From: Milan Broz <gmazyland@gmail.com>
To: Coiby Xu <coxu@redhat.com>
Cc: kexec@lists.infradead.org, Thomas Staudt <tstaudt@de.ibm.com>,
Kairui Song <ryncsn@gmail.com>,
dm-devel@redhat.com, Mike Snitzer <snitzer@redhat.com>,
Baoquan He <bhe@redhat.com>, Dave Young <dyoung@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC 0/4] Support kdump with LUKS encryption by reusing LUKS master key
Date: Fri, 18 Mar 2022 14:53:37 +0100 [thread overview]
Message-ID: <a5b9e66c-235b-51dd-234c-b543dbacc464@gmail.com> (raw)
In-Reply-To: <20220318122110.7qjrnrduwytjle3w@Rk>
On 18/03/2022 13:21, Coiby Xu wrote:
...
>> Why is it not done through keyring and forcing kdump to retain key there
>> (under the same keyring key name as dm-crypt used)?
>> Kernel dm-crypt supports this already; LUKS2 uses keyring by default too.
>> That's all you need, or not? Why do you need to add another "kdump:" thing?
>> IOW why kdump cannot copy the key to keyring under the name dm-crypt
>> has in the mapping table and let dm-crypt activate the device almost without
>> code changes?
>
> Sorry, I haven't explained how kdump works. Once the 1st kernel crashes and
> the system boots into the kdump kernel, the kdump kernel only have direct
> access to the memory exclusively reserved for it i.e. the kdump kernel
> loses the direct access to the keyring constructed in the 1st kernel. In
> theory, the kdump kernel could do some "hacking" to find out the key
> stored in the memory directly managed by the 1st kernel but I imagine
> this would be difficult task (imagine I present the memory dump of my
> computer to you and ask you to rebuild all the relevant kernel data
> structures and find the key). Besides, it's not reliable to read the
> memory directly managed by the first kernel for example the memory could
> be corrupt. So we have to pass the master key from the 1st kernel to the kdump
> kernel.
OK, then why you cannot store it to the (2nd) kdump kernel keyring?
(From the kdump area copy, then you do not need to patch anything else
in dm-crypt than that one line storing the key to the kdump area.)
A clear approach would be to store the key in the 2nd kernel kdump keyring
and allow userspace to read it.
Then cryptsetup can just validate the key (LUKS key digest does not use Argon)
and activates it without asking for a passphrase.
Perhaps this will need some new cryptsetup option (or API call), but I think
it can be done.
Or, you can actually simulate it with
cryptsetup open ... --master-key-file <file>
where this keyfile contains directly the volume key, not a passphrase.
The key digest is verified in this case only; no costly PBKDF is needed.
If you have a way to retrieve the kdump stored key to kdump userspace, this
is perhaps a much simpler solution.
All this is against all countermeasures to not expose encryption key
directly - but if kdump is debugging environment, just saying...
Milan
WARNING: multiple messages have this Message-ID (diff)
From: Milan Broz <gmazyland@gmail.com>
To: Coiby Xu <coxu@redhat.com>
Cc: Mike Snitzer <snitzer@redhat.com>, Baoquan He <bhe@redhat.com>,
kexec@lists.infradead.org, dm-devel@redhat.com,
linux-kernel@vger.kernel.org, Kairui Song <ryncsn@gmail.com>,
Thomas Staudt <tstaudt@de.ibm.com>,
Dave Young <dyoung@redhat.com>
Subject: Re: [dm-devel] [RFC 0/4] Support kdump with LUKS encryption by reusing LUKS master key
Date: Fri, 18 Mar 2022 14:53:37 +0100 [thread overview]
Message-ID: <a5b9e66c-235b-51dd-234c-b543dbacc464@gmail.com> (raw)
In-Reply-To: <20220318122110.7qjrnrduwytjle3w@Rk>
On 18/03/2022 13:21, Coiby Xu wrote:
...
>> Why is it not done through keyring and forcing kdump to retain key there
>> (under the same keyring key name as dm-crypt used)?
>> Kernel dm-crypt supports this already; LUKS2 uses keyring by default too.
>> That's all you need, or not? Why do you need to add another "kdump:" thing?
>> IOW why kdump cannot copy the key to keyring under the name dm-crypt
>> has in the mapping table and let dm-crypt activate the device almost without
>> code changes?
>
> Sorry, I haven't explained how kdump works. Once the 1st kernel crashes and
> the system boots into the kdump kernel, the kdump kernel only have direct
> access to the memory exclusively reserved for it i.e. the kdump kernel
> loses the direct access to the keyring constructed in the 1st kernel. In
> theory, the kdump kernel could do some "hacking" to find out the key
> stored in the memory directly managed by the 1st kernel but I imagine
> this would be difficult task (imagine I present the memory dump of my
> computer to you and ask you to rebuild all the relevant kernel data
> structures and find the key). Besides, it's not reliable to read the
> memory directly managed by the first kernel for example the memory could
> be corrupt. So we have to pass the master key from the 1st kernel to the kdump
> kernel.
OK, then why you cannot store it to the (2nd) kdump kernel keyring?
(From the kdump area copy, then you do not need to patch anything else
in dm-crypt than that one line storing the key to the kdump area.)
A clear approach would be to store the key in the 2nd kernel kdump keyring
and allow userspace to read it.
Then cryptsetup can just validate the key (LUKS key digest does not use Argon)
and activates it without asking for a passphrase.
Perhaps this will need some new cryptsetup option (or API call), but I think
it can be done.
Or, you can actually simulate it with
cryptsetup open ... --master-key-file <file>
where this keyfile contains directly the volume key, not a passphrase.
The key digest is verified in this case only; no costly PBKDF is needed.
If you have a way to retrieve the kdump stored key to kdump userspace, this
is perhaps a much simpler solution.
All this is against all countermeasures to not expose encryption key
directly - but if kdump is debugging environment, just saying...
Milan
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
WARNING: multiple messages have this Message-ID (diff)
From: Milan Broz <gmazyland@gmail.com>
To: kexec@lists.infradead.org
Subject: [RFC 0/4] Support kdump with LUKS encryption by reusing LUKS master key
Date: Fri, 18 Mar 2022 14:53:37 +0100 [thread overview]
Message-ID: <a5b9e66c-235b-51dd-234c-b543dbacc464@gmail.com> (raw)
In-Reply-To: <20220318122110.7qjrnrduwytjle3w@Rk>
On 18/03/2022 13:21, Coiby Xu wrote:
...
>> Why is it not done through keyring and forcing kdump to retain key there
>> (under the same keyring key name as dm-crypt used)?
>> Kernel dm-crypt supports this already; LUKS2 uses keyring by default too.
>> That's all you need, or not? Why do you need to add another "kdump:" thing?
>> IOW why kdump cannot copy the key to keyring under the name dm-crypt
>> has in the mapping table and let dm-crypt activate the device almost without
>> code changes?
>
> Sorry, I haven't explained how kdump works. Once the 1st kernel crashes and
> the system boots into the kdump kernel, the kdump kernel only have direct
> access to the memory exclusively reserved for it i.e. the kdump kernel
> loses the direct access to the keyring constructed in the 1st kernel. In
> theory, the kdump kernel could do some "hacking" to find out the key
> stored in the memory directly managed by the 1st kernel but I imagine
> this would be difficult task (imagine I present the memory dump of my
> computer to you and ask you to rebuild all the relevant kernel data
> structures and find the key). Besides, it's not reliable to read the
> memory directly managed by the first kernel for example the memory could
> be corrupt. So we have to pass the master key from the 1st kernel to the kdump
> kernel.
OK, then why you cannot store it to the (2nd) kdump kernel keyring?
(From the kdump area copy, then you do not need to patch anything else
in dm-crypt than that one line storing the key to the kdump area.)
A clear approach would be to store the key in the 2nd kernel kdump keyring
and allow userspace to read it.
Then cryptsetup can just validate the key (LUKS key digest does not use Argon)
and activates it without asking for a passphrase.
Perhaps this will need some new cryptsetup option (or API call), but I think
it can be done.
Or, you can actually simulate it with
cryptsetup open ... --master-key-file <file>
where this keyfile contains directly the volume key, not a passphrase.
The key digest is verified in this case only; no costly PBKDF is needed.
If you have a way to retrieve the kdump stored key to kdump userspace, this
is perhaps a much simpler solution.
All this is against all countermeasures to not expose encryption key
directly - but if kdump is debugging environment, just saying...
Milan
next prev parent reply other threads:[~2022-03-18 13:53 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-18 10:34 [RFC 0/4] Support kdump with LUKS encryption by reusing LUKS master key Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 10:34 ` [RFC 1/4] kexec, dm-crypt: receive LUKS master key from dm-crypt and pass it to kdump Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 10:34 ` [RFC 2/4] kdump, x86: pass the LUKS master key to kdump kernel using a kernel command line parameter luksmasterkey Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 10:34 ` [RFC 3/4] crash_dump: retrieve LUKS master key in kdump kernel Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 10:34 ` [RFC 4/4] dm-crypt: reuse " Coiby Xu
2022-03-18 10:34 ` Coiby Xu
2022-03-18 10:34 ` [dm-devel] " Coiby Xu
2022-03-18 11:29 ` [RFC 0/4] Support kdump with LUKS encryption by reusing LUKS master key Milan Broz
2022-03-18 11:29 ` Milan Broz
2022-03-18 11:29 ` [dm-devel] " Milan Broz
2022-03-18 12:21 ` Coiby Xu
2022-03-18 12:21 ` Coiby Xu
2022-03-18 12:21 ` [dm-devel] " Coiby Xu
2022-03-18 13:53 ` Milan Broz [this message]
2022-03-18 13:53 ` Milan Broz
2022-03-18 13:53 ` [dm-devel] " Milan Broz
2022-03-19 1:41 ` Coiby Xu
2022-03-19 1:41 ` Coiby Xu
2022-03-19 1:41 ` [dm-devel] " Coiby Xu
2022-03-19 20:13 ` Guilherme G. Piccoli
2022-03-19 20:13 ` Guilherme G. Piccoli
2022-03-19 20:13 ` [dm-devel] " Guilherme G. Piccoli
2022-03-21 1:41 ` Coiby Xu
2022-03-21 1:41 ` Coiby Xu
2022-03-21 1:41 ` [dm-devel] " Coiby Xu
2022-03-21 12:28 ` Guilherme G. Piccoli
2022-03-21 12:28 ` Guilherme G. Piccoli
2022-03-21 12:28 ` [dm-devel] " Guilherme G. Piccoli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a5b9e66c-235b-51dd-234c-b543dbacc464@gmail.com \
--to=gmazyland@gmail.com \
--cc=bhe@redhat.com \
--cc=coxu@redhat.com \
--cc=dm-devel@redhat.com \
--cc=dyoung@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ryncsn@gmail.com \
--cc=snitzer@redhat.com \
--cc=tstaudt@de.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.