Tomb encrypted chroots?

[jaromil]

Just discovered Crouton, great stuff! thanks. Motivates me to buy a Chromium OS device.

Your documentation is also great, because being frank and clear about the security risks.

Regarding the low security when relying only on a passphrase, have you thought of supporting tomb-encrypted chroots? see: https://github.com/dyne/Tomb

Tombs are opened using files that can be hosted on usb keys, bluetooth storage (obexftpd), hidden in images or hostec online via ssh. The keys are then protected by a passphrase. This would obviously enhance the security of encrypted chroots.

I don't know yet Chromium OS so I have no idea what would be the best way to integrate Tomb, so I'm curious about your thoughts on this before proceeding in this adventure.

ciao

[dnschneid]

You can already put the encryption keys (still protected by a passphrase) on separate media with crouton; see the -k option in the installer. It doesn't look like tomb brings anything new to the table, and crouton needs to use the encryption utilities present in Chromium OS, which limits its options.

[jaromil]

Can you provide some detail on the "protection by a passphrase"? is that GPG symmetric encryption? I will look at the -k installer option. Thanks. Indeed Tomb does not aim to bring anything new, but a layer of fairly transparent usability.

[jaromil]

I see: https://github.com/dnschneid/crouton/blob/master/host-bin/mount-chroot#L148

From which I understand the creation of the chroot is a special case of first run mount-chroot, where also the key gets created and protected by password using ecryptfs-wrap-passphrase.

It is yet unclear to me how ecryptfs protects the pass, not specified in its documentation, but from on-line fora seems it is AES-128.

ciao

[dnschneid]

Yeah, I leave the encryption to the encryption experts. Feel free to read through the code for ecryptfs_wrap_passphrase.

[DennisLfromGA]

While on this subject, is there any way to unencrypt an encrypted chroot? I don't know of a way but I may have overlooked something simple.

[dnschneid]

There's no automated way. unmount the chroot if it's mounted, then use mount-chroot to manually mount it without all the submounts. You can then sudo cp -a or sudo mv the tree out of /var/run/crouton/[shadow path to chroot] to unencrypt it (cp requires twice the space; mv does not but is hard to recover from if it gets interrupted).

[DennisLfromGA]

Thanx @dnschneid, I encrypted one just as an experiment on my Cr-48 and would like to unencrypt it (and remove the password set via chromeos-setdevpasswd), those instructions are perfect. I'll back it up before I use the sudo mv method.