GBDE protecting the user?
Michael W. Lucas
mwlucas at michaelwlucas.com
Thu Oct 9 14:13:38 UTC 2014
Hi,
Been playing with GBDE a while, trying to make it protect me.
One of the features of GBDE is that it should "provide tangible
feedback" that the data has been destroyed. (See PHK's paper at
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf, section 4.1.)
The man page doesn't mention this, so what the heck, I decided to play
with it.
Creating GBDE devices is very simple.
# gbde init /dev/gpt/encrypted -L /etc/encrypted.lock
I created a filesystem, mounted it, put files on it, unmounted.
There's two operations to wipe out a GBDE: nuke and destroy. Nuke
looks like the right thing. I nuke all the keys:
# gbde nuke gpt/encrypted -l /etc/encrypted.lock -n -1
Enter passphrase:
Opened with key 0
Nuked key 0
Nuked key 1
Nuked key 2
Nuked key 3
# gbde attach gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
#
The .bde device isn't there, and my filesystem is gone. But I received
no confirmation that the keys were destroyed.
I also didn't get a message that the device couldn't be attached,
although it clearly isn't.
Fine. Let's try gbde destroy.
gbde init /dev/gpt/encrypted -L /etc/encrypted.lock
Enter new passphrase:
Reenter new passphrase:
# gbde destroy gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
Opened with key 0
# gbde attach gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
#
The device isn't attached, it just fails silently.
Did I misunderstand the GBDE functionality? Am I missing something
daft? Has this code just decayed with GELI's arrival?
Thanks,
==ml
--
Michael W. Lucas - mwlucas at michaelwlucas.com, Twitter @mwlauthor
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
More information about the freebsd-questions
mailing list