Block system encryption of Windows Linux installed systems. Encrypted multiboot. Defense and attack on GRUB2

Cowboy strategy:

[A] block system encryption of Windows 7 installed system;
[B] GNU / Linux (Debian) block system encryption of the installed system (including / boot) ;
[C] GRUB2 setting, bootloader protection with digital signature, authentication protection;
[D] sweep - destroy unencrypted data;
[E] Universal backup of encrypted OS;
[F] attack <on item [C]> on the GRUB2 bootloader;
[G] useful documentation.

───Schema # rooms 40 # <BIOS / MBR / 1HDD without lvm>:
╼──╼ encryption is not hidden;
╼──╼ Windows 7 installed - full system encryption;
╼──╼ GNU / Linux installed (Debian and derived distributions) - full system encryption (/, including / boot; swap) ;
╼──╼ Independent loaders: VeraCrypt is installed in the MBR, GRUB2 is installed in the extended partition;
╼──╼ OS installation / reinstallation is not required;
──╼ used cryptographic software: VeraCrypt, Cryptsetup, GnuPG, Seahorse, GRUB2 - free / free.
')
The above scheme partially solves the problem of “remote boot to a flash drive”, allows you to enjoy encrypted Windows / Linux and exchange data via an “encrypted channel” from one OS to another.

PC boot order:

• turning on the machine;
• boot loader VeraCrypt (correct password will continue loading Windows 7) ;
• pressing the “Esc” key will load the GRUB2 bootloader;
• GRUB2 boot loader (choice of distribution / GNU / Linux / CLI) , requires authentication of the GRUB2-superuser <login / password>;
• after successful authentication and distribution selection, you will need to enter a password phrase to unlock "/boot/initrd.img";
• after entering error-free passwords in GRUB2, you will need to enter a password (third password, BIOS password or GNU / Linux user account password to unlock ) and unlock the GNU / Linux OS, or automatically substitute the secret key (two passwords + key) ;
• external invasion of the GRUB2 configuration will freeze the GNU / Linux boot process.

When partitioning a hard disk (MBR table), a PC can have no more than 4 main partitions, or 3 main and one extended partitions, as well as an unlabeled area. An extended partition, unlike the main one, can contain subsections (logical drives = extended partition) . In other words, the “extended partition” on the HDD replaces LVM for the current task: full system encryption. If your disk is mapped to 4 main partitions, you need to use lvm, either transform (with formatting) the section from main to extended, or competently use all four sections and leave everything as it is, getting the desired result. Even if you have one partition on the disk, Gparted will help to split the HDD (into additional sections) without losing data, but still with a small price to pay for such actions.

The layout of the hard disk, for which the verbalization of the entire article will go, is presented in the table below.


Table (№ 1) sections 1Tb.

Something similar should be with you.
Sda1 - the main section number 1 NTFS (encrypted) ;
sda2 - extended marker section;
sda6 - logical drive (GRUB2 boot loader is installed on it);
sda8 - swap (encrypted paging file);
sda9 - test logical drive;
sda5 - logical disk for the curious;
sda7 - GNU / Linux OS (transferred OS to an encrypted logical drive);
sda3 - the main section number 2 with Windows 7 (encrypted) ;
sda4 - the main section number 3 (it was located unencrypted GNU / Linux, used for backup) .

[A] Block system encryption Windows 7

[B] LUKS. Encryption GNU / Linux (~ Debian) installed OS. Algorithm and Steps

In order to encrypt the installed Debian / derived distribution, you need to map the prepared partition to the virtual block device, transfer it to the mapped GNU / Linux disk, and install / configure GRUB2. If you do not have a bare server, and you value your time, then you need to use the GUI, and most of the terminal commands described below are meant to be driven in “Chuck-Norris mode”.

B1. Booting a PC from GNU / Linux live usb "

"To hold a cryptotest on the performance of iron"

 lscpu && ryptsetup benchmark 

If you are a happy owner of a powerful AES-enabled car, then the numbers will look like the right side of the terminal, if you are happy, but with antique iron, the left side.

B2. Partitioning disk. mount / format fs logical disk HDD in Ext4 (Gparted)






B3. Transferring the GNU / Linux OS (sda4) to an encrypted partition (sda7)

Create a folder / mnt2 (Note - we are still working with live usb, sda7_crypt is mounted at / mnt) , and we mount our GNU / Linux into / mnt2, which needs to be encrypted.

 mkdir /mnt2 mount /dev/sda4 /mnt2 

We carry out the correct transfer of the OS using the Rsync software

 rsync -avH --progress /mnt2/ /mnt 

Rsync options are described in E1.

Next, you need to defragment the partition of the logical disk

 e4defrag -c /mnt/ # , e4defrag ,    ~"0",  ,       ! e4defrag /mnt/ #   GNU/Linux 

Migrating and synchronizing [GNU / Linux> GNU / Linux-encrypted] is completed in this step.

AT 4. Configuring GNU / Linux on an encrypted sda7 partition

After the successful transfer of the OS / dev / sda4> / dev / sda7, you need to enter GNU / Linux on the encrypted partition, and perform further configuration (without rebooting the PC) of the encrypted system. That is, to be in live usb, but to execute commands “relative to the root of the encrypted OS”. Simulate a similar situation will be "chroot". In order to promptly receive information from which OS you are currently working (encrypted or not, since the data in sda4 and sda7 are synchronized) , unsynchronize OSs. Create in the root directories (sda4 / sda7_crypt) empty marker files, for example, / mnt / encryptedOS and / mnt2 / decryptedOS. Quick check what OS you are in (including the future):

 ls /<Tab-Tab> 

[] GRUB2

[D] —

, « », .

As usual, there are various “myths and legends ” about data recovery after they are deleted from the hard disk. If you believe in cyberspace, or are members of the Dr web community and have never tried to recover data after deleting / rewriting it (for example, restoring using R-studio) , then the proposed method is unlikely to suit you, use what is closer to you.
After the successful transfer of GNU / Linux to an encrypted partition, the old copy must be deleted without the possibility of data recovery. Universal cleaning method: software for Windows / Linux free GUI software BleachBit .
Quickly format the partition whose data you want to destroy (using Gparted),Run BleachBit, select "Clean up free space" - select a partition (your sdaX with the previous copy of GNU / Linux) , the cleaning process will start. BleachBit - wipes the disc in one pass - this is what we need, BUT! this only works in theory if you formatted the disk and cleaned it in BB v2.0 software.
Attention ! BB wipes the disk, leaving the metadata, the file names are saved when the data is erased (Ccleaner does not leave metadata).


In this step, “disc cleaning” is completed.

[E] Universal backup of encrypted OS

Each user has his own method of data backup, but the encrypted data of the “System OS” requires a slightly different approach to the task. Unified software such as Clonezilla and similar software cannot work directly with encrypted data.

Setting the task of backing up encrypted block devices:

1. universality - the same algorithm / backup software for Windows / Linux;
2. the ability to work in the console from any GNU / Linux live usb without the need for additional software download (but still recommend the GUI) ;
3. backup security - stored “images” must be encrypted / password protected;
4. the size of the encrypted data must match the size of the actual data copied;
5. convenient extraction of the necessary files from the backup (there is no requirement to decrypt the entire section first).

For example, backup / restore through the utility "dd"

 dd if=/dev/sda7 of=//sda7.img bs=7M conv=sync,noerror dd if=//sda7.img of=/dev/sda7 bs=7M conv=sync,noerror 

Corresponds to almost all items of the task, but according to claim 4 does not hold water, as it copies the entire section of the disk as a whole, including free space. Not interested.

For example, a backup copy of GNU / Linux via the tar archiver | gpg is convenient, but for Windows backup you need to look for another solution. Not interested.

[F] Attack on GRUB2 bootloader

If you have protected your bootloader with a digital signature and / or authentication (see p. C6.) , Then it will not protect you from physical access. Encrypted data will remain inaccessible, but protection bypass (reset of digital signature protection) GRUB2 allows a cyber villain to inject its code into the bootloader without arousing suspicion (unless the user manually monitors the status of the bootloader, or creates a strong, arbitrary script for grub.cfg).

Algorithm attack. Intruder

* Boot a PC from live usb. Any change (by the intruder) of the files will result in notifying the real PC owner about the invasion of the bootloader. But simple GRUB2 reinstallation with grub.cfg saving(and the subsequent possibility of editing it) will allow the attacker to edit any files (in this situation, when GRUB2 is loaded, the alert will not be sent to the real user. The status is the same <0>)
* Mounts the unencrypted partition, keeps "/ mnt / boot / grub / grub.cfg ".
* Reinstalls the bootloader (ejecting “perskey” from the core.img image)

 grub-install --force --root-directory=/mnt /dev/sda6 

* Returns "grub.cfg"> "/mnt/boot/grub/grub.cfg", if necessary, it edits, for example, adding your module "keylogger.mod" to the folder with the loader modules in the "grub.cfg"> line "Insmod keylogger". Or, for example, if the enemy is cunning, then after reinstalling GRUB2 (all signatures remain in place), it collects the main image of GRUB2 using “grub-mkimage with the (-c) option.” The “-c” option will allow you to load your config before loading the main "Grub.cfg". A config can consist of just one line: redirection to any “modern.cfg”, mixed, for example, with ~ 400 files (modules + signatures)in the folder "/ boot / grub / i386-pc". At the same time, the intruder can enter arbitrary code and load modules without affecting "/boot/grub/grub.cfg", even if the user has applied "hashsum" to the file and temporarily displayed it on the screen.
The attacker will not need to crack the login / password of the GRUB2 superuser, you just need to copy the lines (responsible for authentication) "/boot/grub/grub.cfg" into your "modern.cfg"

superusers = set «root»
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8

And for the PC host, the GRUB2 authentication of the root user will still be valid.

Chain loading (the loader loads another loader) , as I wrote above, does not make sense (it is intended for another purpose) . Because of the BIOS, you cannot load an encrypted bootloader (chain loading restarts GRUB2> encrypted GRUB2, an error!) . However, if you still use the idea of ​​chain loading, then you can be sure that it is the encrypted (not upgraded) “grub.cfg” that is loaded from the encrypted partition. And this is also a false sense of security, because everything that is stated in the encrypted "grub.cfg"(module loading) is added to modules that are loaded from unencrypted GRUB2.

If you want to check this, then select / encrypt another sdaY partition, copy GRUB2 onto it (grub-install operation on the encrypted partition is impossible) and in the “grub.cfg” (unencrypted config) change lines like this

menuentry 'GRUBx2' --class parrot --class gnu-linux --class gnu --class os $ menuentry_id_option 'gnulinux-simple-382111a2-f993-403c-aa2e-292b5eac4780' {
load_video
insmod gzio
if [x $ grubp ma ]; then insmod xzio; insmod lzopio; fi
insmod part_msdos
insmod cryptodisk
insmod luks
insmod gcry_twofish
insmod gcry_twofish
insmod gcry_sha512
insmod ext2
cryptomount -u 15c47d1c4bd34e5289df77bcf60ee838
set root='cryptouuid/15c47d1c4bd34e5289df77bcf60ee838'
normal /boot/grub/grub.cfg
}

strings
* insmod - loading the necessary modules to work with an encrypted disk;
* GRUBx2 -the name of the output line in the boot menu GRUB2;
* cryptomount -u 15c47d1c4bd34e5289df77bcf60ee838 - see fdisk -l (sda9);
* set root-install root;
* normal /boot/grub/grub.cfg - executable configuration file on the encrypted partition.

The confidence that it is the encrypted “grub.cfg” that is being loaded is a positive response to entering the password / unlocking the “sdaY” when selecting the “GRUBx2” line in the GRUB menu.

When working in the CLI, in order not to get confused (and to check if the “set root” variable environment worked),create empty marker files, for example, in the encrypted "/ shifr_grub" section, in the unencrypted "/ noshifr_grub" section. CLI Check

 cat /Tab-Tab 

As noted above, this will not help from downloading malicious modules if such modules are on your PC. For example, a keylogger who can save keystrokes to a file and mix with other files in "~ / i386" until an attacker downloads it with physical access to a PC.

The easiest way to verify that digital signature protection is actively working (not reset) , and no one has invaded the bootloader, in the CLI we type the command

 list_trusted 

in response, we receive a cast of our perskey, or do not get anything if we are attacked (you also need to check “set check_signatures = enforce”) .
Essential minus of such step, to fill teams manually. If you add this command to “grub.cfg” and protect it with a digital signature, then the preliminary output of the key snapshot on the screen is too short in timing, and you may not have time to see the output, having received the GRUB2 download.
There is no one to complain to: the developer in his documentation Clause 18.2 officially states

«Note that even with GRUB password protection, GRUB itself cannot prevent someone with physical access to the machine from altering that machine's firmware (eg, Coreboot or BIOS) configuration to cause the machine to boot from a different (attacker-controlled) device. GRUB is at best only one link in a secure boot chain».

GRUB2 is too overloaded with functions that can give a sense of false security, and its development has already been ahead of MS-DOS OS, but this is just a bootloader. It's funny that GRUB2 - “tomorrow” can become an OS, and GNU / Linux loaded virtual machines for it.

A small video about how I dropped the GRUB2 digital signature protection and announced my intrusion to a real user (scared, but instead of what is shown on the video - you can write a non-harmless arbitrary code / .mod) .


Findings:

1) Block system encryption for Windows is easier to implement, and protection with one password is more convenient than protection with multiple passwords with GNU / Linux block system encryption.
2) The article was written as a relevant, detailed and simple guide to full Windows / GNU / Linux system encryption, which you are not meeting on the network. Therefore, it did not consider some interesting chapters: about cryptographers who disappear / remain in the shadows; that in different GNU / Linux books they do not write about encryption; on Article 55 of the Constitution of the Russian Federation; about what you need to encrypt the root / boot. The article turned out to be already considerable, but detailed (describing even simple steps), in turn, this will save you a lot of time when you take up full system encryption.
3) System encryption performed on Windows 7 64; GNU / Linux Parrot 4x; GNU / Debian 9.0 / 9.5.
4) Implemented a successful attack on the GRUB2 bootloader.
5) Tutorial was created to help all the paranoid CIS, but was not duplicated in the blog Habr social network vk (for reasons unknown to me).

[G] Useful Documentation

1. TrueCrypt User Guide (February 7, 2012 RU)
2. VeraCrypt Documentation
3. / usr / share / doc / cryptsetup (-run) [local resource] (the official detailed documentation for setting up GNU / Linux encryption using cryptsetup)
4. The official cryptsetup FAQ (a brief documentation on configuring GNU / Linux encryption using cryptsetup)
5. LUKS device encryption (archlinux documentation)
6. Detailed cryptsetup syntax (arch manual page)
7. Crypttab Detailed Description (arch manual page)
8. Official documentation GRUB2 .

Tags: full disk encryption, partition encryption, full Linux encryption, full system encryption.