Transparent disk encryption in *BSD this year

Lucky Green shamrock at cypherpunks.to
Thu Jun 6 22:59:53 EDT 2002


FYI,
The author of GEOM has recently added the first strawman crypto provider
to the FreeBSD 5.0 drive/partition manager offered by the new UFS2 file
system.

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/geom_aes.c?rev=1.1&co
ntent-type=text/x-cvsweb-markup

Yes, I know it is a modest start. But given how much interest there has
been on the Net in transparent drive encryption, those familiar with
*BSD and inclined to provide constructive feedback, ideally in the form
of source code patches, are greatly encouraged to do so.

Those who lack the time to write code, but can read C and understand
crypto, are encouraged to look over the existing code and cryptographic
assumptions made in the code at the URL above to provide feedback on the
security of the system. (Please email the author directly rather than
emailing me).

--Lucky

> -----Original Message-----
> From: owner-cypherpunks at lne.com
> [mailto:owner-cypherpunks at lne.com] On Behalf Of Lucky Green
> Sent: Sunday, April 28, 2002 12:37 AM
> To: cypherpunks at lne.com
> Cc: 'Peter Gutmann'
> Subject: Transparent disk encryption coming this year 
> [was:RE: disk encryption modes]
> 
> 
> I would like to direct anybody's attention who is interested
> in transparent drive encryption to GEOM, which will be a 
> native feature of FreeBSD 5.0.
> 
> GEOM is a project that is slated for inclusion in the release
> of FreeBSD 5.0, a major upgrade to FreeBSD that has been 
> years in the making, due out by the end of the year. Based on 
> my understanding of what GEOM does, which may be imperfect, 
> GEOM provides a transparent middle layer between the actual 
> physical drives and what the OS thinks those drives are. For 
> example, the OS may believe it is using two UFS partitions on 
> the same IDE drive when in fact the actual drives used are 
> one hard drive formatted for Linux, one MS-DOS drive, and 
> some Solaris partition mounted over NFS. The OS or the 
> application will be completely isolated from the physical 
> hardware of the drives and the actual file systems on the drives.
> 
> The benefits are compelling: you can simply add another drive
> and tell your OS that one of the partitions that it is using 
> has just magically become much larger. Or move all the data 
> over to a RAID without your OS ever changing the device entry 
> it is talking to. As I said, totally transparent.
> 
> I believe that GEOM will become widely adopted, just as Soft
> Updates became widely adopted within months of its inclusion 
> in FreeBSD, because it is simply so compelling.
> 
> Of course this magic requires various behind-the-scenes
> "transformations". One of such transformations that the 
> author is explicitly targeting is transparent encryption. And 
> that's not just encryption of blocks on the file system or 
> via some kludgy loop back interface. If this gets implement 
> right, if you were to look at the physical drive, you 
> shouldn't even be able to tell how many files there are, or 
> for that matter how much data is stored on the drive.
> 
> Currently, GEOM is being written by a single guy in Denmark.
> Which sounds perhaps more crazy than it might be, because 
> Soft Updates, IIRC, was written by one person as well. The 
> guy seems real, has a grant for the project, and is an active 
> member of the FreeBSD team.
> 
> If you feel comfortable with running FreeBSD-CURRENT, which
> was just released as a Developer Preview 1 build, are 
> familiar with at least some file systems, and are interested 
> in seeing transparent drive encryption deployed on hundreds 
> of thousands of machines worldwide by the end of the year, I 
> would encourage you to visit 
> http://phk.freebsd.dk/geom/ and read the geom man page found 
> on the FreeBSD web site.
> 
> --Lucky
> 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list