Add support for bitlocker

[gsgrippal]

Add bitlocker support to udevadm

http://www.forensicswiki.org/wiki/BitLocker_Disk_Encryption

[gsgrippal]

Also to fdisk and all the other tools within this project.

[karelzak]

Do you mean detection of the bitlocker signatures on the block devices?

[stikonas]

@karelzak Yes, gsgrippal meant detection of signature. Right now GParted has some custom code in src/GParted_Core.cc (function GParted_Core::detect_filesystem_internal) to detect bitlocker block devices and gsgrippal also wants KDE Partition Manager to detect bitlocker too. Yet instead of duplicating that code I think it's better for it to just live in blkid, so that it can be shared.

[karelzak]

Test images: https://github.com/e-ago/bitcracker/tree/master/Images

[gsgrippal]

I want that in the future nautilus and KDE dolphin can automatically display the encrypted device in the left panel, similar to this, so it just prompts for the password to mount it like any other device:

[stikonas]

@gsgrippal Neither support in util-linux nor in KDE Partition Manager will make it appear in Dolphin. If I remember correctly, you'll also have to ask Solid project.

For comparison, LUKS2 is supported by util-linux and support in KDE Partition Manager is improving (e.g. I can unlock it there) but Dolphin or KDE Device notifier can't mount LUKS2 volumes.

[gsgrippal]

@stikonas ok I know that. What I don't know is if dolphin or kde device notifier use util-linux to detect media, or they do like gparted and just fetch data with their own methods.

[stikonas]

@gsgrippal. No, not own methods. I think Solid and udisks2 as Solid backend. But dolphin wouldn't show it there anyway if it can't mount it. Don't think many distributions ship bitlocker FUSE module.

[gsgrippal]

@stikonas no distro ships with dislocker, and almost the same for veracrypt/truecrypt/apple filevault.

if dolphin doesn't do that, it may need improvement. Currently, Windows 10 automatically detects when a volume is bitlocker partially/totally encrypted (you can pause encryption/decryption process and resume after a reboot).

It also shows a different symbol depending if it's locked or unlocked (either by user entering password or auto-unlock at os boot):

The volume name can only be obtained once it's decrypted.

[stikonas]

@gsgrippal well, of course windows detects is own proprietary encryption method. On the other hand it does not detect LUKS partitions.
As for truecrypt/veracrypt, you aren't exactly right. All distros ship cryptsetup which can open tcrypt, veracrypt and luks volumes.

[gsgrippal]

@stikonas I was not sure about the cryptsetup thing so I said "almost the same..."

If I install LibreCrypt (https://github.com/t-d-k/LibreCrypt) on Windows 10, will it be auto-recognize from My Computer like dislocker volumes, or do I have to manually mount them like Veracrypt?

[stikonas]

@gsgrippal I don't know. I don't use Windows.

[karelzak]

I have added BitLocker detection, for Win7 version:

./blkid -p -o udev /dev/loop1p1
ID_FS_VERSION=2
ID_FS_TYPE=BitLocker
ID_FS_USAGE=crypto
ID_PART_ENTRY_SCHEME=dos
ID_PART_ENTRY_UUID=bef26573-01
ID_PART_ENTRY_TYPE=0x7
ID_PART_ENTRY_NUMBER=1
ID_PART_ENTRY_OFFSET=128
ID_PART_ENTRY_SIZE=75776
ID_PART_ENTRY_DISK=7:1

BitLockerToGo:

./blkid -p -o udev /home/kzak/Downloads/imgWin7
ID_FS_VERSION=2
ID_FS_TYPE=BitLocker
ID_FS_USAGE=crypto

Unfortunately, it's without LABEL and UUID. The Win7 BitLocked is based on NTFS header, but it does not use volume_label and volume_serial from the header. Maybe for BitLockerToGo would be possible to use LABEL from FAT superblock, not sure.

Anyway, libblkid cannot be used to unlock the device, it's just detection library. You need to use another tools (https://github.com/libyal/libbde ?) to unlock the device.

The ideal solution would be to follow what we have for LUKS, udevd (by libblkid) detects BitLocker and then (for example systemd) asks for key/password.... but this is out of libblkid :-)

Note that lsblk reads information from udev db, with the bitlocker detection you will see "BitLocker" as FSTYPE (e.g. lsblk --fs).

[gsgrippal]

@karelzak dislocker supports AES-XTS, which is the one I have on my Windows 10 and dislocker works fine with it, while libbde seems a work in progress...
https://github.com/Aorimn/dislocker

[gsgrippal]

Also I think could provide more information, for example if the volume is 100% encrypted or not, or other parameters.

manage-bde status

[karelzak]

I have no clue what is better for BitLocker, I have no Windows, I don't use BitLocker at all ;-)

[stikonas]

Isn't extra info for LUKS provided only by cryptsetup, not by util-linux. In that case I would say same applies to bitlocker.

[mhogomchungu]

Google search led me here when i was searching to find out of blkd supports bitlocker signature detection.

For those interested in managing bitlocker volumes using a GUI tool, I have a project called "zuluCrypt"[1] and i am working[2] on adding support for bitlocker volumes using "dislocker"[3] backend.

[1] https://mhogomchungu.github.io/zuluCrypt/

[2] mhogomchungu/zuluCrypt#109

[3] https://github.com/Aorimn/dislocker