Wednesday, May 02 2007
some time ago I setup a new root server for a new project of a friend and myself, this time I wanted to
go full crypto. In the beginning I thought this might be a lot of work but as it turned out it is quite simple
if you do some thinking.
There are many ways to do this, this is how I did it.
The setup works like this: the server boots into a minimal system starting only the SSH daemon. The you login
and enter/upload the passphrase to unlock the disk(s). Finally you tell the system that you are done, after
which you are kicked out and the system completes the boot by mouting the real root partition and executing
init from there. At this point everything is as usual.
There are two basic parts in this setup: first building a good minimal system so you don't waste too much
space and second build the init script for the minimal system.
The minimal system needs to contain stuff like:
sshd, filesystem tools such as mkfs, fsck, fdisk, etc., cryptsetup, networking tools like ifconfig, route,
ip, etc., mdadm (if you run raid), and of course all the required libraries. The easiest way to do this
is using the recovery tool your hoster provides. Just setup a minimal system on one partition and strip it down
before moving it to the boot partition.
The init script is quite simple, it needs to do three things: first, configure the network (ip address and
route); second, start sshd; and third, start the actual system after the root partition has been unlocked.
My script works as follows: after sshd has been started the script waits for a file to be created in the
tmp directory. As soon as the file is created all ssh processes are killed, and the real system is booted.
file list of my minimal system
init script for minimal system (touch /tmp/READY_TO_BOOT after
you unlocked the root partition)
You need to encrypt your swap otherwise this is useless!
If you upload a key to your minimal system only upload to key to a ram drive, never write it to disk. Otherwise
all the work is useless!
Remember your key! Remember your key! Remember your key!
Filesystem integrity check for the minimal system. This is a very hard task and I don't have a solution so far.