On 2017-02-06, Tinker <ti...@openmailbox.org> wrote: > The following is for AMD64 though I'd guess that a similar approach > would be possible on other platforms also. > > The boot sequence with MBR is: > > MBR: Load PBR (unencrypted) > > PBR: Load /boot (encrypted)
/boot is not encrypted. In fact, with root on softraid, there is no such file /boot. Since it needs to fit into 512 bytes, the biosboot(8) code in the PBR is very simple. It contains a hardcoded pointer where to find boot(8). Without softraid, installboot(8) installs /usr/mdec/boot as /boot, and /usr/mdec/biosboot into the PBR and patches it with the necessary information where to find /boot. At the start of a softraid partition there is a metadata area that holds various information about the softraid volume. This area includes reserved space for boot strapping: 320*512 bytes for the boot loader (plus 128*512 bytes for a boot block, unused on x86). See /usr/include/dev/softraidvar.h. This is outside any file system. With softraid, installboot(8) installs /usr/mdec/boot into the boot loader space of the softraid partition, and /usr/mdec/biosboot into the PBR and patches it with the necessary information where to find the boot loader. The PBR loads boot(8), unencrypted. The boot loader then assembles the softraid volume, which for a crypto volume includes asking the passphrase or locating the key disk. Once the crypto volume is unlocked, the boot loader proceeds to load /etc/boot.conf and typically the kernel from the 'a' partition there. The important points to remember are: * boot(8) is stored unencrypted. This should be kind of obvious because it contains the code required to access the softraid volume. * A passphrase or key disk are required BEFORE /etc/boot.conf is read. Softraid crypto is intended to guard against cases where your laptop is stolen, or you send it in for repair, or you throw away the disk. If you expect an attacker to be able to repeatedly access the encrypted data or to modify disk contents, you're in trouble. Apart from the subverted boot loader you are worried about, there are fundamental concerns about the ability of XTS encryption to defend against such attacks. Google keywords: XTS malleability. -- Christian "naddy" Weisgerber na...@mips.inka.de
