GBDE not protecting the user
Michael W. Lucas
mwlucas at michaelwlucas.com
Fri Oct 10 21:58:56 UTC 2014
[Tried questions@, no answer, and the code contains things I just
cannot trigger.]
Hi,
Been playing with GBDE a while, trying to make it protect me.
One of the features of GBDE is that it should "provide tangible
feedback" that the data has been destroyed. (See PHK's paper at
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf, section 4.1.)
The man page doesn't mention how to make GBDE whine, so what the heck,
let's make it tell me the keys are destroyed.
Creating GBDE devices is very simple.
# gbde init /dev/gpt/encrypted -L /etc/encrypted.lock
I created a filesystem, mounted it, put files on it, unmounted.
There's two operations to wipe out a GBDE: nuke and destroy. Nuke
looks like the right thing. I nuke all the keys:
# gbde nuke gpt/encrypted -l /etc/encrypted.lock -n -1
Enter passphrase:
Opened with key 0
Nuked key 0
Nuked key 1
Nuked key 2
Nuked key 3
# gbde attach gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
#
The .bde device isn't there, and my filesystem is gone. But I received
no confirmation that the keys were destroyed.
I also didn't get a message that the device couldn't be attached,
although it clearly isn't.
Fine. Let's try 'gbde destroy'.
# gbde init /dev/gpt/encrypted -L /etc/encrypted.lock
Enter new passphrase:
Reenter new passphrase:
# gbde destroy gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
Opened with key 0
# gbde attach gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
#
The device isn't attached, it just fails silently. And failing with a
specific complaint is the whole point of GBDE.
Did I misunderstand the GBDE functionality? Am I missing something
daft? Has this code just decayed with GELI's arrival?
Thanks,
==ml
--
Michael W. Lucas - mwlucas at michaelwlucas.com, Twitter @mwlauthor
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
More information about the freebsd-hackers
mailing list