From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Mon, 15 May 2017 15:57:02 +0200 (CEST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v4FDrXlg139126 for ; Mon, 15 May 2017 09:57:00 -0400 Received: from e06smtp13.uk.ibm.com (e06smtp13.uk.ibm.com [195.75.94.109]) by mx0a-001b2d01.pphosted.com with ESMTP id 2afb6p0f29-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 15 May 2017 09:57:00 -0400 Received: from localhost by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 15 May 2017 14:56:57 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v4FDutS216056820 for ; Mon, 15 May 2017 13:56:55 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4D648A4053 for ; Mon, 15 May 2017 14:55:31 +0100 (BST) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 47B0AA404D for ; Mon, 15 May 2017 14:55:31 +0100 (BST) Received: from lynx.boeblingen.de.ibm.com (unknown [9.152.212.20]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTPS for ; Mon, 15 May 2017 14:55:31 +0100 (BST) Received: from brueckh by lynx.boeblingen.de.ibm.com with local (Exim 4.89) (envelope-from ) id 1dAGUY-0005UI-O7 for dm-crypt@saout.de; Mon, 15 May 2017 15:56:54 +0200 Date: Mon, 15 May 2017 15:56:54 +0200 From: Hendrik Brueckner References: <20170427150902.GA13598@linux.vnet.ibm.com> <1e315fda-40da-8ea8-020e-0cb34f2c4207@eschenberg.eu> <20170428072222.GA25628@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170428072222.GA25628@tansi.org> Message-Id: <20170515135654.GA11194@linux.vnet.ibm.com> Subject: Re: [dm-crypt] Managing wrapped key ciphers with cryptsetup List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Fri, Apr 28, 2017 at 09:22:22AM +0200, Arno Wagner wrote: > I think hardware-specific stuff has no place in cryptsetup. > Get a kernel-driver and then create a wrapper that feeds > the key to cryptsetup, anything else is a bad design. That's actually what we did with the paes reference implementation. There are kernel drivers that abstract the HSM-specifics. From a user perspective, for example, cryptsetup, the secure (wrapped) key is passed to the paes cipher (in-kernel crypto API). The paes cipher uses information from the secure key to find a HSM that is capable to perform crypto operations with that key. There is no need for the user to perform any HSM action. I am about to reply on Sven's mail, covering some more details that I do not want to repeat here. > > And if you want a system that is secure against root, then > do not use Linux. Seriously. Of course, if users becomes root (or gain superuser capabilities), they are able to access the data and obtain the wrapped key. Secure keys (the wrapped keys with that we deal) cannot be un-wrapped. That means, at least, root cannot obtain the inner clear key. So with the wrapped key concept, you can harden your environment against offline attacks. With the wrapped key support, you also get a 2-factor-authorization for free: there is something to know, that's the passphrase, and there is something you own, that's the HSM. Only if both factors are there, you can decrypt the data. Thanks and kind regards, Hendrik -- Hendrik Brueckner brueckner@linux.vnet.ibm.com | IBM Deutschland Research & Development GmbH Linux on z Systems Development | Schoenaicher Str. 220, 71032 Boeblingen