Date: Thu, 9 Oct 2014 10:13:30 -0400 From: "Michael W. Lucas" <mwlucas@michaelwlucas.com> To: questions@freebsd.org Subject: GBDE protecting the user? Message-ID: <20141009141330.GA5655@mail.michaelwlucas.com>
next in thread | raw e-mail | index | archive | help
Hi, Been playing with GBDE a while, trying to make it protect me. One of the features of GBDE is that it should "provide tangible feedback" that the data has been destroyed. (See PHK's paper at http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf, section 4.1.) The man page doesn't mention this, so what the heck, I decided to play with it. Creating GBDE devices is very simple. # gbde init /dev/gpt/encrypted -L /etc/encrypted.lock I created a filesystem, mounted it, put files on it, unmounted. There's two operations to wipe out a GBDE: nuke and destroy. Nuke looks like the right thing. I nuke all the keys: # gbde nuke gpt/encrypted -l /etc/encrypted.lock -n -1 Enter passphrase: Opened with key 0 Nuked key 0 Nuked key 1 Nuked key 2 Nuked key 3 # gbde attach gpt/encrypted -l /etc/encrypted.lock Enter passphrase: # The .bde device isn't there, and my filesystem is gone. But I received no confirmation that the keys were destroyed. I also didn't get a message that the device couldn't be attached, although it clearly isn't. Fine. Let's try gbde destroy. gbde init /dev/gpt/encrypted -L /etc/encrypted.lock Enter new passphrase: Reenter new passphrase: # gbde destroy gpt/encrypted -l /etc/encrypted.lock Enter passphrase: Opened with key 0 # gbde attach gpt/encrypted -l /etc/encrypted.lock Enter passphrase: # The device isn't attached, it just fails silently. Did I misunderstand the GBDE functionality? Am I missing something daft? Has this code just decayed with GELI's arrival? Thanks, ==ml -- Michael W. Lucas - mwlucas@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141009141330.GA5655>