netbsd-users: Crypt FS, Secure DISK, PPDD, CFS, TCFS PGPDisk?

Subject: Crypt FS, Secure DISK, PPDD, CFS, TCFS PGPDisk?
To: None <netbsd-users@netbsd.org>
From: Jorgen Lundman <lundman@lundman.net>
List: netbsd-users
Date: 06/08/2000 14:20:30
Hello NetBSD fans! :)

I have the need to crypt/cipher data stored on HD, to the extend that it
is protected should the machine/HD be stolen or rebooted (floppy) etc. 
I've been trying to find a solution to this for NetBSD but I've had
little luck, perhaps there is someone out there who already does this or
have a suggestion?



CFS-1.3.3bf:

I managed to get this working ok for NetBSD, it's not quite what I'm
after, it only allows the owner of a secure-directory have access, as
opposed to the usual Unix ownership/permissions. I could potentially
patch this to work more like your usual filesystems but I have a feeling
this may also affect its security. Seems to store .k and .s in the
un-encrypted directory?


TCFS:

I noted there have been some work on this to make it work on NetBSD, it
does seem abit over the top again, to protect data in an user
environment (initial opinion, I've not had it running).


PPDD:

This is the most appropriate thing I've found so far, but it is only for
Linux.  I've had a glance at the kernel patch file which could be fairly
straight forward, but it may rely heavily on other Linux specific
things? Loop device, its devnodes? Kernal loadable modules? The fact
that it is ext2fs?

The patch creates/modifies these files:

--- linux.orig/include/linux/ppdd.h     Mon Nov 15 00:32:16 1999
--- linux.orig/include/linux/major.h    Mon Nov 15 00:32:16 1999
--- linux.orig/include/linux/blk.h      Mon Nov 15 00:32:16 1999
--- linux.orig/include/linux/bf.h       Mon Nov 15 00:32:16 1999
--- linux.orig/drivers/block/ppdd.c     Mon Nov 15 00:32:16 1999
--- linux.orig/drivers/block/bfcrypt.c  Mon Nov 15 00:32:16 1999
--- linux.orig/drivers/block/Makefile   Mon Nov 15 00:32:16 1999
--- linux.orig/drivers/block/ll_rw_blk.c  Mon Nov 15 00:32:16 1999
--- linux.orig/drivers/block/Config.in  Mon Nov 15 00:32:16 1999
--- linux.orig/arch/i386/lib/bf-i386.S  Mon Nov 15 00:32:16 1999
--- linux.orig/arch/i386/lib/Makefile   Mon Nov 15 00:32:16 1999
--- linux.orig/kernel/ksyms.c   Mon Nov 15 00:32:16 1999

So possibly ll_rw_blk.c is the trickiest? Seems to be mostly hooks.


Are there other options out there?  PGPDisk seems to be just for
Windows/Mac.


Any reply is appreciated,

Lund

-- 
Jorgen "Lord" Lundman <lundman@lundman.net>
Technology Manager, Unix Administrator
Phone: +44 (020)8659-1860  Mobile: (07958)642-918
Pager: 07958642918@one2one.net
"Rare is the person who can weigh the faults of others 
 without putting his thumb on the scales": Byron J. Langenfeld