Sunday, February 28, 2021

Encrypted home + hibernate: drives states? [ OpenBSD -current ]

Hello!

My current partition setup is as follows (one SSD Disk, using -current
default kernel )
sd0a 100G RAID == bioctl -c C -k sd1a ==> a=/
b=swap

. .....

p=/home (for sysupgrade to

work without troubles)
sd0d 350G RAID == bioctl -c C -C noauto -k sd1d ==> a=/home/mmartin

(BTW, I use duids but for the sake of readers, using dev label here)

* Decryption of sd0a is done automatically at boot time => Perfect

* Decryption of sd0d (not automatically decrypted, see -C noauto),
is done with a modified rc script (just after wsconsctl), but it could be
done in /etc/rc.local (I just don't want to leave my keydisk too long
on my computer, personal preference ... debatable for sure).

I can run suspend (zzz) without any issue (but as I'm using FDE, I prefer not to
use it as encryption would be useless) and hibernate (ZZZ) seem to work
perfectly fine. The only problem I have is understanding in what state is
my sd0d partition.

sd0a is the encrypted root partition, automatically handled by the OS so when
waking from an hibernate state, the usb key needs to be inserted =>
When in hibernate mode, I assume sd0a is encrypted then .. right?

Now, as sd0d is handled manually (in /etc/rc or /etc/rc.local), I
don't really get in
which state it is when in hibernate mode. It doesn't seem to be
encrypted because
the usb key is not needed at wakeup time (or is it?.. but some key is
stored within the
image that is dumped to swap?. My first thought was that unmount /
detaching bioctl
should happen AFTER the system image is dumped to swap (so this cannot be
handled in /etc/apm/* files ... right?).
At the same time, I don't understand HOW it could not be encrypted as
powering off
the laptop (hibernate behaviour) will force bioctl to detach => hence
keep the drive
encrypted while powered off .. right?
Because of that, is there a high risk of getting corrupted data when
waking the laptop
up from hibernate state?

Last thing: If my /home/mmartin partition is not on the same drive or
partition as root,
should I avoid using hibernate if my laptop needs to be securely
powered-off? (swap
is on the encrypted drive sd0a (encrypted twice then but I read on
this mailing list that
the overhead is so low that everyone should do that if using FDE) so
is no factor
for a security breach)

Thank you very much!

PS: I use the -C noauto for my home partition because, IRL, I have a
small password
encrypted partition on the keydisk that, when decrypted, contains the key to
decrypt my home partition. (so automatic decryption is not going to
work for me).

No comments:

Post a Comment