search

dyne / tomb

the Crypto Undertaker
https://dyne.org/software/tomb
GNU General Public License v3.0
1.34k stars 153 forks source link

tomb complains about zramswap #445

Closed chri2 closed 2 years ago

chri2 commented 2 years ago

I'm trying pass in combination with tomb on my Librem5:

purism@pureos:~$ pass open -v
  .  pass Opening the password tomb /home/purism/.password.tomb using the key /home/purism/.password.tomb.key
  .  tomb  .  Commanded to open tomb /home/purism/.password.tomb
  .  tomb  .  An active swap partition is detected...
  .  tomb [W] This poses a security risk.
  .  tomb [W] You can deactivate all swap partitions using the command:
  .  tomb [W]  swapoff -a
  .  tomb [W] [#163] I may not detect plain swaps on an encrypted volume.
  .  tomb [W] But if you want to proceed like this, use the -f (force) flag.
  .  tomb [E] Operation aborted.
 [x] Error : Unable to open the password tomb.
purism@pureos:~$ swapon -s
Filename                Type        Size    Used    Priority
/dev/zram0                              partition   1530876 0       100
purism@pureos:~$ sudo zramswap status
NAME       ALGORITHM DISKSIZE DATA COMPR TOTAL STREAMS MOUNTPOINT
/dev/zram0 lzo-rle       1,5G   4K   80B   12K       4 [SWAP]

I didn't dive deep into the subject and didn't find sufficient information about it: searching for about half an hour on tombs page and here on github didn't bring up anything about attack vectors through swap-usage and explanations why using swap and which type of swap poses a risk to tomb.

zramswap is an unencrypted swap living in ram memory. It can be used to use ram on devices with little memory more efficiently - in my case: the librem5 linux mobile smartphone with 3GB ram.

Thought it can also be configured to write to disk which would pose a different threat to a tomb I guess.

My expectation would be that there isn't any warning about zram configured to use ram only (no writeback) and tomb on its own and pass-tomb would work without warnings.

roddhjav commented 2 years ago

Have a look at #414. You can force it without issue.

chri2 commented 2 years ago

Yes, thanks, I already had read that and it worked this way.

But...

didn't bring up anything about attack vectors through swap-usage and explanations why using swap and which type of swap poses a risk to tomb.

I'm having a bad feeling using -f force without understanding what risk I might take and what other warnings/errors might get forced on the way.

Since the whole purpose of the software is about security understanding the risks is crucial to anybody using it.

I'd love to see some reference somewhere about these questions (or being pointed to the once I missed).

chri2 commented 2 years ago

Applied these changes to not stumble over the missing --force again and again.

chri2 commented 1 year ago

Just stumbled over this after an os upgrade, again: pass is trying to open the tomb, but can't, because tomb doesn't like the cryptswap.

Release ;-) ?

jaromil commented 1 year ago

Whoeps, my bad I have never made a stable release including this improvement. On it