Recent Linux kernels and cryptsetup offer new features for disk encryption: Argon2i for transforming a password into a key, and dm-integrity, a form of Authenticated Encryption. Unfortunately, the Ubuntu installer (18.04.2 Server) does not expose these functionalities, and is missing libraries ("libgcc_s.so.1 must be installed for pthread_cancel to work.") and kernel modules ("Kernel doesn't support dm-integrity mapping.") even to try do it via the command line via Ctrl-Alt-F2 etc., during install.
Here's how to do it anyway.
- Install encrypted to the extent that the regular installer can do it.
- Reboot into a live CD.
- cryptsetup open
- Use dd to take an image of the plaintext completed installed logical volume of the root directory. Take note of its size in 4M extents.
- vgchange -a n
- cryptsetup close
- Reformat with fancier disk encryption: /usr/bin/time sudo cryptsetup luksFormat -v --type luks2 --label mylabel --integrity hmac-sha256 --pbkdf argon2i -i 60000 --pbkdf-memory 4194304 --pbkdf-parallel 2 -s 512 -h sha512 --use-random /dev/sda1
- "cryptsetup open /dev/sda1 sda1_crypt" It is important to use the same crypt container name, e.g., sda1_crypt, that the installer used, as recorded in /etc/crypttab , because update-initramfs needs that name.
- Set up LVM within the encrypted container, creating a volume group and logical volume with the same name and size as the original.
- Restore the image, mount.
- Edit /etc/crypttab to reflect the new UUID of the encrypted partition (ls -l /dev/disk/by-uuid).
- Add dm_integrity to /etc/initramfs-tools/modules .
- update-initramfs within a chroot.
- Grow the logical volume (lvextend -l +100%FREE /dev/v/root) and file system (btrfs filesystem resize max /mnt).
- umount; btrfs check
Our set up in step 1 was unencrypted /boot in its own partition (putting /boot inside the encrypted container does not work) and encrypted LVM in another partition containing root and swap. This is very similar to "Guided - use entire disk and set up encrypted LVM". However, the initial install was onto a small logical volume (3 GB; 2GB is sufficient if using btrfs compress=zstd), because that makes taking an image easier. We also made the boot partition large (5GB) because that's a convenient place to temporarily stash the image (encrypted with gpg -c --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65000000) while reformatting. After restoring, we can extend the logical volume and filesystem, then install more packages with tasksel.
We used the Lubuntu live CD to reformat because its low memory requirement allows giving more memory to Argon2i. SystemRescueCD text mode is even better.
Unfortunately, these instructions do not work for Debian Buster (RC2) (and also probably later versions of Ubuntu), because of recent changes to cryptsetup, in particular /usr/share/initramfs/hooks/cryptroot . The first error ("Source mismatch") happens in print_crypttab_entry, where dmsetup info -c -o devnos_used returns a different major number when dealing with a dm_integrity device.
2 comments :
Why use hmac-sha256 for integrity? Isn't hmac-sha512 faster or comparable on 64-bit CPU?
Also, -i 60000 is brutal : )
I wasn't aware hmac-sha512 was an option. Thanks for the tip.
-i 60000 is comparable to the rest of the boot time for me, and I decided that (roughly) doubling boot time was acceptable. Of course, this is personal preference.
Post a Comment