Date: Mon, 30 Dec 2013 14:07:14 -0800 From: Xin Li <delphij@delphij.net> To: Isaac Huff <ihuff@dermpathlab.com>, freebsd-geom@freebsd.org Subject: Re: GELI safe to reboot without detach? Message-ID: <52C1EE92.1020704@delphij.net> In-Reply-To: <CAAUAkdpgcbk_0EKGH7HYQ-gJ52rissfTABobwKhDzRHzeRpm2A@mail.gmail.com> References: <CAAUAkdpgcbk_0EKGH7HYQ-gJ52rissfTABobwKhDzRHzeRpm2A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 12/30/13 13:40, Isaac Huff wrote: > Is it necessary from a reliability and/or security standpoint to > detach GELI volumes before rebooting? Specifically, if I unmount > the filesystem, but do not detach (and disable auto-detach) - do I > risk data corruption or leakage of private keys during a normal > reboot process? Data corruption -- no. geli(4) does not rewrite its metadata at runtime unless when doing rare operations like rekey, etc., so you don't have a lot of chance overwriting them. Leakage of private keys -- depends, but in most cases no. What 'geli detach' does is essentially wiping out the in-core copy of private key. By rebooting without detaching, it is possible that geli(4) leave the private key in memory. Note that this in most scenarios do not necessarily facilitate an actual attack because on most systems the BIOS would zero out all physical memory on boot, even when it doesn't, the booting OS has to be very careful not to reuse these memory in order to be able to retrieve the encryption keys. > Are there any risks at all to rebooting without detach? I have > been searching the list archives and can't seem to find a statement > either way. In theory, it's possible that a compromised BIOS or boot sector would be able to get your geli(4) keys if there is no detach prior to reboot. However I wouldn't be too concerned with this because that means your operating system is likely to be compromised already, too, and injecting code there is much easier than dumping all memory then find out the secret. That's ssaid, not detaching geli provider is not a very good idea but the consequence for average people is very limited. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSwe6SAAoJEJW2GBstM+ns4/8P/1ZB+EeqnhLdj8Bb2UQShRCC x9lXaFasS6kDjiVZ5Ssm3Q0/18MVFqfGNEf7dt+M6666+xl44mRDYI4AFV8ZLSq8 5INq9kt5tZdes4NP4+0R3HBFxPevoPNDxJ6Bincl6ydLTmNGSHy9eQqGfhYke6Mw 0GZnYMEfn8bnaz53wIAZe4dlYphWJGS67XmhlWUIvV21RvAE6lIrAsLKv8NCu8d2 st2jexAntC/pBOc+ZGVLI7qkWT/gNeMl2QetF0e2u2PxXXaMaZScADhJrkrrEC7f sWpxWd6F86hW3qaYtYZ+IwcYJmMZkdjHJgXtbDPkYZ/LuW2/3ZuOdC4ui2YFHxJY PxRkzaGon0fAdD8LM328DFdf6VC3Dq3FvKSMMXnWFB7p/3XmaAGQ4t1d997Kl6BZ rL0Le6MjqJ7Tg3025YB/iGe4/Ddf/c5xvgHYtouPDDzD3h50aK454G7Gasm3izUh pPjsT4IHD6hPPGL7oeuWSc1bzJPCyavnSdOXzdpDUxRfq1Zk8f+SXaKkA/DGdPlk XFxag7G8LPqQDseZ46Bc+/1uxIp5ufO+wgF+9tvn87AFTQFSD4S8dyR/esyqofI1 UOh3fIjeY+uEhRPSeqY4iHZWUP2vEI7oO1m+4T0yB04HOkjm+poNsdyBfL3aPsTv +O+FxD7zz4KoSNgu5LeQ =QRco -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52C1EE92.1020704>