Thu 02 of Sep, 2010 [15:27 UTC]  
Menu
 Home
 Contact us
 Stats
[-] Wiki [+]
 Wiki Home
 Last Changes
 Dump
 Rankings
 List pages
 Orphan pages
 Sandbox
 Print
[-] Articles [+]
 Articles home
 List articles
 Rankings
 Submit article
 View submissions
[-] File Galleries [+]
 List galleries
 Rankings
[-] FAQs [+]
 List FAQs

EncryptedSwap

Encrypting the swap file with dmsetup
 edit print PDF
Português Brasileiro

About Swap Encryption

Encrypting a systems swap file can be a good idea to protect sensitive information. A program which has sensitive data stored in memory is ok, but if the OS decides to swap some memory pages to disk so it can free memory for other applications there is a theoretical chance that the sensitive data could be retrieved from the disk.

How to do it


Prerequisites
  1. cryptsetup v0.1
  2. kernel support for the device mapper and the encryption cipher you want to use (if encryption works for you with dmsetup/cryptsetup then you have this)

Find the swap device
Find your swap device(s) by running (commands are shown in bold):

berbara root # grep -e dev.*swap /etc/fstab
/dev/hda2 none swap sw 0 0

As you can see from the output from this command my swap device is /dev/hda2. If there are more than one device returned you would have to encrypt those devices as well.
If you have multiple swap devices, read this page and then read MultipleEncryptedSwapDevices

Find the bootscript which activates the swap
Run the following two commands (commands are shown in bold):

berbara root # cd /etc/init.d/
berbara init.d # grep swapon *
halt.sh:if -n "`swapon -s 2>/dev/null`"
localmount: /sbin/swapon -a &>/dev/null

We are looking for the line containing swapon -a, and we can see it is contained in the file called localmount. This was done on a Gentoo system (Debian: most probably mountall.sh, Slackware: "/etc/rc.S")

Open the file in your favourite editor and create a new line before the line that contains the swapon -a. Insert the following commands:

cryptsetup -c blowfish -s 64 -d /dev/urandom create swap0 /dev/hda2
mkswap /dev/mapper/swap0
swapon /dev/mapper/swap0


In this example we used the blowfish algorithm (-c) with a 64 bit key (-s) and we used /dev/urandom as our key file (-d).

Note! If you decide to take the default algorithm (AES), you need to supply "-s 256" instead of "-s 64", because AES has a different-sized key. Failure to make the keysize match the algorithm will lead to the otherwise-inscrutable error "Command failed: device-mapper ioctl cmd 9 failed: Invalid argument" and will write (for example) "kernel: [4369391,541000] device-mapper: error adding target to table" into /var/log/messages.

Also make sure the dm_mod module is automatically loaded at boot so dmsetup is able to map the device.

Also change the swap entry in /etc/fstab to point to /dev/mapper/swap0 so a call to swapon -a won't try to mount the unencrypted swap partition. (Note: this is not very important, swapon will report an error about the device being busy).


Checking that it works
After the next reboot run (commands are shown in bold):

alex@berbara:~$ cat /proc/swaps
Filename Type Size Used Priority
/dev/mapper/swap0 partition 506036 0 -1

This shows you the active swap devices. If the new swap0 device does not show up in your listing something did not work.
Possible problems:
  • If dm_mod is compiled as a module, check that the dm_mod module gets loaded before the cryptsetup command is run. An easy way to make sure that the dm_mod module is loaded is to put modprobe dm_mod above the commands you inserted to your boot script.
  • If this does not fix your problem, try to run the commands as root line by line in a console window and look for errors. (don't put in the 2>/dev/null parts which hides error messages).
  • If all else fails, try the mailing lists or contact one of the authors of this article.

Note: If you still have problems, don't give up and run you system without swap!

Credits
This page was first written by Perlbroker who used this setup on a Debian Woody stable release. 15th April 2004.
Feel free to contact him if there is any problem by clicking on the below Perlbroker link.

cleanup and "de-debianisation", change to cryptsetup by Alexander Wigen.


Created by: Perlbroker last modification: Monday 16 of August, 2010 [19:24:39 UTC] by Anonymous

edit
rename
history
similar
undo
slides
7 comments
1 file attached
translation
List of attached files
  name desc uploaded size >
1 : 2 icon mountall.sh /etc/init.d/mountall.sh Fri 16 of Apr, 2004 [01:59 UTC] by Perlbroker 1.13 Kb 675

Posted messages

Top Hide all
author message
Problems
on: Thu 31 of Mar, 2005 [01:19 UTC] score: 0.00
Mhm, I see 2 problems with this aproach:
1) Where the does the entropy for the passphrase come from?
On bootup a computer is nearly deterministic.
2) The header of the swap partition gives away some known plaintext to the attacker.

author message
Re: Entropy
on: Mon 09 of May, 2005 [21:43 UTC] score: 0.00
Re: where does the entropy come from?
This is deferred to the kernel's random device. It only gives data when there is enough entropy.
By the way, there is no passphrase. The key is generated new each time, and is only needed as long as the swap partition is active. Think about it.

author message
Re: Entropy
on: Fri 10 of Jun, 2005 [01:14 UTC] score: 0.00
But I think that is the problem;
As I understand it, the random device gathers entropy from harddisk activity and keypresses. Both are rather deterministic at bootup.

author message
Startup script
on: Fri 02 of Dec, 2005 [08:51 UTC] score: 0.00
Rather than hijacking the startup scripts, it would be better to create a startup script specifically for the encrypted swap. As I mentioned Re: Re: Entroy, this should launch after the /dev/urandom pool has been restored.

To be bullet-proof, the script could enumerate the swap devices, check to see if it is already an encrypted mapping (to ensure idempotent), turn each one off, encrypt and re-enable. While it does allow a window of opportunity for information to leak into the swap files, if done soon enough (for example, before any services start, particularly cron and anacron (think locate updates)) it should work. (On Debian unstable, this window would span S35mountall.sh to S55urandom (maybe someone could convince the distributions to close the gap).)

Also, you should be encrypting the storage area for the saved /dev/urandom pool if doing any encryption.

author message
Re: Re: Entropy
on: Fri 02 of Dec, 2005 [08:41 UTC] score: 0.00
Most distributions save the /dev/urandom pool on shutdown and restore it on start-up. Just ensure that the encrypted swap isn't created until after this is restored.

author message
ks
Compatibility
on: Sat 15 of Apr, 2006 [12:13 UTC] score: 0.00
Trying to enter the mentioned command:

cryptsetup -c blowfish -s 64 -d /dev/urandom create swap0 /dev/hda2

Gives the error: Command Failed: Invalid Argument

So, trying the more simple:

cryptsetup create swap0 /dev/hda2

gives the same error.

Trying to set verbose on, strips the error down to "Command Failed" confused

Poking around in the source code, i think this is linked to setting the mode (ECB vs CBC (Electronic Code Book vs Cipher Block Chaining)).

uninstalling cryptsetup-luks, and installing plain cryptsetup, everything works fine.

I run gentoo 2.6.16, no messages in any logs.

Am I missing something, or is the cryptsetup-luks not compatible with standard cryptsetup?

If not, how do I create a partion with a random password (eg. for the swap)?
Using the luks extensions, requires me to call twice, once for format, and once for open, which means I must store the password somehow.

Any hints?

author message
Fedora Core 5 specifics
on: Sat 03 of Jun, 2006 [02:41 UTC] score: 0.00
With Fedora Core 5, and possibly other Fedora versions, the script that contains the line 'swapon -a' is /etc/rc.d/rc.sysinit. Therefore, FC5's /etc/rc.d/rc.sysinit needs to be modified rather than localmount, as described for Gentoo in the HOWTO.


Page: 1/1
1