Hello,
Mandrake 8.2 comes with a kernel RPM including loop-aes.
It is supposed to be able to do a lot of useful things with it, including
automatically encrypt swap partitions if wanted.
One would only need to change his swap fstab entry, i.e.
/dev/hda4 swap swap defaults 0 0
into
/dev/hda4 swap swap encrypted 0 0
...to get an encrypted swap partition, and the rc.sysinit script will take
care of encrypting and mounting the swap partition (with a random session
key, without the need of user intervention).
Unfortunately, the part of rc.sysinit that takes care of that is broken, and
one would believe that his swap is encrypted, when it actually is UNencrypted
because of bugs in rc.sysinit, and this results in a potential SECURITY RISK.
I have patched the "encrypted swap" part of rc.sysinit, so it now does what
it is supposed to do.
Please find the patch attached.
Once this patch has been applied to rc.sysinit, the swap partitions will
automatically be loop-encrypted at system startup time, if specified so in
/etc/fstab.
i.e. my fstab specifies:
/dev/hda4 swap swap encrypted 0 0
/dev/sda3 swap swap encrypted 0 0
And now, I can check that my swap is actually encrypted, with:
[root@totor etc]# swapon -s
Filename Type Size Used Priority
/dev/loop/0 partition 128512 0 0
/dev/loop/1 partition 128512 0 0
[root@totor etc]# losetup /dev/loop0
/dev/loop0 : [0007]:447 (/dev/hda4) décalage 0, AES128 cryptage
[root@totor etc]# losetup /dev/loop1
/dev/loop1 : [0007]:747 (/dev/sda3) décalage 0, AES128 cryptage
Please check this patch; I believe that it should be included in a Mandrake
security update, because it's no good at all to have a swap mounted in the
clear when you believe it is encrypted...
Noted imperfection: Once the swap partition has been converted to an
encrypted one, at statup time, the first attempt to "swapon -a", just after
the root partition has been remounted RW, will result in an error.
The swap will then be encrypted, loop-mounted and activated later in the
startup process.
There's not much I can do about it. The first error when performing "swapon
-a" is due to the fact that the encrypted swap partitions no longer have a
valid "swap signature" in the clear, but the "swapon -a" command still tries
to swapon them, as they are listed in /etc/fstab...
Feel free to give me your feedback and comments.
Best regards.
--
Michel Bouissou <michel@bouissou.net> OpenPGP ID 0x5C2BEE8F
--- rc.sysinit.Original.mdk82 Sun Apr 7 16:51:39 2002
+++ rc.sysinit Sun Apr 7 16:59:35 2002
@@ -1111,17 +1111,41 @@
# Delete Postgres sockets
rm -f /tmp/.s.PGSQL.*
-#Detect encrypted swap
+#Detect and create/activate encrypted swap
+#Changed by Michel Bouissou on 2002/04/07
if [[ -n $encrypted_swap ]];then
- for loop in ${encrypted_swap};do
- losetup -d /dev/loop0 2>/dev/null >/dev/null ||:
- mcookie|losetup -p 0 AES128 /dev/loop0 ${loop} 2>/dev/null >/dev/null
- sync
- mkswap ${loop} 2>/dev/null >/dev/null
- sync
- action "Making encrypted swap for %s: " ${loop} swapon ${loop}
- sync
- done
+ loop=NONE
+ action "Testing insertion of loop module" modprobe loop
+ if [ $? == 0 ]; then
+ for (( s = 1; s <= 10; s++ )); do
+ if [ -b /dev/loop0 ]; then
+ loop=OK
+ s=11
+ else
+ sleep 1
+ fi
+ done
+ fi
+ if [ $loop == OK ]; then
+ for swdev in ${encrypted_swap}; do
+ loop=NONE
+ for l in `echo /dev/loop[0-9]`; do
+ if [ $loop == NONE ] && ! grep -q $l /proc/mounts && ! { losetup $l &> /dev/null; }; then
+ loop=$l
+ fi
+ done
+ if [ $loop != NONE ]; then
+ swapoff $swdev > /dev/null 2>&1
+ mcookie | losetup -p 0 -e AES128 $loop $swdev > /dev/null 2>&1
+ if [ $? == 0 ]; then
+ action "Creating encrypted swap space on %s:" $loop mkswap $loop
+ if [ $? == 0 ]; then
+ action "Activating swap on %s:" $loop swapon -p 0 $loop
+ fi
+ fi
+ fi
+ done
+ fi
fi
# Now turn on swap in case we swap to files.
