Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Very Secure LUKS
… for unattended boots of home servers.
Even when using https://gitlab.com/cryptsetup/cryptsetup/wikis/home to encrypt your root (/) partition, this still requires the kernel and initramfs on an unencrypted /boot partition. And LUKS requires a key or a passphrase to unlock your root partition.
If you leave that key/passphrase on /boot, stealing and reading your hard-drive will reveal the key, and foil the protection of LUKS.
If you don't, you have to be physically present when you computer boots. That's fine for laptops, not acceptable for a home server.
I want my home server to boot unattended, but if it (the server or just the hard-drive) is stolen it shouldn't be possible to read the contents from the hard-drive. If it's stolen and returned, it also shouldn't be possible to foil me into revealing my passphrase or key (but perhaps SecureBoot is a good enough solution against this attack).
LUKS on a home server
So the idea is to make a physically unmovable device that securely provides the LUKS key, but is destroyed (or rendered inoperative) as soon someone tries to move your server. In a more professional environment you'd put the whole server in a vault. But let's try and do something simpler.
- device plugs to usb for host communication (or pci/pcie?)
- stores the key for LUKS
- DH communication to foil passive overhearing of the key
- has battery to detect attacks when there's no power
- detects if usb is tampered with (a mitm attack)
- detects if it's physically moved away (a securely affixed lanyard)
Some other interesting LUKS projects
- https://github.com/shpedoikal/tpm-luks - but this still allows for the whole computer to be stolen
- https://github.com/cornelinux/yubikey-luks - good for laptops, 2-factor LUKS, etc.
- Have a backup of the LUKS header
- Have a backup passphrase for the LUKS volume if this fragile scheme fails :)
This doesn't help against:
- freezing the ram memory and extracting your keys (I'm thinking of heaters around the ram)
- connecting directly to the motherboard or cpu, somehow debugging them … not yet, maybe the device should just sense proximity of attackers, and shutdown the pc, and self-destruct