Workaround for automounting on macOS

[szszszsz]

Try to find and eject the device to prevent automounting on macOS. Similarly while trying to unlock the device. Details: https://github.com/Nitrokey/nitrokey-storage-firmware/issues/45#issuecomment-377351366

[oderwat]

Work around automounting by turning it of for nitrokey volumes:

I found only one way to not (re-)mount the volumes on switching between different hidden volumes and the secure volume. The problem boils down to that one has to "eject" the volumes eventually to make OS X aware of the change. This always re-mounts the volume which lets some system tasks access the drive. While experimenting with secret and hidden volumes I lost data (not really!) multiple times.

The only "semi secure" way to not run into an auto re-mounting volume after ejection is to add those volumes UUID (or LABEL) to /etc/fstab (make sure you are using vifs for that). But this exposes UUID or Volume Names of the hidden volumes which may or may not reveal the usage of hidden volumes in a system. But if you name the secret volume with the same label as all hidden volumes, this is not as bad. But you always need an extra step to mount the volume if needed.

My thoughts about the whole switching volumes problem:

I did not check much of the internal working so take this with a gain of salt.

I actually think that the hardware should actively be removed and inserted again between the volume changes, just like a real USB stick!

This will of course always lock the device and hence mounting the secure/hidden volume should be "the same thing". There are simply two entry fields: "pin" (always needed) and "password" (for the optional hidden volume mount). The device should then directly activate the hidden or secret volume in one step.

This way you don't need to eject the secret volume to switch to the hidden and you don't need to first mount the secret one at all. Later also minimises the risk that something is writing to the disks.

You also don't ever "lock this or that" which "cuts of" the system from the volume. Instead of "locking" a simple "eject" will do. Much safer in my opinion. If you want to change between secure and hidden volumes you eject the last volume, re-insert the key and unlock straight into what you want to use.

I think the same should apply to the unencrypted volume. It should simply stay "away" when ejected until the device was unplugged and re-inserted again.

I guess that my proposal also works with the hidden volume creation (while the secure one is mounted). This should come down to "create hidden volume / eject secure / re-insert / mount hidden volume / format".

All of this would be perfect if the device gets a button to "re-insert" the stick. The same button could be used to send keystrokes (as yubikey does) so you could get OTP without the need of an app.

I hope that makes sense and the benefit of safer (and cleaner) procedures compensates for the additional burden to unplug and reinsert the device for volume switching.

[szszszsz]

Thank you for a quite elaborated description! I see your point of view quite clearly. I like the idea of directly unlocking the hidden volume. Reinserting should be a good workaround by the time https://github.com/Nitrokey/nitrokey-storage-firmware/issues/60 would be fixed. Hopefully both will improve the macOS' users experience. As for the button, it could be reported on the H/W repo (I will do so in a moment). Other related ideas are welcomed too.

[oderwat]

I was pretty unsure if my ideas will be picked up and if I wrote it in a way others would understand. Thank you for forwarding it through the system!

I even was thinking about trying to code some of it myself. But realistically I do not have time for this in the near future. It would be really great it that would be implemented just by me making a proposal :)

[muellermartin]

What's the status of this issue? I also like the idea that ejecting automatically locks the different functions, but especially the automatic re-mount is still annoying.

[szszszsz]

@muellermartin No new workarounds have been found yet. Perhaps it will end in the firmware modification instead - see https://github.com/Nitrokey/nitrokey-storage-firmware/issues/45#issuecomment-377351366.

[muellermartin]

Sad to hear, as this is quite a usability issue an macOS, because the system shows an error for volumes that are not unmounted properly. To avoid this, you have to unmount the device and quickly remove it from the USB port to prevent the error message :(

[szszszsz]

I understand. Once the device is ejected though, it should be sync'ed before that, so it should be safe to remove. Hopefully the error window will not show up, while using the next Storage firmwares.