Arno Wagner wrote: > On Tue, Sep 23, 2008 at 12:37:46AM -0700, Ian Kelling wrote: >> Hello, I'm new to the list. >> >> I have a crypt device needs to be reliably unmounted and secured and I'd >> like to avoid shutting down. Heres what I'm doing in bash to deal with >> failed commands: >> >> >> cd /dev/mapper >> fuser -km crypt-foo >> umount crypt-foo || umount -l crypt-foo >> cryptsetup luksClose crypt-foo || rm -f crypt-foo crypt-swap || halt >> >> When it fails on cryptsetup and succeeds at "rm -f crypt-foo", is is the >> device secure? Meaning it cannot be accessed without entering the key >> again. This is not counting data that may have been read from the device >> and left in memory. I assume powering off makes it secure, is that right? >> Any suggestions? > > In light of some recent publications, powering off still makes it > secure, it may just take a quater hour or so. If you want to remove mapping correctly, you just have to first umount filesystem. Then luksClose cannot fail:-) Anyway, there are possibilities how to force remove crypt mapping, But please do not use it - it is an emergency procedure, not something for initscripts. For the archive, this is really low level device handling: 1) If you really want to force remove secure material from memory, you must remove crypt mapping. Force *dangerous* (== you can easily lost data if there is still mounted fs and running IOs) way is after unsucessfull cryptsetup luksClose run dmsetup remove -f <crypt device> If the device is still open, it will force replace mapped device with error segment (-f == force). This means, that all following IO operation will fail and also it removes crypt mapping and replaces it with mapping to error target (and this wipes encryption key from memory too). 2) More safe way is to use key wipe message for dm-crypt mapped device. You need to suspend device and then send wipe message dmsetup suspend <crypt device> dmsetup message <crypt device> 0 key wipe. Mapping is still prepared, but running IOs should be frozen now, key is wiped. No IO operation can happen till the key is reinstated and device resumed (this mode was intended for safe suspend to ram + preventing coldboot attack searching for encryption key). You can reinstate key later by running dmsetup message <crypt device> 0 key set <key> dmsetup resume <crypt device> ... Also, if device is left open, kernel can have some pages with sensitive data caches, you probably should flush all kernel caches too. Milan -- mbroz@xxxxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
