The move to Linux - encrypted disk, comments
One of the standards which has become common in the U.S. federal sector requiring that all mobile devices such as laptops, drives have encrypted. This was led by personal information in the supposed a direct result of a series of laptop theft earlier in the Decade, leaking. As former Federal contractor, I saw a number of successful and not successful methods implemented and deployed. Some led to real privacy and some led to wonderful bricks. In some cases on a regular basis (daily read).
One of the more successful tools is the trust Platform Module (TPM)-chip. If implemented correctly, you can improve the encryption ensure that even if your disk is removed from your laptop, it is still safe and greatly improved security. So, you imagine my surprise when the private sector, that my new company has no policy for encryption of laptops, even though almost everyone in society has a rejoining.
I was a brand new Dell with a TPM chip and Windows XP on it. Of course, the first thing I did was download a copy of Fedora and set about reformatting the machine, including the establishment of TPM and ext4 install and enable Linux hard disk encryption and went along my cheerful manner, not really thinking about it. That was six months ago.
Like most laptop users if disk space is low, you have two options. Replace the hard drive with a larger and newly install or a larger disk cloning. After only six months I was tired to do a reinstall, so I decided I would go the clone route. But wait I had protected a TMP, encrypted drives. How should was I to do this? This was certainly a routine sort of thing. So I set out to the Internet and did some research. And what I discovered underwhelmed. Essentially, while there are with a number of websites that tell you how you your hard drive (something) to clone, I'm very familiar, there are almost none to speak about the problems of encryption. That left me in a bit of a dilemma.
I finally decided to give it a shot, and hope I could make it work. The first question was, what tool to use. I decided to go with dd, because it not a bit for bit copy, rather than access to the file system need. This is important because the disk for the most part, is encrypted.
The other decision I made, remove the disk from the machine and put it in a cage and the second disk in a cage as well. I then booted the diskless machine with a LiveCD (I used Fedora 14 desktop) and the hard drives. Sure enough have my encrypted hard drive popped up and I have a warning indicating that it was encrypted. I canceled the option my password entering and my second hard drive connected and get to work, to do the copy.
I moved some 150 GB disk from one computer to another via USB. It took close to 10 hours to do this successfully. So while dd, there are probably faster alternatives. Your mileage may vary.
After the copy is successful, I installed the new hard disk, pushed the power button and out my fingers crossed. I am happy to report that fired up, and after a successful password to decrypt the drive itself and I was back in business.
But wait a minute.... Yes, what's with the TPM chip? Keep in mind that a TPM chip to do one of the things that prevent that read from a disk that is me not connected to the system board. I should not only not been able to read I me unable to copy it at all - at least not in some sort of usable form it once mounted in the cage. And I did. Why? Well, that's my leading thought I the module have set up correctly or that Dell has properly it the hard drive to add the additional protection. It is also possible I have installed Linux in a way to use the chip. In both cases while I am getting security through the Linux-based disk encryption, I'm no additional protection from the TPM chip.
These then are the takeaways. You can use dd to successfully copy Linux encrypted drives. And never assume, you are secure unless you test your security. Better yet, have it someone else test. Chances are you are not as secure as you think you are.
These instructions assume, are similar drive types (such as SATA) use, have access to a few cages or disk carrier and a significant amount of time to copy the data.
(1) Remove the floppy disk that you want to use, copy from the system, and place it in a cage. This step is optional.
2. Set your secondary hard drive in a cage.
3. Boot the system with a LiveCD. This allows you to unmount the disk to which you plan to clone, which is crucial for a successful clone.
(4) To open A few terminals. In a terminal Su to root or with sudo execute the following command:
Tail-f / var/log/messages
This will open a current window from your messages file, which is important for the provision, which drives are where and all error messages are logged during the dd process in the console. / var/log/messages is the default location for most operating systems. Check if it is the same for you.
5. Plug in your source drive and watch the log file for the name assigned. For example, it will pop-up if it is a SATA drive and connected there is no other drives most likely as SDB. (If your drive away, it is likely/dev/sda.)
(6) Plug in the second drive and write its name. In my case was it / dev/sdc.
(7) If you need to format the new drive, now is the time. Create a single partition, and ensure that you choose ext4 as the file type. Once the drive is ready, lift providing both drives.
(8) In a terminal as root, run the following:
DD if = source drive from = destination drive
So:
Dd if = / dev/sdb of = / dev/SDC
Go and prepare Thanksgiving dinner (and may get a leg up on Christmas dinner you have a large disk).
(9) Once the copy is complete (and you know, the command prompt because back come), install your new hard drive in your computer and boot it up.
Good luck!
Image by flikr Melvin Schlubman
0 comments:
Post a Comment