Re: [RFC] Partial support for reading DiskCryptor volumes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/11/2021 21:23, Mateusz Jończyk wrote:

then the best is perhaps open merge request (or issue) on the project
page and discuss it there.
(For now, the code looks simple enough.)


You mean open now, or once the code is ready?


Once the code is ready for review (so all major parts, like activation, are there).




What is missing to more "stable" code? Only the parts marked TODO,
or something crucial for format parsing?


The major parts missing in the code I posted:

- setting up mapping in the device mapper,

- libcryptsetup: support for *dm_error_target_set()* that would be
similar to *dm_zero_target_set()* to create a region in the block
device that errors out reads and writes. This is necessary as sometimes
the first 2048 bytes of the encrypted filesystem are relocated to another
place in the image ( https://diskcryptor.org/volume/ ):



Please do not use error target, this will cause more problems.
(Error can trigger unexpected actions. Perhaps integrity error
can work here, but we do not have such DM target yet.)

We use zero mapping segments for Bitlocker (where it covers metadata area,
or fake NTFS files tat maps to underlying metadata) - use exactly the same approach.

See Vojta's talk https://vtrefny.fedorapeople.org/misc/devconf-bitlocker.pdf
(and bitlk code). I think you are solving exactly the same problem here.


Relocation area - is a contiguous sequence of sectors where the first 2048
bytes of partition are stored.

Currently there are two methods of placement of this area that are being used: in $dcsys$ file, or at the end of partition. On encryption of partition that has data on it, this area is being placed in $dcsys$ file [its name contains the dollar signs] , which is located in a contiguous sequence of clusters. On formatting a new partition, this area is being placed at the end of partition, after user data.


See above. For existing systems it can be masked/reallocated the same way as in bitlk code.

Milan
_______________________________________________
dm-crypt mailing list -- dm-crypt@xxxxxxxx
To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux