mount an encrypted USB drive on FreeBSD and Windows

W

weberjn

I'd like to share a 4 TB Transcend USB drive between FreeBSD and Windows.

Which way to go at the dawn of FreeBSD 14?

VeraCrypt?
Full disk or File containers? What filesystem? Does it work from the console only?


Bitlocker? with libbde?
 
I added bitlocker encryption under windows and tried to access the (ntfs) drive under FreeBSD with bdeinfo from devel/libbde.

But I got the error below. Any ideas?

Code: 
# gpart show /dev/da0
=>        6  976754635  da0  GPT  (3.6T)
          6      32768    1  ms-reserved  (128M)
      32774        250       - free -  (1.0M)
      33024  976721408    2  ms-basic-data  (3.6T)
  976754432        209       - free -  (836K)


# bdeinfo -p *** /dev/da0p2
bdeinfo 20221031

Unable to open: /dev/da0p2.
libcfile_file_read_buffer_with_error_code: unable to read from file with error: Invalid argument
libcfile_file_read_buffer: unable to read from file.
libbfio_file_io_handle_read_buffer: unable to read from file: /dev/da0p2.
libbfio_file_range_io_handle_read_buffer: unable to read from file IO handle.
libbfio_internal_handle_read_buffer: unable to read from handle.
libbfio_handle_read_buffer_at_offset: unable to read buffer.
libbde_volume_header_read_file_io_handle: unable to read volume header data at offset: 0 (0x00000000).
libbde_internal_volume_open_read: unable to read volume header.
libbde_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open: unable to open volume.

 # dd if=/dev/da0p2 bs=1m count=1 | hexdump -C | less
00000000  eb 58 90 2d 46 56 45 2d  46 53 2d 00 10 01 00 00  |.X.-FVE-FS-.....|
00000010  00 00 00 00 00 f8 00 00  3f 00 ff 00 00 81 00 00  |........?.......|
00000020  00 00 00 00 e0 1f 00 00  00 00 00 00 00 00 00 00  |................|
00000030  01 00 06 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000040  80 00 29 00 00 00 00 4e  4f 20 4e 41 4d 45 20 20  |..)....NO NAME  |
00000050  20 20 46 41 54 33 32 20  20 20 33 c9 8e d1 bc f4  |  FAT32   3.....|
...
 
Above BDE error is caused by unexpected limitation (from libbde view) of FreeBSD block device - it returns Invalid Argument when block shorter than 512 bytes is read.

Here is confirmation from truss output:
Code: 
openat(AT_FDCWD,"/dev/da0s1",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)                                                                     
fstat(3,{ mode=crw-r----- ,inode=146,size=0,blksize=4096 }) = 0 (0x0)                             
ioctl(3,DIOCGMEDIASIZE,0x8202e7148)              = 0 (0x0)                                                                         
lseek(3,0x0,SEEK_SET)                            = 0 (0x0)                                                                         
lseek(3,0x0,SEEK_SET)                            = 0 (0x0)                                                                         
lseek(3,0x0,SEEK_CUR)                            = 0 (0x0)                                                                         
read(3,"\M-kX\M^P-FVE-FS-\0\^B\b \0\0\0\0\0\0\M-x\0\0 ..."...,512) = 5
12 (0x200)                                                                                                                         
lseek(3,0x69003000,SEEK_SET)                     = 1761619968 (0x69003000)                                                         
lseek(3,0x0,SEEK_CUR)                            = 1761619968 (0x69003000)                   
read(3,0x8202e7210,64)                           ERR#22 'Invalid argument'
Note that while lseek(2) to around 1.6GB (from 4GB flash) was successful but attempt to read just 64-bytes from block device failed with Invalid argument.

Above hypothesis can be verified with trivial test in shell:
Bash: 
root@fbsd-max:~ # dd if=/dev/da0s1 bs=512 count=1 | hexdump -C | head -5
1+0 records in
1+0 records out
512 bytes transferred in 0.002964 secs (172756 bytes/sec)
00000000  eb 58 90 2d 46 56 45 2d  46 53 2d 00 02 08 20 00  |.X.-FVE-FS-... .|
00000010  00 00 00 00 00 f8 00 00  20 00 40 00 00 08 00 00  |........ .@.....|
00000020  00 78 77 00 e0 1f 00 00  00 00 00 00 00 00 00 00  |.xw.............|
00000030  01 00 06 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000040  80 00 29 00 00 00 00 4e  4f 20 4e 41 4d 45 20 20  |..)....NO NAME  |
root@fbsd-max:~ # dd if=/dev/da0s1 bs=64 count=1 | hexdump -C | head -5
dd: /dev/da0s1: Invalid argument
0+0 records in
0+0 records out
0 bytes transferred in 0.000131 secs (0 bytes/sec)

So now the question is how to solve this problem:
  1. Somehow trick FreeBSD to allow reading smaller chunk from block device than 512 bytes
  2. Make libbde to always read at least 512 bytes.
 
I was able to fix this bug by cloning Windows code version that already forces 512 byte block size for I/O. At least bdeinfo now finished without error.

Forum does not allow me to attach patch with *.c suffix to this post so here is content of patch-libcfile_libcfile__file.c:
Code: 
+++ libcfile/libcfile_file.c
@@ -750,6 +750,21 @@ int libcfile_file_open_with_error_code(
     internal_file->access_flags   = access_flags;
     internal_file->current_offset = 0;
 
+    if( libcfile_internal_file_set_block_size(
+         internal_file,
+         (size_t) 512,
+         error ) != 1 )
+    {
+        libcerror_error_set(
+         error,
+         LIBCERROR_ERROR_DOMAIN_RUNTIME,
+         LIBCERROR_RUNTIME_ERROR_SET_FAILED,
+         "%s: unable to set block size.",
+         function );
+
+        return( -1 );
+    }
+
     return( 1 );
 }

Put this patch as patch-libcfile_libcfile__file.c into /usr/ports/devel/libbde/files and rebuild ports with:

Bash: 
cd /usr/ports/devel/libbde
make install-missing-packages # do this only 1st time
make clean
make reinstall

Now bdeinfo works for the 1st time:
Code: 
root@fbsd-wd500# bdeinfo -v /dev/da0s1
bdeinfo 20231220

Volume is locked and a password is needed to unlock it.

Password:

BitLocker Drive Encryption information:
    Volume identifier        : 0b83cc09-0ac5-49d0-a865-875189cb3bba
    Size                : 3.7 GiB (4008706048 bytes)
    Encryption method        : AES-CBC 128-bit
    Creation time            : Jun 01, 2025 06:33:51.169681200 UTC
    Description            : SAMTB-X2 BASF 6/1/2025
    Number of key protectors    : 2
....

Are there any volunteers to test this patch?
 
You must log in or register to reply here.
Back
Top