (computer with Windows os) to view and does everything.
I want to protect it in this case.
 
First of all please keep in mind that you're responding to a thread which is already a few months old. In those cases it's often a better idea to start a new thread.

harika1258 said:
I know, But how can we encrypt it with password, without entering passphrase in booting OS??? can we inject passphrase as a file in config files ( such as loader.conf)??
Click to expand...
Well, the OP provided a list of links which explain this process in more detail. Have you checked those yet? I personally recommend Chapter 17.2 of the handbook.

That will refer you to geli(8) which in its case can utilize both a keyfile and a passfile.

However, doing so will also totally nullify any advantages which the encryption might have given you and it's therefor probably best avoided.
 
ShelLuser said:
First of all please keep in mind that you're responding to a thread which is already a few months old. In those cases it's often a better idea to start a new thread.


Well, the OP provided a list of links which explain this process in more detail. Have you checked those yet? I personally recommend Chapter 17.2 of the handbook.

That will refer you to geli(8) which in its case can utilize both a keyfile and a passfile.

However, doing so will also totally nullify any advantages which the encryption might have given you and it's therefor probably best avoided.
Click to expand...
Thank you so much for replying, Of course I did this instruction that is recommended it by you, unfortunately we still have to enter passphrase in booting time ;-(
 
OK maybe I'm missing some key (oops; pardon the pun) element here. But seems to me, while a passphrase is all well, and good. What if you're in an office, or something. Where it's trivial for others to see what you're doing. It can also said to be cumbersome -- even tho said to be the price of security. What I'm getting at here, is; wouldn't it be both more convenient, and perhaps even more secure. If you had, and used a keyfile; say on a thumb drive. Requiring you to insert the thumb drive, in order to decrypt, and boot your system?
I think this is what the OP was trying to ask. Seems reasonable to me.

--Chris
 
The thing is: you have to think through the possible attack. In this particular case, we need to think about "multi factor authentication". Typically today reasonably secure machines (like laptops used by banks or major corporations) use 2-factor authentication: to get in, you need to have two things. Typically it is one thing you know (the password, which you have to type in), and one thing you have (like a fingerprint reader, badge reader, USB-connected authentication dongle, or a RSA keyfob that displays secret numbers). What folks here seem to be requesting is zero-factor authentication, which simply makes no sense: It is no longer "authentication" if the system opens it doors, independent of whether the user is legitimate or an attacker. As Chris_H correctly points out, different authentication factors have different security: for example, if you type a password while sitting in the open, someone can see your fingers moving and figure out what you typed; or for example, someone could hit you over the head and take your USB authentication away (or worse, take your fingerprint away, which would really hurt). They also have different convenience: having to type your password every time is a big hassle; and I've seen way too many people have to walk over to the tech support office because they forgot their authentication device at home. We tolerate that risk and inconvenience, for the sake of keeping our data more safe.

So let's talk about the concrete case of an encrypted geli partition:

Example 1: You have a single disk. You use a non-encrypted root file system, which allows the OS to come up. You also have a second encrypted partition, containing data that needs to be secured. On the root file system is a small file, for example in /etc, which contains the geli decryption key (or passphrase or password) in clear text. In the /etc/rc.local script is a command to automatically decrypt the secure file system on every boot. This setup is COMPLETELY INSECURE: anyone who can log in to the machine (or in general, run a process on it) can also get to the "secure" data. Anyone who physically takes that one disk and steals it can read the file that contains the password, and manually decrypt the second partition. Whoever set this up is either a fool or a criminal: they got no security at all, in spite of using encryption. They are either deceiving themselves into believing the system is secure (that would be foolish), or misleading their boss (that would be criminal).

Example 2: Same disk with two partitions (root partition in clear, secure partition encrypted), except the decryption key is not stored on the system at all. Instead, after boot a person needs to walk up to the system, plug in a small USB memory stick that contains the key, wait a second or two for some script that has been waiting in the background to read the key and unlock the secure partition, and then remove the key again and put it back in his pocket. This is reasonably secure, although it relies on having only a single factor: if someone hits the sysadmin over the head and takes the key from his pocket, security has been breached.

Example 2a and 2b: Same as example 2, except that this time the sys admin has to provide the key by typing in a password or passphrase, or by providing *both* the USB stick and the password. This is more secure, in particular when using 2-factor authentication.

Example 3: Same disk with two partitions, but now the machine's server hardware itself is reasonably trusted. For example, it has a device on the motherboard which is an immutable serial number that's cryptographically secure (that's called a TPM in the business), and it has a switch that detects when the case has been opened (to guard against someone inserting something like a spying PCIe card, which snoops on the bus). When the system boots, it contacts a key server, presenting its cryptographically secure serial number, and asserting that the hardware has not been tampered with (the case has not been opened). When the key server receives this message (in the correct form and with the correct data), it sends the decryption key over the network (in a suitably secure manner, with the help of Diffie-Hellman that's doable), and the machine unlocks the second partition. The key server itself is physically highly secure, for example installed in a special rack in the data center, which is placed inside a strong steel case with locked doors, and bolted to the concrete floor. Again, this system is reasonably secure, and it needs no USB stick and no password. However, to get to this convenience, the administrator had to install a highly secure key server, and implement a TPM, trusted network protocols, and all that stuff. This is how really secure cluster computing is done (using self-encrypting disks).

What the original posters seem to want is the really secure system, with the convenience of the high-end key management solution, but without the cost. Sorry, you can't have that. TANSTAAFL.
 
ralphbsz said:
The thing is: you have to think through the possible attack. In this particular case, we need to think about "multi factor authentication". Typically today reasonably secure machines (like laptops used by banks or major corporations) use 2-factor authentication: to get in, you need to have two things. Typically it is one thing you know (the password, which you have to type in), and one thing you have (like a fingerprint reader, badge reader, USB-connected authentication dongle, or a RSA keyfob that displays secret numbers). What folks here seem to be requesting is zero-factor authentication, which simply makes no sense: It is no longer "authentication" if the system opens it doors, independent of whether the user is legitimate or an attacker. As Chris_H correctly points out, different authentication factors have different security: for example, if you type a password while sitting in the open, someone can see your fingers moving and figure out what you typed; or for example, someone could hit you over the head and take your USB authentication away (or worse, take your fingerprint away, which would really hurt). They also have different convenience: having to type your password every time is a big hassle; and I've seen way too many people have to walk over to the tech support office because they forgot their authentication device at home. We tolerate that risk and inconvenience, for the sake of keeping our data more safe.

So let's talk about the concrete case of an encrypted geli partition:

Example 1: You have a single disk. You use a non-encrypted root file system, which allows the OS to come up. You also have a second encrypted partition, containing data that needs to be secured. On the root file system is a small file, for example in /etc, which contains the geli decryption key (or passphrase or password) in clear text. In the /etc/rc.local script is a command to automatically decrypt the secure file system on every boot. This setup is COMPLETELY INSECURE: anyone who can log in to the machine (or in general, run a process on it) can also get to the "secure" data. Anyone who physically takes that one disk and steals it can read the file that contains the password, and manually decrypt the second partition. Whoever set this up is either a fool or a criminal: they got no security at all, in spite of using encryption. They are either deceiving themselves into believing the system is secure (that would be foolish), or misleading their boss (that would be criminal).

Example 2: Same disk with two partitions (root partition in clear, secure partition encrypted), except the decryption key is not stored on the system at all. Instead, after boot a person needs to walk up to the system, plug in a small USB memory stick that contains the key, wait a second or two for some script that has been waiting in the background to read the key and unlock the secure partition, and then remove the key again and put it back in his pocket. This is reasonably secure, although it relies on having only a single factor: if someone hits the sysadmin over the head and takes the key from his pocket, security has been breached.

Example 2a and 2b: Same as example 2, except that this time the sys admin has to provide the key by typing in a password or passphrase, or by providing *both* the USB stick and the password. This is more secure, in particular when using 2-factor authentication.

Example 3: Same disk with two partitions, but now the machine's server hardware itself is reasonably trusted. For example, it has a device on the motherboard which is an immutable serial number that's cryptographically secure (that's called a TPM in the business), and it has a switch that detects when the case has been opened (to guard against someone inserting something like a spying PCIe card, which snoops on the bus). When the system boots, it contacts a key server, presenting its cryptographically secure serial number, and asserting that the hardware has not been tampered with (the case has not been opened). When the key server receives this message (in the correct form and with the correct data), it sends the decryption key over the network (in a suitably secure manner, with the help of Diffie-Hellman that's doable), and the machine unlocks the second partition. The key server itself is physically highly secure, for example installed in a special rack in the data center, which is placed inside a strong steel case with locked doors, and bolted to the concrete floor. Again, this system is reasonably secure, and it needs no USB stick and no password. However, to get to this convenience, the administrator had to install a highly secure key server, and implement a TPM, trusted network protocols, and all that stuff. This is how really secure cluster computing is done (using self-encrypting disks).

What the original posters seem to want is the really secure system, with the convenience of the high-end key management solution, but without the cost. Sorry, you can't have that. TANSTAAFL.
Click to expand...
Thank you so much for replying....
How can i implement example 2 (Solution with usb stick has a keyfile and passfile)? I mean, do you have any instructions step by step for it?
 
No, I don't have instructions. My work machines are secured by large teams of people who work for big corporations, and I leave this type of work to experts. On my home machines, the one heavily encrypted disk can only be connected to a Mac (it's formatted as HFS), is secured by a pass phrase, and I use pencil and paper to store the pass phrase (in a physically secure location, it is in a safe that weighs 1300 lbs and is bolted to concrete). To unlock the disk, I type in a 30-character pass phrase by hand when I want to use the disk. Convenience is not important to me in this particular application, but I think this disk is reasonably secure.

I don't know whether I would trust a storage security authentication solution that is implemented by amateurs. There are so many things you can do wrong (like for example leaving the authentication keys in memory inadvertently), perhaps this should be left to professionals, or a professionally built OS.
 
By coincidence, I just found some instructions on how to set up a 2factor authentication token that's called "Yubikey" on FreeBSD: http://mjslabs.com/yubihow.html
The instructions is not for unlocking a geli-encrypted file system, but for login authentication, but it would probably be a good starting point.
 
I think it's quite reasonable to consider a "passfile" on an external storage device to be a reasonable security measure. There is no reason to be concerned that "thugs" will bop you over the head, and take the device away from you. As anyone reasonably concerned about security. Would wait until they felt comfortable about the environment, before attempting to boot the secured computer. They can also keep that external storage device in a safe.

--Chris
 
ralphbsz said:
Example 3: Same disk with two partitions, but now the machine's server hardware itself is reasonably trusted.
Click to expand...

Hi, sorry for resurrecting this old thread, but it is too interesting.

Example 3 is the Bitlocker / Windows 10 scenario on a machine with a TPM, isn't it?

from https://www.howtogeek.com/192894/how-to-set-up-bitlocker-encryption-on-windows/

When your PC boots, the Windows boot loader loads from the System Reserved partition, and the boot loader prompts you for your unlock method—for example, a password. BitLocker then decrypts the drive and loads Windows.
Click to expand...

you can configure automatic unlocking at startup (where your computer grabs the encryption keys from the TPM and automatically decrypts the drive)
Click to expand...

Could that be implemented on FreeBSD, too, if run on a machine with a TPM ?
 
I think the BitLocker thing should work. Assuming you can trust the BitLocker software (I know nothing about that corporation). Probably should do some background research: Who owns it? What has been their security posture? How well do they work with security researchers? As an example of a company that's very non-trustworthy right now, look at Zoom (the video conference software), which has done pretty much everything wrong recently (although I don't know that they are actually spying on their users, or allowing others like agencies or companies to spy).

I will trust Windows, because Microsoft has nothing to gain and everything to lose from spying on people (unlike Chinese companies, where the power relationship between government and enterprise is different than in the case of Microsoft, Apple, or Google). And Microsoft is a reasonably open company, I know dozens of people who work there (in positions of some influence), and it is simply unimaginable that Microsoft is just a front for the NSA or for Facebook. The weak link is the rest of the hardware. Who built the laptop? Where did the TPM come from? Is the interfacing between TPM, hardware (like the sensors that detect the hardware being opened) and Windows + BitLocker well engineered? If your laptop is for example a Dell (the upscale models, which are also sold to big and paranoid corporations and the US government), then you are probably good. If your laptop is no-name brand assembled in low-wage country of dubious politics, then all bets are off.

That's one of the reasons that I like to use Apple hardware: I can trust them that the security integration is done well, as long as I remain in the "walled garden" of their products.
 
well, I would not trust closed source security, and with all the history and revealed papers about Microsoft backdoors I would not trust them especially... I mean who would trust an operating system that is no more than a big spyware sending all keystrokes back home? All they care for is data, but they are not the only ones of course. If you really care about security the systems must be open - also random number generators is an interesting topic in this concern.
Anyway, the downside with TPM is probably that you can forget your data if your notebook decides to stop working at some day, happened quite some times at the company I worked for.
 
ralphbsz said:
I think the BitLocker thing should work. Assuming you can trust the BitLocker software
Click to expand...

Well, if BitLocker can be trusted is subject of lots of discussions.

Actually, I am rather interested if the TPM 1.2 standard can be used from free and open code. Or do you need some proprietary keys to access the TPM?

If it is possible to use the TPM from open source code, this would greatly enhance the user experience for FreeBSD users, if they wouldn't have to enter a password on boot to access an encrypted disk.
 
weberjn said:
Actually, I am rather interested if the TPM 1.2 standard can be used from free and open code.
Click to expand...
I've never used it so I don't know how it works but we do have a tpm(4) device driver.

My local man page seems to have a bit more info:
Code: 
SEE ALSO
     intro(4), device.hints(5), config(8)

     The homepage of the BSSSD project, which developed the original tpm
     driver: http://bsssd.sourceforge.net/.

     TPM main specification can be found at:
     https://trustedcomputinggroup.org/resource/tpm-main-specification/.

STANDARDS
     TPM Main Specification Level 2 Version 1.2:

     -   ISO/IEC, 11889-1:2009, Information technology -- Trusted Platform
         Module -- Part 1: Overview, https://www.iso.org/standard/50970.html.

     -   ISO/IEC, 11889-2:2009, Information technology -- Trusted Platform
         Module -- Part 2: Design principles,
         https://www.iso.org/standard/50971.html.

     -   ISO/IEC, 11889-3:2009, Information technology -- Trusted Platform
         Module -- Part 3: Structures,
         https://www.iso.org/standard/50972.html.
 
You must log in or register to reply here.
Back
Top