VerySecureLUKS

Damjan Georgievski edited this page Oct 28, 2018 · 1 revision

Very Secure LUKS

… for unattended boots of home servers.

Even when using https://gitlab.com/cryptsetup/cryptsetup/wikis/home to encrypt your root (/) partition, this still requires the kernel and initramfs on an unencrypted /boot partition. And LUKS requires a key or a passphrase to unlock your root partition.

If you leave that key/passphrase on /boot, stealing and reading your hard-drive will reveal the key, and foil the protection of LUKS.

If you don't, you have to be physically present when you computer boots. That's fine for laptops, not acceptable for a home server.

I want my home server to boot unattended, but if it (the server or just the hard-drive) is stolen it shouldn't be possible to read the contents from the hard-drive. If it's stolen and returned, it also shouldn't be possible to foil me into revealing my passphrase or key (but perhaps SecureBoot is a good enough solution against this attack).

LUKS on a home server

So the idea is to make a physically unmovable device that securely provides the LUKS key, but is destroyed (or rendered inoperative) as soon someone tries to move your server. In a more professional environment you'd put the whole server in a vault. But let's try and do something simpler.

  • device plugs to usb for host communication (or pci/pcie?)
  • stores the key for LUKS
  • DH communication to foil passive overhearing of the key
  • has battery to detect attacks when there's no power
  • detects if usb is tampered with (a mitm attack)
  • detects if it's physically moved away (a securely affixed lanyard)

Some other interesting LUKS projects

Don't forget

  • Have a backup of the LUKS header
  • Have a backup passphrase for the LUKS volume if this fragile scheme fails :)

Other attacks

This doesn't help against:

  • freezing the ram memory and extracting your keys (I'm thinking of heaters around the ram)
  • connecting directly to the motherboard or cpu, somehow debugging them … not yet, maybe the device should just sense proximity of attackers, and shutdown the pc, and self-destruct
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.