-- this is a raw text file of how to make a whole disk cgd encryption, on thinkpad (netbsd). i will make a better doc and howto of this as soon as possible -- whole disk encryption with cgd here i convert an existing system to a full cgd encrypted disk. disk scrubbing first, we need to dump the existing partitions so we can restore them later, through a cgd with encryption as data will be written. we will move from several partitions (/, /usr, /var, swap) to two partitions : uncrypted / with kernel and a few config files, and a partition that will cover the rest of the disk, fully encrypted using CBC mode (xoring data to prevent any patterns occuring from separated encryption of each sector) and using a strong algorithm and symetric encryption. three ciphers are available : 3des-cbc (no way), aes-cbc and blowfish-cbc. blowfish kicks ass but since it's not twofish i will go with aes. using a big 256 bits key and symetric mode it will really kick ass. now as verification method, it depends of your level of paranoia. if you select no verification, any wrong passphrase use will destroy the data on disk. so any hacker wanabee trying to access your data will have to backup disk for any decryption/passphrase tries because on first error, cgdconfig will configure the cgd device as normal but data which was available on the volume will be destroyed (blocks will be decrypted with the wrong key, resulting in random data, and disklabel regeneration with that key will destroy any further access to disk). now we get to business. we are going to keep a 1 gb / filesystem, encrypted. it will store the kernel compiled with cgd support, init, cgconfig and the rc.d scritps to configure cgd. everything else will be symetric-encrypted with aes 256 bits. we are not only going to destroy the partitions and recreate them in a virtual FFS filesystem inside the cgd, but we are also going to scrub the disk with a random-key and symetric encryption so data stored on the disk won't be discernable from real data also recorded there (that's why you don't scrub with zeroes because it creates a line between real data even enciphered, and non used parts of the disk) we boot the system. mine is configured as follows : x30# fdisk wd0 Disk: /dev/rwd0d NetBSD disklabel disk geometry: cylinders: 193821, heads: 16, sectors/track: 63 (1008 sectors/cylinder) total sectors: 195371568 BIOS disk geometry: cylinders: 1023, heads: 240, sectors/track: 63 (15120 sectors/cylinder) total sectors: 195371568 Partition table: 0: NetBSD (sysid 169) bootmenu: NetBSD start 63, size 193248657 (94360 MB, Cyls 0-12781), Active 1: 2: 3: IBM Thinkpad hibernation (sysid 160) start 193248720, size 2116800 (1034 MB, Cyls 12781-12921) Bootselector disabled. x30# disklabel wd0 # /dev/rwd0d: type: unknown disk: SAMSUNG HM100JC label: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 193821 total sectors: 195371568 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg/sgs] a: 2097648 63 4.2BSD 2048 16384 21872 # (Cyl. 0*- 2081*) b: 2097648 2097711 swap # (Cyl. 2081*- 4162*) c: 193248657 63 unused 0 0 # (Cyl. 0*- 191714) d: 195371568 0 unused 0 0 # (Cyl. 0 - 193820) e: 186954768 4195359 4.2BSD 2048 16384 28888 # (Cyl. 4162*- 189633*) f: 2098593 191150127 4.2BSD 2048 16384 21912 # (Cyl. 189633*- 191714) everything except /dev/wd0a is going to be replaced with one partition. best is to get single user mode, and dump partitions to another system (make it reliable...) and later we will restore data. the rules are easy : move to single user mode by sending a kill to init (kill 1). once is single user mode, umount each partition to dump and dump it. the default GENERIC does not have the cgd pseudo device active, so i compile a new kernel where i turn on 2 things : apm0 (it's a laptop and i need apmd) pseudo-device cgd (the number, 4, tells how many cgd can be configured at the same time. 2 should be enough : one for disk, one for the compact flash reader on left side of thinkpad, so keeping 4 is far enough) cd /usr/src/sys/arch/i386/conf cp GENERIC X30CGD echo "apm0 at mainbus0" >> X30CGD echo "pseudo-device cgd 4" >> X30CGD config X30CGD cd ../compile/X30CGD make depend && make && cp netbsd / reboot i reboot on the new kernel with cgd support and keep going : as soon it's booted, i get into single user mode and umount everything except / and dump each partition. kill 1 (switch to first console, enter to get sh running) fdisk wd0 > yourfisk disklabel wd0 > yourdisklabel (save those somewhere) dump -0 -f x30var /dev/wd0f dump -0 -f x30usr /dev/wd0e (ftp upload of both files to another system) (using /rescue/ftp) now we configure gcd with a random key to scrub the rest of the disk (we use disklabel to remove those partitions) disklabel -i wd0 (we remove everything but wd0a) we create a new partition just after wd0a using all free space, with type ccd (we won't use it, but we need something to identify the partition as non ffs) size offset fstype a: 2097648 63 4.2BSD c: 193248657 63 unused d: 195371568 0 unused e: 193273857 2097711 ccd we fill it with random data : # cgdconfig -s cgd0 /dev/wd0e aes-cbc 128 < /dev/urandom # dd if=/dev/zero of=/dev/rcgd0d bs=32k (if cgdconfig does not have enough random bits, just type some random keys on keyboard until you get the prompt back for the dd) * this takes a long time. i did use it over a >90 Gb partition and it took over 120 minutes * our /dev/zero will get transformed into random data using aes-cbc with a random key and cbc mode for XORing with previous sectors. once done, we destroy the random key used : cgdconfig -u cdg0 now we can create our cgd and fill it with our virtual disklabel (well it wont really be virtual, let's just say it's inside the cgd) next step we build the cfg config file : cgdconfig -g -V disklabel -o /etc/cgd/wd0e aes-cbc 256 (the -V option is the verification done, use none if you want data to be destroyed on first bad attempt at password. for the very paranoid...) the file contains the random salt, there's one for each cgd passphrase keep this file safe : if you lose it, even with the good passphrase you wont be able to read the disk data anymore. # cat /etc/cgd/wd0e algorithm aes-cbc; iv-method encblkno; keylength 256; verify_method disklabel; keygen pkcs5_pbkdf2/sha1 { interations ; salt ; }; (i have removed my iterations and salt values here) this creates a config file in /etc/cgd/wd0e which contains information required to mount the partition. the deciphering key is a mix of your passphrase and a random salt stored in this file. so to load the enciphered partition you require both the salt and the correct passphrase. this makes it interesting when it comes to removable media. now you enter the passphrase. twice so there's no mistake : cgdconfig -V re-renter cgd0 /dev/wd0e disklabel -I -i /dev/cgd0 Note : disklabel will complain about an invalid signature in mbr record 0. Keep going. (recreate all your required partitions including swap. and make sure the /tmp is set to MFS so nothing used in /tmp gets to disk) my cgd0 contains a swap, var and usr tmp will be MFS over swap cgd0b and /home is a link to /usr/home use newfs on each new cgd0X partition recreated # newfs /dev/cgd0e # newfs /dev/cgd0f and restore data you saved using restore (i just restored /var and /usr) we create a new fstab now, and it's almost the same thing as before except we replace wd0 by cgd0 with / on wd0a and swap, tmp, var and usr inside the cgd0. /dev/wd0a / ffs rw,softdep 1 1 /dev/cgd0b none swap sw 0 0 /dev/cgd0b /tmp mfs rw,-s=128m 0 0 /dev/cgd0e /var ffs rw,softdep 1 2 /dev/cgd0f /usr ffs rw,softdep 1 3 (my /home is set to /usr/home) because vi was complaining about the TERM i just moved the old one from fstab to fstab.old and created the new one using echo :" cd /etc ; mv fstab fstab.old echo "/dev/wd0a / ffs rw,softdep 1 1" > fstab echo "/dev/cgd0b none swap sw 0 0" >> fstab echo "/dev/cgd0b /tmp mfs rw,-s=128m 0 0" >> fstab echo "/dev/cgd0e /var ffs rw,softdep 1 2" >> fstab echo "/dev/cgd0f /usr ffs rw,softdep 1 3" >> fstab cd / ; mount -A cd /usr ; mkdir temp ; ln -s /usr/tmp /tmp restore -r -f /x30usr && rm /x30usr && rm restoresymtable cd /var ; restore -r -f /x30var && rm /x30var && rm restoresymtable cgd must be configured as soon as possible, especially before any fsck could happen if required. cd /etc/cgd echo "cgd0 /dev/wd0e" > cgd.conf echo "cgd=YES" >> /etc/rc.conf now is the moment of truth : shutdown -r now since the swap is inside the cgd0 even if there's sensitive information inside, it's enciphered. but if you already have a swap partition and want to keep it, it is possible to generate a random enciphering key on each boot you will feed blowfish with here you have a /, a wd0b as swap and wd0e as cgd0 with everything else inside we create a config file for wd0b : cgdconfig -g -o /etc/cgd/wd0b -V none -k randomkey blowfish-cbc with a random key, you must use none as check because since each key is random and lost on reboot, it's no use trying to check for something on wd0b (and it's swap) now the trick is we have to recreate the disklabel for wd0b on each boot. so we have to put a disktab format line for wd0b inside /etc/cgd/wd0b.disklabel which contains, for example : "/dev/wd0b none swap sw 0 0" otherwise swapctl will say the swap device is not marked as such. now you have to create a script. save the following contents inside "/etc/rc.conf.d/cgd" : swap_device = "cgd1" swap_disklabel = "/etc/cgd/wd0b.disklabel" start_postcmd = "cgd_swap" cgd_swap() { if [ -f $swap_disklabel ]; then disklabel -R -r $swap_device $swap_disklabel fi } And you can do the same for /tmp if you don't want to keep it MFS inside the cgd0.