search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.65k stars 378 forks source link

Escrow Linux disk encryption keys using LUKS #19594

Open dherder opened 3 weeks ago

dherder commented 3 weeks ago

Goal

User story
As a Client Platform Engineer,
I want to escrow disk encryption keys on my Linux workstations
so that my team can get access to encrypted data w/o the local password when an employee who used Linux leaves the company.

Context

We want to use the LUKS disk encryption format.

Instructions from Fedora on disk encryption key escrow using LUKS is here.

Changes

Product

Engineering

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.
noahtalerman commented 3 weeks ago

@dherder I think we learned from the prospect that they manage mostly Ubuntu Linux Workstations and some Red Hat Linux? Fedora Linux?

I can't find this in our notes...

dherder commented 3 weeks ago

@noahtalerman mostly Ubuntu with some Fedora

noahtalerman commented 1 week ago

Hey @dherder I updated this issue to user story format and moved your original issue description here for safekeeping:

Problem

As a Client Platform Engineer, I would like to escrow Linux disk encryption keys. Specifically, LUKS format. See https://fedoraproject.org/wiki/Disk_encryption_formats for all the possible disk encryption formats.

Background: https://fedoraproject.org/wiki/Key_Management#Disk_Encryption_Key_Escrow (see sections on Handling of use cases, Implementation details).

The goal is to allow recovering from a e.g. a lost password for an encrypted drive of a company computer, by storing the necessary data about the encryption "centrally" and allowing authorized people to use it to access the encrypted data.

The threat model assumes attacks against the encrypted drives by unauthorized users, and attacks against the central data storage. Users deleting or corrupting data they have legitimate access to are out of scope (in the typical case, the user can overwrite their own hard drive or smash it with a hammer).