Does the ROOT partition being unencrypted present any security vulnerability?

Hi Guys, I am sorry if this question has been asked somewhere else.

I did search but could not find anything to directly relate.

I have no real linux/unix knowledge at all, so please forgive me for my lack of knowledge, and if I have misunderstood things.

I am interested in ordering a new Librem 15 laptop, but am struggling with a particular issue.

That issue is Full Disk Encryption.

As far as I have been aware, it is generally regarded that Full Disk Encryption is the way to go, if you are trying to go for the most secure setup.

I have been told that by default, the standard setup on machines shipped out, is that only the HOME partition is encrypted, which means that the ROOT and SWAP partitions etc are unencrypted, which is causing me some anxiety.

My understanding, and please correct me if I am wrong, is that if an attacker has physical access to the machine, they can read the unencrypted SWAP and ROOT partitions, and read off the filenames that I have been using and accessing on my encrypted HOME partition, as well as the file types, and file pathnames etc. So even though they cannot read the actual encrypted files on the Home partition, they can see a lot of information about those files…the filenames ,when last accessed, and the paths to the locations of the files.

If I had sensitive financial data, and the attacker was willing to torture me, I would have no plausible deniability to deny the existence of such files, as they could clearly see their existence, and so would have full incentive to force me to disclose the encryption password, to get access to the files on the encrypted Home partition.

However, if the SWAP and ROOT partitions were encrypted, then the attacker could not see any files information, and so could not prove the existence of such files.

This gives me plausible deniability, in the event of a physical attack, and so greater safety and security.

If I understand correctly, the new PureBoot setup in conjunction with the Librem Key, would enable the user to detect if any files had been changed on the unencrypted ROOT partition.
This would alert the user to a surreptitious attempt to install rogue files eg a Trojan or Virus.

However what I am thinking of, is not a surreptitious attempt to install files on the machine, but rather where the attacker has (possibly violently) assumed physical ownership of the machine and is now reading through the unencrypted partitions for clues and information.

If I understand correctly then, the PureBoot and Librem Key setup, will protect the machine from anonymous remote attacks, but the fact that the SWAP and ROOT partitions are unencrypted, gives a physical attacker a large attack surface, given that they have assumed physical control of the machine.

Am I understanding that correctly?

Or is there some facts I am missing?

I guess I am hoping that someone will tell me that the fact that the SWAP and ROOT partitions are unencrypted, does not give a physical attacker any more leverage, and that possibly they cannot in fact see the file names, paths, locations etc, given a physical hijacking of the machine. In which case, I do not need to worry about the other partitions being unencrypted.

Thanks Guys, I really really appreciate your help and any feedback and help.

It is quite possible my limited technical understanding has led me to completely misunderstanding things, and I am quite happy to be educated on where I am wrong.

Thanks again guys, and I really appreciate your help.

A Big Thanks!

Unencrypted BOOT partition, not ROOT. No need to worry your pretty head.

The previous reply addresses the query about the root partition.

The swap partition should be encrypted by default. If it’s not then it’s no drama to change it since all data in the swap partition is essentially transient (unless using the hibernate functionality). I have read that the swap partition uses a new randomly-generated encryption key on each boot, which makes it even more secure than the root partition!

It is extremely important that the swap partition be encrypted since otherwise the swap partition can contain secret keys and other information that is not even stored on the root or home partitions.

Not really. Not unless you are specifically using an encrypted file system that supports deniability. Your torturer will not be able to see path names on the encrypted home partition but your torturer will be able to see that it is encrypted. Right?

I suppose it depends on the sophistication of your torturer.

Total security involves many moving parts. Encrypted root, swap and home are pieces of the puzzle. Deniability is another. Password strength is another. Hardware compromise is another. Physical security is another. …

I’m hoping that your ‘torture’ scenario is hypothetical. If not then you should identify to Purism at the time of ordering what your threat model is.

OP mentioned full-disk encryption, that should cover swap too, or am I being thick?

Maybe but there isn’t really such a thing, literally, as full-disk encryption in this configuration - since, as was mentioned by you, the boot partition is not encrypted. Once the boot partition is not encrypted, it is more likely that you will have full-partition encryption, to coin a phrase. Likewise, the swap partition is encrypted with a different key, as compared with the root partition. Those were the kinds of distinctions that I was making.

That’s fair, I think I crossed wires in my brain (I have a modified windows laptop that uses Veracrypt’s full-disk encryption, so there’s no swap partition to consider. Everything except its boot partition is encrypted though, so “full-disk”). LUKS (I’m assuming is the case here) is a different beast. Well, as is Linux.

Exactly, the same is the case with LUKS. The boot partition is obviously not encrypted, the rest is encrypted with your pass phrase, swap is by default encrypted with a random pass phrase on every boot as mentioned above by @kieran. The cryptsetup FAQ and the LUKS format specification document are both extremely valuable sources of information to better understand how LUKS works internally (note, PureOS uses LUKS 1). A more quick and dirty, but still with some explanation of the inner workings, can also be found in this LUKS setup article.

With respect to plausible deniability, which is often pointed out to be valuable when crossing a boarder, I would refer you to the cryptsetup FAQ, read especially section 5.18 and the mentioned reference.

kieran
The swap partition should be encrypted by default. If it’s not then it’s no drama to change it since all data in the swap partition is essentially transient (unless using the hibernate functionality). I have read that the swap partition uses a new randomly-generated encryption key on each boot, which makes it even more secure than the root partition!

Hi Kieran
Thanks for your reply.
Do you have any link to where it says that the Swap partition is encrypted by default, or even on each boot?
I have not been able to find this anywhere on the Purism site or forums or on any information they have given out, at least so far.
If you could give a link to where Purism gives information about that, it would be really appreciated, as so far, I have had 2 support staff tell me that ONLY the Home partition is encrypted.
So if I could see where you are linking to, it would really help to relieve my anxiety.
Thanks for your help, really appreciated.

Depends whether you are asking about PureOS specifically or Linux generally. If the latter then you can find any number of discussions on the internet about how this works e.g. https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption

I don’t think it matters much whether it is enabled by default because you can always make it so - although for the truly paranoid that would involve carefully disabling swap, shredding the swap partition, then re-establishing it as an encrypted swap partition.

You also have the option of having no swap partition / file at all, and thereby avoid the question altogether. (On my typical desktop/laptop, swapping simply never happens, because I have much more memory than I ever use, in which case you also don’t need to be so careful with changing from unencrypted swap to encrypted swap if that is required.)

As this is evidently important to you, you should officially ask Purism to confirm what the setup would be for a new laptop. support@puri.sm

It sounds like (though I dont use PureOS myself) the laptop comes with home folder encryption enabled, and if @bigT wants full disk encryption they’ll have to set it up themselves. To my knowledge, LUKS doesn’t encrypt in place when you set it up, so it’ll require reinstalling and setting up your librem key again, if you have one.

@bigT: You can simply check if the swap is encrypted or not. Running the

lsblk 

command gives me an overview of my disks. The overview shows me three disks, one at mountpoint /boot (unencrypted since it is the boot partition). The second disk is the main disk, which I can see has a LUKS encryption on it. The third disk has as the mounpoint [SWAP], and there I can see as well that it is a LUKS disk.

I recently re-installed PureOS from scratch and encrypting swap on boot up is activated by default. By checking you can also make sure that, no matter what you read, it’s actually set up the way you want it, e.g., with the swap partition being encrypted.

Hope this help.

Our PureOS OEM install creates a separate unencrypted /boot partition, and an encrypted root partition and swap partition. The root partition is encrypted with a key you end up setting on first boot, while the swap partition is encrypted using a key that’s randomized at each boot–this is why hibernate won’t work on a default PureOS install–the randomized key used for swap means the data there is wiped out at each boot.

I’m not sure who would have told you we encrypt /home separately as we haven’t had a separate /home partition (or one of those post-boot encrypted /home setups like you sometimes see on Ubuntu) for as long as I’ve been here.

Hi Guys, sorry for my late reply.

Modern life is so crazy hectic, that even with an important project, it can take some time to get back to it.

I want to thank all the posters who replied to my questions.

It is really very much appreciated.

Thank you for taking the time to share your knowledge and expertise.

You have solved the problem, and taken all the anxiety away, so thank you all.

Thank you Gavaudan. Well, the head is not that pretty, haa haa.

Kieran, you enlightened me about the swap being encrypted by default, which I was not aware of at all, so you have solved the problem right there. Thank you Sir!

To pfm, thank you for the technical links. That is very useful, and I will browse them and I have downloaded the pdf to read thru later. Thanks.

And a big thank you especially to My Kyle Rankin. You told me exactly what I hoped to hear, and have removed all my anxieties on the issues. Thank you Sir, for taking the time to reply. I really appreciate that. It is all great news, and I look forward to now ordering a new Librem Laptop, and am very excited. Thank you.

Yes regarding the issue of only /home partition being encrypted, ok possibly it was me that misunderstood what the support staff were saying. That is entirely possible, due to my very limited linux knowledge.

Anyway, it is all good, as I am so happy to hear that the SWAP is encrypted each time, so that is fantastic news.

Thank you again Kyle, and I look forward to being a long term happy customer!

Thank you Sir, and to all the other posters who took their time to reply and share their expertise. Thank you Guys!!

Very Kind Regards

bigT

the main thing to take away is that you do NOT need separate swap and home partitions.

the way pureOS does it is have them as a directory INSIDE the / (main root partition)

/boot and /boot/efi are somewhat of an odd-bunch …

It depends on your threat profile. If you’re worried about torture and violent seizure of the device, that means encryption keys may (likely are) in memory, and encryption doesn’t really help you. In this sort of circumstance, you may well want everything encrypted, but you don’t want it all encrypted with the same password, key, or algorithm. Having your general system encrypted helps if someone steals the machine while it’s off. Your important files should be kept in a separate volume which is only accessed when you’re working with those files. The rest of the time it needs to be unmounted, and the keys securely removed from memory. Ideally, use zram if you don’t have enough physical memory, and don’t use swap while accessing sensitive files.

Finally, if you’re worried about deniability and torture resistance, there are encryption algorithms that allow multiple password protected archives in the same block of encrypted data. If you encrypt it with one password, and then access it with a different one, you get a different set of files (or the same named files, with different contents). Under pressure, you can then give a password that unlocks the volume, without showing the real contents. This has the advantage that it is generally impossible to prove (well, np-hard at the least) that you’ve extracted all the files (with all the passwords) from the archive. The only downside is when you write a file with one password, there is a chance of it overwriting a file encrypted with another password. The probability of this is the classic birthday problem, so it’s pretty easy to keep the probability low, but you do need to be aware of the risk (you can implement a system to overwrite any damaged files automatically).

Criminal thugs, like governments, don’t care about mathematical deniability (or even plausible deniability).

For (non-authoritarian) governments, what matters is believed deniability. If a court believes you, you are OK - regardless of the truth i.e. even if you are lying. If a court does not believe you, you are not OK - regardless of the truth i.e. even if you are telling the truth.

Having said that, I am not aware of any criminal defendant who was using hidden volumes / plausible deniability and who has brought in an expert witness to witter on about NP-hard … who either won or lost his case. So until that happens, you could be right.

So that is quite a valid point. Given that you might only have two hidden volumes, some actor could demand you hand over a third password. With only two volumes set up, you’d be unable to provide a third password. This may well lead to additional “pressure” applied to you to get you to give up another password. If your opponent realizes the encryption scheme allows overlapping volumes, they are likely to demand at least a second password (why would you use such an encryption scheme without a second volume).

This means if the goal is legal defence, or if your opponent is likely to kill you if you refuse to yield a(nother) password, it is very much a double edged sword. If the goal is to waste your adversary’s time, or to at all costs keep their hands off the data, then things are a bit different.

On that note, I once was asked to participate in a research study, where we were asked to implement a strong encryption system for a hypothetical journalist operating in an unfriendly regime. The scenario was fairly tightly constrained, and the goal was to gauge how we interacted with the documentation for a particular library, rather than how to actually engineer such a system. One of the major points to consider was that, if the journalist were to be detained, their sources would be put at risk, not just the reporter. Anyway, in considering all of that, I realized that, in such a situation, asymmetric encryption is the way to go, without the private key even accessible to the reporter in the field. That is the only method that is “rubber hose” proof.

You can find analysis of the perils of deniable encryption on the internet.

The same idea even works with symmetric encryption if the person with the data does not need access to it i.e. in general where the data needs to be protected “at all costs” and the data is worth more than a human life.

In the specific example that you give (asymmetric encryption), the ideal scenario is that it is obvious to the thug that asymmetric encryption is in use - as that may spare the reporter further “pressure”.

From what I’ve read of actual users, there are plenty of people who use disk encryption software that supports hidden volumes but who don’t use the hidden volume functionality (as it is not needed for their threat model). Those people are vulnerable to “death” under “pressure” since they would be being forced to reveal something that does not exist.

In some respects this is not different from my saying that I use LibreOffice but I have not used even half of the functionality that LibreOffice gives me.

reminds me of hearing Wilson’s eye getting scooped out with a spoon by his torturer in ‘utopia’ (2013) uk-tv-show … now every time i see a spoon …