#795735 partman-crypto: always encrypt swap

#795735#5
Date:
2015-08-16 13:55:24 UTC
From:
To:
Could we enable encryption of swap by default, even when full disk
encryption is not used? As far as I undrestand, there is no
performance issue for this for most hardware made in the past
half-decade. Swap encryption also doesn't require the user to enter a
password: it can be generated on the fly for each boot.

This was suggested in the Debian GnuPG BoF at Debconf15.

#795735#10
Date:
2015-08-16 14:01:11 UTC
From:
To:
Hi Lars,

Lars Wirzenius <liw@liw.fi> (2015-08-16):
some reports about signature not being the right one, and bits of
cryptsetup not being fully set correctly. I haven't had time to look
into that yet.

Thanks for forwarding this to us.

Mraw,
KiBi.

#795735#15
Date:
2015-08-16 14:21:16 UTC
From:
To:
This is obviously wrong. The performance cost may be low to the effect
that it is negligible on "recent hardware", but it is not zero; even if
you run it on custom crypto hardware that wouldn't otherwise be used
except for crypto operation, that would make that hardware unavailable
(or at the very least, less available) for other crypto operations.

This also makes it impossible to use suspend-to-disk, as that uses the
swap partition to write the state of the current RAM, which needs to be
reread at boot time; if you encrypt the swap partition with a random
key, you can't read it at the next boot, so you've removed the ability
to use that feature.

#795735#20
Date:
2015-08-16 14:21:16 UTC
From:
To:
This is obviously wrong. The performance cost may be low to the effect
that it is negligible on "recent hardware", but it is not zero; even if
you run it on custom crypto hardware that wouldn't otherwise be used
except for crypto operation, that would make that hardware unavailable
(or at the very least, less available) for other crypto operations.

This also makes it impossible to use suspend-to-disk, as that uses the
swap partition to write the state of the current RAM, which needs to be
reread at boot time; if you encrypt the swap partition with a random
key, you can't read it at the next boot, so you've removed the ability
to use that feature.

#795735#25
Date:
2017-10-19 20:37:54 UTC
From:
To:
It's a shame that encrypted swap by default hasn't happened yet for
debian.

As i see it, the three outstanding concerns are:

 a) source of entropy at boot time

 b) actual hardware performance

 c) suspend-to-disk


boot time entropy
-----------------

The linux kernel's getrandom() situation is much better today than it
was two years ago.  It's actually possible to get blocking bytes when
needed early, without forcing yourself into a blocking situation later
once the kernel's prng is initialized.  See getrandom(2) and random(4)
for more details.

actual hardware performance
---------------------------

I suspect the cost is negligible on most hardware today, particularly
when compared to the disk I/O.  If you're swapping, you're likely to be
waiting for the disk, not waiting for the CPU.  That said, i agree that
users with specialized situations ought to be able to disable this.  But
the default should still be on.

suspend-to-disk
---------------

If the user suspends to disk, then the memory will be written to disk.
this is definitely a leak.  However, we currently write the memory to
disk *without* suspending to disk, so even if we don't handle
suspend-to-disk "safely" it's still a win to encrypt swap, because we
protect the people who do *not* suspend to disk.  So that's the simplest
solution to the suspend-to-disk problem: just punt on it for now, and
leave that case unprotected.

If suspend-to-disk (or rather, resume-from-disk) is the only problem,
then we should look for ways to opportunistically take advantage of
other non-disk hardware on which we could store any ephemeral keys
needed for restoration.

For example, on systems with rewritable nvram, it's conceivable that we
could suspend to the encrypted volume, and then stash the ephemeral
encryption key in nvram.  Upon resume, read the key from nvram into main
memory, clear the nvram, and restore from the encrypted volume.  This
isn't perfectly secure (an attacker with both the disk and the nvram can
recover your memory from the suspend file) but it is a significant win
against an attacker who physically removes the hard disk.



So i think we ought to outline the steps that need to be taken to make
this happen by default.  Which pieces need to be updated, and how?

#795735#30
Date:
2017-10-19 20:37:54 UTC
From:
To:
It's a shame that encrypted swap by default hasn't happened yet for
debian.

As i see it, the three outstanding concerns are:

 a) source of entropy at boot time

 b) actual hardware performance

 c) suspend-to-disk


boot time entropy
-----------------

The linux kernel's getrandom() situation is much better today than it
was two years ago.  It's actually possible to get blocking bytes when
needed early, without forcing yourself into a blocking situation later
once the kernel's prng is initialized.  See getrandom(2) and random(4)
for more details.

actual hardware performance
---------------------------

I suspect the cost is negligible on most hardware today, particularly
when compared to the disk I/O.  If you're swapping, you're likely to be
waiting for the disk, not waiting for the CPU.  That said, i agree that
users with specialized situations ought to be able to disable this.  But
the default should still be on.

suspend-to-disk
---------------

If the user suspends to disk, then the memory will be written to disk.
this is definitely a leak.  However, we currently write the memory to
disk *without* suspending to disk, so even if we don't handle
suspend-to-disk "safely" it's still a win to encrypt swap, because we
protect the people who do *not* suspend to disk.  So that's the simplest
solution to the suspend-to-disk problem: just punt on it for now, and
leave that case unprotected.

If suspend-to-disk (or rather, resume-from-disk) is the only problem,
then we should look for ways to opportunistically take advantage of
other non-disk hardware on which we could store any ephemeral keys
needed for restoration.

For example, on systems with rewritable nvram, it's conceivable that we
could suspend to the encrypted volume, and then stash the ephemeral
encryption key in nvram.  Upon resume, read the key from nvram into main
memory, clear the nvram, and restore from the encrypted volume.  This
isn't perfectly secure (an attacker with both the disk and the nvram can
recover your memory from the suspend file) but it is a significant win
against an attacker who physically removes the hard disk.



So i think we ought to outline the steps that need to be taken to make
this happen by default.  Which pieces need to be updated, and how?

#795735#35
Date:
2017-10-20 06:46:39 UTC
From:
To:
[...]

For clarity, when I stated that, I wasn't using it as an argument
against enabling encryption of the swap partition by default; it's just
that saying "there is no performance impact when doing something extra"
is objectively wrong. The performance impact may be negligable; but when
you need to do more work, you need to actually do it and there will be
an impact. It will not matter in the common case, but there will be
exceptions where it will matter, and therefore we need to continue
supporting that.

Pet peeves, I suppose.

The initramfs code that does the actual resume should be updated to read
the key from wherever it was written.

On systems that don't have writable nvram, we could still support both
encrypted swap and suspend-to-disk provided the system has an
alternative location to write that session's encryption key to (which
I'll inaccurately call "the session key" for now -- it's not really a
session key, but it's close enough).

If the kernel needs to read the session key, then it can't be on a
partition that needs to be live. The initramfs would need to mount that
partition to be able to see whether there is a session key that needs to
be used to do the resume-from-disk, which would cause a journal replay;
that would invalidate the suspended image. What we could do, however, is
if the user has a separate /boot partition, to make the "suspend" script
write the session key to a well-known file in that partition, and then,
just before actually doing the suspend, *unmounting* the /boot
partition. The resume code in the initramfs could then mount the /boot
partition and figure out if there is a session key; if there is, it
would read the key, unmount the partition again, and then proceed to
decrypt the swap partition and resume the system.

If a user installs a system with encrypted swap but no separate /boot
partition, the suspend-to-disk code could/should then produce an error
message to the effect that the user needs to either disable encrypted
swap, or create a separate /boot partition. If partman is then also
updated to default to having a separate /boot partition, we would be
able to support encrypted swap as well as suspend-to-disk virtually
anywhere.

On a side node, if the system has a TPM that is not disabled, we should
also attempt to encrypt the session key (regardless of where it is
stored) using the TPM. That way, an attacker who gains access of the
hard disk and the (encrypted) session key but not the system itself
cannot decrypt the swap partition, since a TPM is supposed to not allow
keys to be removed from it.

#795735#40
Date:
2017-10-20 06:46:39 UTC
From:
To:
[...]

For clarity, when I stated that, I wasn't using it as an argument
against enabling encryption of the swap partition by default; it's just
that saying "there is no performance impact when doing something extra"
is objectively wrong. The performance impact may be negligable; but when
you need to do more work, you need to actually do it and there will be
an impact. It will not matter in the common case, but there will be
exceptions where it will matter, and therefore we need to continue
supporting that.

Pet peeves, I suppose.

The initramfs code that does the actual resume should be updated to read
the key from wherever it was written.

On systems that don't have writable nvram, we could still support both
encrypted swap and suspend-to-disk provided the system has an
alternative location to write that session's encryption key to (which
I'll inaccurately call "the session key" for now -- it's not really a
session key, but it's close enough).

If the kernel needs to read the session key, then it can't be on a
partition that needs to be live. The initramfs would need to mount that
partition to be able to see whether there is a session key that needs to
be used to do the resume-from-disk, which would cause a journal replay;
that would invalidate the suspended image. What we could do, however, is
if the user has a separate /boot partition, to make the "suspend" script
write the session key to a well-known file in that partition, and then,
just before actually doing the suspend, *unmounting* the /boot
partition. The resume code in the initramfs could then mount the /boot
partition and figure out if there is a session key; if there is, it
would read the key, unmount the partition again, and then proceed to
decrypt the swap partition and resume the system.

If a user installs a system with encrypted swap but no separate /boot
partition, the suspend-to-disk code could/should then produce an error
message to the effect that the user needs to either disable encrypted
swap, or create a separate /boot partition. If partman is then also
updated to default to having a separate /boot partition, we would be
able to support encrypted swap as well as suspend-to-disk virtually
anywhere.

On a side node, if the system has a TPM that is not disabled, we should
also attempt to encrypt the session key (regardless of where it is
stored) using the TPM. That way, an attacker who gains access of the
hard disk and the (encrypted) session key but not the system itself
cannot decrypt the swap partition, since a TPM is supposed to not allow
keys to be removed from it.

#795735#45
Date:
2017-10-20 09:36:37 UTC
From:
To:
even if the user suspends to RAM, the key will stay in memory, which is
can be pretty bad (as it can be taken from there via hardware tools).
so the idea came up to create a small chroot in memory, unmount the disk
on suspend, throw away they key and chroot in there. Then upon resume they
ey needs to be entered again, to unlock the disk. See these URLs for more
information on this:

https://github.com/QubesOS/qubes-issues/issues/2890
https://askubuntu.com/questions/95625/suspend-to-ram-and-encrypted-partitions
https://github.com/jonasmalacofilho/ubuntu-luks-suspend

I'd love to see this for Debian!