Transparent disk encryption coming this year [was:RE: disk encryption modes]
shamrock at cypherpunks.to
Sun May 26 20:26:37 PDT 2002
The author of GEOM has just added the first straw man crypto provider to
the FreeBSD 5.0 drive/partition manager.
Yes, I know it is a modest start. But given how much interest there has
been on the list in transparent drive encryption, those inclined to
provide constructive feedback, ideally in the form of source code, may
wish to do so.
> -----Original Message-----
> From: owner-cypherpunks at lne.com
> [mailto:owner-cypherpunks at lne.com] On Behalf Of Lucky Green
> Sent: Sunday, April 28, 2002 12:37 AM
> To: cypherpunks at lne.com
> Cc: 'Peter Gutmann'
> Subject: Transparent disk encryption coming this year
> [was:RE: disk encryption modes]
> I would like to direct anybody's attention who is interested
> in transparent drive encryption to GEOM, which will be a
> native feature of FreeBSD 5.0.
> GEOM is a project that is slated for inclusion in the release
> of FreeBSD 5.0, a major upgrade to FreeBSD that has been
> years in the making, due out by the end of the year. Based on
> my understanding of what GEOM does, which may be imperfect,
> GEOM provides a transparent middle layer between the actual
> physical drives and what the OS thinks those drives are. For
> example, the OS may believe it is using two UFS partitions on
> the same IDE drive when in fact the actual drives used are
> one hard drive formatted for Linux, one MS-DOS drive, and
> some Solaris partition mounted over NFS. The OS or the
> application will be completely isolated from the physical
> hardware of the drives and the actual file systems on the drives.
> The benefits are compelling: you can simply add another drive
> and tell your OS that one of the partitions that it is using
> has just magically become much larger. Or move all the data
> over to a RAID without your OS ever changing the device entry
> it is talking to. As I said, totally transparent.
> I believe that GEOM will become widely adopted, just as Soft
> Updates became widely adopted within months of its inclusion
> in FreeBSD, because it is simply so compelling.
> Of course this magic requires various behind-the-scenes
> "transformations". One of such transformations that the
> author is explicitly targeting is transparent encryption. And
> that's not just encryption of blocks on the file system or
> via some kludgy loop back interface. If this gets implement
> right, if you were to look at the physical drive, you
> shouldn't even be able to tell how many files there are, or
> for that matter how much data is stored on the drive.
> Currently, GEOM is being written by a single guy in Denmark.
> Which sounds perhaps more crazy than it might be, because
> Soft Updates, IIRC, was written by one person as well. The
> guy seems real, has a grant for the project, and is an active
> member of the FreeBSD team.
> If you feel comfortable with running FreeBSD-CURRENT, which
> was just released as a Developer Preview 1 build, are
> familiar with at least some file systems, and are interested
> in seeing transparent drive encryption deployed on hundreds
> of thousands of machines worldwide by the end of the year, I
> would encourage you to visit
> http://phk.freebsd.dk/geom/ and read the geom man page found
> on the FreeBSD web site. Note that the encryption
> transformation code is not yet available, though some of the
> file system transformation code is.
More information about the cypherpunks-legacy