os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Editorial review of gbde section.

Browse source 
Sponsored by:	iXsystems
This commit is contained in:
Dru Lavigne 2014-04-28 20:30:14 +00:00
parent 1d909124a3
commit df8d34133f
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=44686
1 changed files with 70 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

191
en_US.ISO8859-1/books/handbook/disks/chapter.xml
View file

@ -2524,7 +2524,7 @@ Quotas for user test:
<command>geli</command> cryptographic subsystems in &os; are <command>geli</command> cryptographic subsystems in &os; are
able to protect the data on the computer's file systems against able to protect the data on the computer's file systems against
even highly-motivated attackers with significant resources. even highly-motivated attackers with significant resources.
Unlike cumbersome encryption methods that encrypt only Unlike encryption methods that encrypt
individual files, <command>gbde</command> and individual files, <command>gbde</command> and
<command>geli</command> transparently encrypt entire file <command>geli</command> transparently encrypt entire file
systems. No cleartext ever touches the hard drive's systems. No cleartext ever touches the hard drive's
@ -2534,25 +2534,26 @@ Quotas for user test:
<title>Disk Encryption with <title>Disk Encryption with
<application>gbde</application></title> <application>gbde</application></title>
<para><application>gbde</application> encrypts the sector <para>The objective of the &man.gbde.4; facility is to provide a
payload using 128-bit AES in CBC mode. Each sector on the formidable challenge for an attacker to gain access to the
disk is encrypted with a different AES key. For more contents of a <emphasis>cold</emphasis> storage device.
However, if the computer is compromised while up and running
and the storage device is actively attached, or the attacker
has access to a valid passphrase, it offers no protection to
the contents of the storage device. Thus, it is important to
provide physical security while the system is running and to
protect the passphrase used by the encryption
mechanism.</para>
<para>This facility provides several barriers to protect the data
stored in each disk sector. It encrypts the contents of a
disk sector using 128-bit <acronym>AES</acronym> in
<acronym>CBC</acronym> mode. Each sector on the
disk is encrypted with a different <acronym>AES</acronym> key. For more
information on the cryptographic design, including how the information on the cryptographic design, including how the
sector keys are derived from the user-supplied passphrase, sector keys are derived from the user-supplied passphrase,
refer to &man.gbde.4;.</para> refer to &man.gbde.4;.</para>
<note>
<para>&man.sysinstall.8; is incompatible with
<application>gbde</application>-encrypted devices. All
<filename>*.bde</filename>
devices must be detached from the kernel before starting
&man.sysinstall.8; or it will crash during its initial
probing for devices. To detach the encrypted device used in
the example, use the following command:</para>
<screen>&prompt.root; <userinput>gbde detach /dev/ad4s1c</userinput></screen>
</note>
<para>&os; provides a kernel module for <para>&os; provides a kernel module for
<application>gbde</application> which can be loaded with this <application>gbde</application> which can be loaded with this
command:</para> command:</para>
@ -2565,15 +2566,13 @@ Quotas for user test:
<para><literal>options GEOM_BDE</literal></para> <para><literal>options GEOM_BDE</literal></para>
<para>The following example demonstrates adding a new hard <para>The following example demonstrates adding a new hard
drive to a system that will hold a single encrypted partition. drive to a system that will hold a single encrypted partition
This partition will be mounted as that will be mounted as
<filename>/private</filename>. <filename>/private</filename>.</para>
<application>gbde</application> can also be used to encrypt
<filename>/home</filename> and <filename>/var/mail</filename>,
but this requires more complex instructions which exceed the
scope of this introduction.</para>
<procedure> <procedure>
<title>Encrypting a Partition with <application>gbde</application></title>
<step> <step>
<title>Add the New Hard Drive</title> <title>Add the New Hard Drive</title>
@ -2612,15 +2611,12 @@ Quotas for user test:
<para>A <application>gbde</application> partition must be <para>A <application>gbde</application> partition must be
initialized before it can be used. This initialization initialized before it can be used. This initialization
needs to be performed only once:</para> needs to be performed only once. This command will open the default editor, in order to
<screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock</userinput></screen>
<para>&man.gbde.8; will open the default editor, in order to
set various configuration options in a template. For use set various configuration options in a template. For use
with UFS1 or UFS2, set the sector_size to 2048:</para> with the <acronym>UFS</acronym> file system, set the
sector_size to 2048:</para>
<programlisting># &dollar;FreeBSD: src/sbin/gbde/template.txt,v 1.1.36.1 2009/08/03 08:13:06 kensmith Exp $ <screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock</userinput># &dollar;FreeBSD: src/sbin/gbde/template.txt,v 1.1.36.1 2009/08/03 08:13:06 kensmith Exp $
# #
# Sector size is the smallest unit of data which can be read or written. # Sector size is the smallest unit of data which can be read or written.
# Making it too small decreases performance and decreases available space. # Making it too small decreases performance and decreases available space.
@ -2628,38 +2624,32 @@ Quotas for user test:
# minimum and always safe. For UFS, use the fragment size # minimum and always safe. For UFS, use the fragment size
# #
sector_size = 2048 sector_size = 2048
[...]</programlisting> [...]</screen>
<para>&man.gbde.8; will ask the user twice to type the <para>Once the edit is saved, the user will be asked twice to type the
passphrase used to secure the data. The passphrase must passphrase used to secure the data. The passphrase must
be the same both times. The ability of be the same both times. The ability of
<application>gbde</application> to protect data depends <application>gbde</application> to protect data depends
entirely on the quality of the passphrase. For tips on entirely on the quality of the passphrase. For tips on
how to select a secure passphrase that is easy to how to select a secure passphrase that is easy to
remember, see the <link remember, see <link
xlink:href="http://world.std.com/~reinhold/diceware.html">Diceware xlink:href="http://world.std.com/~reinhold/diceware.html">http://world.std.com/~reinhold/diceware.htm</link>.</para>
Passphrase</link> website.</para>
<para><command>gbde init</command>creates a lock file for <para>This initialization creates a lock file for
the <application>gbde</application> partition. In this the <application>gbde</application> partition. In this
example, it is stored as example, it is stored as
<filename>/etc/gbde/ad4s1c.lock</filename>. <filename>/etc/gbde/ad4s1c.lock</filename>.
<application>gbde</application> lock files must end in Lock files must end in
<quote>.lock</quote> in order to be correctly detected by <quote>.lock</quote> in order to be correctly detected by
the <filename>/etc/rc.d/gbde</filename> start up the <filename>/etc/rc.d/gbde</filename> start up
script.</para> script.</para>
<caution> <caution>
<para><application>gbde</application> lock files <para>Lock files
<emphasis>must</emphasis> be backed up together with <emphasis>must</emphasis> be backed up together with
the contents of any encrypted partitions. While the contents of any encrypted partitions. Without the
deleting a lock file alone cannot prevent a determined
attacker from decrypting a
<application>gbde</application> partition, without the
lock file, the legitimate owner will be unable to lock file, the legitimate owner will be unable to
access the data on the encrypted partition without a access the data on the encrypted partition.</para>
significant amount of work that is totally unsupported
by &man.gbde.8;.</para>
</caution> </caution>
</step> </step>
@ -2686,40 +2676,32 @@ sector_size = 2048
Device</title> Device</title>
<para>Once the encrypted device has been attached to the <para>Once the encrypted device has been attached to the
kernel, a file system can be created on the device using kernel, a file system can be created on the device.
&man.newfs.8;. This example creates a UFS2 file This example creates a <acronym>UFS</acronym> file
system with soft updates enabled.</para> system with soft updates enabled. Be sure to specify the
partition which has a
<filename><replaceable>*</replaceable>.bde</filename>
extension:</para>
<screen>&prompt.root; <userinput>newfs -U /dev/ad4s1c.bde</userinput></screen> <screen>&prompt.root; <userinput>newfs -U /dev/ad4s1c.bde</userinput></screen>
<note>
<para>&man.newfs.8; must be performed on an attached
<application>gbde</application> partition which is
identified by a
<filename><replaceable>*</replaceable>.bde</filename>
extension to the device name.</para>
</note>
</step> </step>
<step> <step>
<title>Mount the Encrypted Partition</title> <title>Mount the Encrypted Partition</title>
<para>Create a mount point for the encrypted file <para>Create a mount point and mount the encrypted file
system:</para> system:</para>
<screen>&prompt.root; <userinput>mkdir /private</userinput></screen> <screen>&prompt.root; <userinput>mkdir /private</userinput>
&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
<para>Mount the encrypted file system:</para>
<screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
</step> </step>
<step> <step>
<title>Verify That the Encrypted File System is <title>Verify That the Encrypted File System is
Available</title> Available</title>
<para>The encrypted file system should now be visible to <para>The encrypted file system should now be visible
&man.df.1; and be available for use.</para> and available for use:</para>
<screen>&prompt.user; <userinput>df -H</userinput> <screen>&prompt.user; <userinput>df -H</userinput>
Filesystem Size Used Avail Capacity Mounted on Filesystem Size Used Avail Capacity Mounted on
@ -2732,70 +2714,37 @@ Filesystem Size Used Avail Capacity Mounted on
</step> </step>
</procedure> </procedure>
<sect3>
<title>Mounting Existing Encrypted File Systems</title>
<para>After each boot, any encrypted file systems must be <para>After each boot, any encrypted file systems must be
re-attached to the kernel, checked for errors, and mounted, manually re-attached to the kernel, checked for errors, and mounted,
before the file systems can be used. The required commands before the file systems can be used. To configure these
must be executed as steps, add the following lines to <filename>/etc/rc.conf</filename>:</para>
<systemitem class="username">root</systemitem>.</para>
<procedure>
<step>
<title>Attach the <command>gbde</command> Partition to the
Kernel</title>
<screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock</userinput></screen>
<para>This command will prompt for the passphrase that was
selected during initialization of the encrypted
<application>gbde</application> partition.</para>
</step>
<step>
<title>Check the File System for Errors</title>
<para>Since encrypted file systems cannot yet be listed in
<filename>/etc/fstab</filename> for automatic mounting,
the file systems must be checked for errors by running
&man.fsck.8; manually before mounting:</para>
<screen>&prompt.root; <userinput>fsck -p -t ffs /dev/ad4s1c.bde</userinput></screen>
</step>
<step>
<title>Mount the Encrypted File System</title>
<screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
<para>The encrypted file system is now available for
use.</para>
</step>
</procedure>
<para>It is possible to create a script to automatically
attach, check, and mount an encrypted partition, but for
security reasons the script should not contain the
&man.gbde.8; password. Instead, it is recommended that
such scripts be run manually while providing the password
via the console or &man.ssh.1;.</para>
<para>As an alternative, an <filename>rc.d</filename> script
is provided. Arguments for this script can be passed via
&man.rc.conf.5;:</para>
<programlisting>gbde_autoattach_all="YES" <programlisting>gbde_autoattach_all="YES"
gbde_devices="ad4s1c" gbde_devices="<replaceable>ad4s1c</replaceable>"
gbde_lockdir="/etc/gbde"</programlisting> gbde_lockdir="/etc/gbde"</programlisting>
<para>This requires that the <para>This requires that the
<application>gbde</application> passphrase be entered at passphrase be entered at the console
boot time. After typing the correct passphrase, the boot time. After typing the correct passphrase, the
<application>gbde</application> encrypted partition will be encrypted partition will be
mounted automatically. This can be useful when using mounted automatically. Additional
<application>gbde</application> on laptops.</para> <application>gbde</application> boot options are available
</sect3> and listed in &man.rc.conf.5;.</para>
<!--
What about bsdinstall?
-->
<note>
<para><application>sysinstall</application> is incompatible with
<application>gbde</application>-encrypted devices. All
<filename>*.bde</filename>
devices must be detached from the kernel before starting
<application>sysinstall</application> or it will crash during its initial
probing for devices. To detach the encrypted device used in
the example, use the following command:</para>
<screen>&prompt.root; <userinput>gbde detach /dev/<replaceable>ad4s1c</replaceable></userinput></screen>
</note>
</sect2> </sect2>
<sect2 xml:id="disks-encrypting-geli"> <sect2 xml:id="disks-encrypting-geli">