Ask / Submit
537

optional encryption of the device

Tracked by Jolla

asked 2013-12-26 01:26:45 +0300

ortylp gravatar image

updated 2015-05-03 14:50:13 +0300

chemist gravatar image

Option for encryption of $HOME and Android directories containing user data is needed.

Use case: I do not want to worry about my data stored on the device (including various access tokens and keys) in case I loose the phone or it gets stolen.

edit retag flag offensive close delete

Comments

see also keychain linked to TOH & link all/previous changes to TOH

AL13N ( 2013-12-26 01:45:17 +0300 )edit
6

This should be fairly easy, as Linux already has all these LUKS/dmcrypt and eCryptFS stuff done. It might however need more CPU and thus consume battery. Maybe better put it as an option users can choose it they want to.

Please add tag 'securiity'

otto ( 2013-12-26 23:34:48 +0300 )edit
25

Besides home directory ecryption, also include option to encrypt SD card contents. That would be something that not even Android supports yet. And please use some standard Linux crypto so that the SD card can be mounted and opened without the original phone.

otto ( 2013-12-26 23:36:42 +0300 )edit
3

@otto this isn't as easy as one might think, because there's a lot of catch 22's here... order of services becomes important, etc... in theory all elements are available, but i can guarantee that alot of time will be spent in order to combine it into "1 feature"

AL13N ( 2013-12-26 23:38:28 +0300 )edit
13

Looking at the locked bootloader shitstorm today, we need encryption ASAP to allow the boot loader opened again: vote, vote, vote!

We must not loose any more developers!

ortylp ( 2013-12-28 13:25:13 +0300 )edit

14 Answers

Sort by » oldest newest most voted
5

answered 2016-08-17 22:33:46 +0300

hoschi gravatar image

updated 2016-08-17 22:36:54 +0300

For the next official device I want ask for hardware-based encryption through the memory itself.
Rational: As fast, as without encryption. Works transparently, for all operating-systems (rescue-system, adb, sailfish and so on). Laptops and most modern SSDs with ATA-Secure have shown, it works.

Please note, you don't need unlock the key for the drive during runtime (i.e. devicelock) only during power-up. During runtime the the device-lock protects your device.

Benefit for Jolla: Less code to develop, less surface to make mistakes.

edit flag offensive delete publish link more
5

answered 2016-08-17 19:48:46 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2016-08-18 18:06:34 +0300

magahugu gravatar image

Hi All, I successfully created an encrypted partition using crypsetup tool available from warehouse. My aim is to encrypt all data at /home including application config files and user data.

However, mounting the partition on top of hone and restarting lipstick and other services does not load the user config files from the binded home partition.

Why would this be?

Cheers, M.

Steps to reproduce cryptsetup loopmounted /home partition:

  1. enabe developer mode

  2. ssh into device (ssh nemo@ip)

  3. Run commands:

    #gain root devel-su #reset root password passwd

    curl -O https://openrepos.net/sites/default/files/packages/500/cryptsetup-1.6.4-1.armv7hl.rpm

    curl -O https://openrepos.net/sites/default/files/packages/500/libcryptsetup4-1.6.4-1.armv7hl.rpm

    pkcon install-local libcryptsetup4-1.6.4-1.armv7hl.rpm

    pkcon install-local cryptsetup-1.6.4-1.armv7hl.rpm

    #Setup crypt disk devel-su fallocate -l 10G /root/.crypt.img

      cryptsetup luksFormat /root/.crypt.img -c aes-cbc-essiv:sha256
      cryptsetup luksOpen /root/.crypt.img crypt
      devel-su
      mkfs.ext4 /dev/mapper/crypt
    

copy over data

mkdir /crypt

mkdir /mounts

rsync -av /mounts/ /crypt

Create and run mount script:

su - -c "cryptsetup luksOpen /root/.crypt.img crypt"

su - -c "      mount /dev/mapper/crypt /crypt/"

su - -c "      mount -o bind /crypt/nemo/.cache /home/nemo/.cache"

su - -c "      mount -o bind /crypt/nemo/.local /home/nemo/.local"

su - -c "      mount -o bind /crypt/nemo/.mozilla /home/nemo/.mozilla"

su - -c "      mount -o bind /crypt/nemo/.qmf /home/nemo/.cache"

su - -c "      mount -o bind /crypt/nemo/.sailfish-accounts-tool /home/nemo/.sailfish-accounts-tool"

su - -c "      mount -o bind /crypt/nemo/.timed /home/nemo/.timed"

su - -c "mount -o bind /crypt/data/ /opt/alien/data/"

su - -c " systemctl restart user@100000"
edit flag offensive delete publish link more

Comments

Nice work. I really want my Jolla devices to be encrypted.

On the config file loading, no idea, perhaps they are only not processed at start-up?

Pim ( 2016-08-19 12:33:30 +0300 )edit

Does this lack of not loading config files make up a serious problem?

ds1979 ( 2018-01-21 17:03:50 +0300 )edit

Hi All, After some Android time I'm back on Jolla and am impressed by the good battery life and still up to date platform.

Again I am trying to encrypt my device as it's terrible to lose it and have all my data leaked. cryptsetup is easy enough to install via

devel-su

pkcon install cryptsetup

Like my earlier post, after creating an encrypted device and moving all my data there, how do I replace the /home/nemo folder and refresh all the apps with the new configuration files?

Or is there a way to drop to a terminal during boot where I can run the script to over-mount the /home/nemo directory before all the apps are opened?

The problem is that allthough I mount the new cryptdevice at /home/nemo, none of the apps pick up the new configuration and files.

I've tried reloading the overview app, no luck.

magahugu2 ( 2018-04-04 14:52:42 +0300 )edit
2

answered 2016-04-09 22:40:53 +0300

otto gravatar image

Implement the encryption using whatever seems to be the most compatible standard Linux toolset for btrfs/systemd etc (probably LUKS/cryptfs or ecryptfs) but most importantly, utlize the SIM card for secure key storage. SIM cards are very suitable for that and this is an excellent opportunity unlike laptops, where SIM cards (=smart cards) are rare.

See technical description at https://together.jolla.com/question/3099/save-encryption-keys-on-sim-card-eg-draft-sms/

edit flag offensive delete publish link more
15

answered 2015-10-23 03:47:23 +0300

fuckup23 gravatar image

updated 2015-10-23 03:48:48 +0300

little workaround i just tried:

  • Install cryptsetup from openrepos.net
  • plug in a sd card
  • cryptsetup -y -c aes-cbc-essiv:sha256 create sdcard /dev/mmcblk1
  • mkfs.ext4 /dev/mapper/sdcard
  • mkdir /home/nemo/crypto
  • mount /dev/mapper/sdcard /home/nemo/crypto
  • mv /home/nemo/Pictures /home/nemo/crypto/Pictures
  • ln - /home/nemo/crypto/Pictures /home/nemo/Pictures
  • do the same with .cache/.nemothumbs

  • add this line to /etc/fstab/:

/dev/mapper/sdcard /home/nemo/crypt ext4 defaults,noatime,user,noauto 0 0

  • unlock script:

sudo /usr/sbin/cryptsetup open /dev/mmcblk1 sdcard --type plain

mount /dev/mapper/sdcard

sudo /bin/chown nemo /home/nemo/crypt

  • lock script:

umount /home/nemo/crypt

sudo /usr/sbin/cryptsetup close sdcard

  • install sudo and edit /etc/sudoers:

nemo ALL=NOPASSWD: /usr/sbin/cryptsetup close sdcard

nemo ALL=NOPASSWD: /usr/sbin/cryptsetup open /dev/mmcblk1 sdcard --type plain

nemo ALL=NOPASSWD: /bin/chown nemo /home/nemo/crypt

there you are! More a hack than a solution, but this will protect your photos.


PS: this comes with absolutely no warranty, do not just copy+paste!

edit flag offensive delete publish link more

Comments

1

if there was the option of activating the boot screen with a virtual keyboard, we could just mount /home to the crypt-device. Would this be so hard to implement?

fuckup23 ( 2015-11-03 23:16:11 +0300 )edit

Thank you for the tip, has anyone tried this on SailfishOS 2 maybe? How does cryptsetup know what key to use, is it stored on the disk somewhere? Also, would it be much different to use luks (and safer as well, as in easier not to overwrite your data eg.)?

omichalek ( 2016-01-17 18:16:54 +0300 )edit

Hello, all! Is it possible to put this into one complete "instruction manual" to move everything into an encrypted "box"? I have nothing against some work in the terminal, but see: a newbie would have some trouble with these instructions. To be able to learn, some explanation would be nice. For instance, the usage of the instructions means that you make up a whole new file system on the SD card. The stuff on the SD card will be lost! This should be written down in there! Furthermore: is it possible to use it on the whole "home" folder? I am not so much into linux, so I'd better ask. As far as I see, you mount the SD card into /home/crypto and link the original pictures folder to a new encrypted folder on the SD card. Is this right? Such comments would make it far more readable and understandable for any newbie. What does the line "do the same with .cache/.nemothumbs" exactly mean? until I know this, I won't start working on a running system. How would I make a backup and put it back, if parts of the system were encrypted? Would this work?

ds1979 ( 2018-01-22 11:31:40 +0300 )edit

Hi,

my Jolla phone broke a few month after I wrote this comment. It had this series defect with the battery. I never touched a Jolla again. And I never will!

For me the Nokia N9 is still the best phone ever.

But the Jolla thing was garbage in hard- and software. And it was a fraud to sell this prototype as a product. Even basic functionality wasn't working well.

Maybe they wanted to much. they had fancy GUI, android support etc. everything with bugs. Instead cronstructing just a simple and working, phone. Someone who wants to run android applications just buys an android tlephone.

I thought Jolla was bankrupt and dead. now I read on wikipedia that the last release of the OS was a few month ago ...

fuckup23 ( 2018-01-22 22:35:05 +0300 )edit

Too bad for you. :-(

Could you please still read your text and hopefully answer most of my questions? Thank you in advance! Especially "do the same with .cache/.nemothumbs" is of interest.

Well, I see your comment very differently. The Sailfish OS works - except for anything that needs the Google stuff. But I use my smartphone only as second device besides my laptop, so I am not so much affected by it. I have had a device, which has lost connection to the battery all the time. But I think that for the first device, it was not such a bad product. If I remember the iPhone 1, I would say that the Jolla was more useable and you were able to add functionality by yourself if you wanted to learn or ask. I don't want to use Android apps, but unfortunately there are some that work. I like the principle in Sailfish OS from Unix: "Do one thing and do it well". I have found many apps with minor functionality to Android apps, but they do their work well. And: I have control above my own data. I have a home folder which is analog to my linux laptop. I can install very many stuff on the command line as a user who wants to know how and what. Here might be the difference: Jolla is not a phone for the iPhone user. It is one for people who are interested in how it works and who would do some research in forums and the internet to find out, how to get something working - like the encryption. :-) If you have your old device, try to get it working. :-) I still like it better than my old iPhone or my new Nokia 5. For me, it is more usable and much faster in every day use. Cheers!

ds1979 ( 2018-01-23 08:36:23 +0300 )edit
4

answered 2015-08-25 00:55:35 +0300

Kieler gravatar image

Hi all you sailors,

device- and SD-Card-encryption is a MUST in my point of view. Two years ago i got a Blackberry because of this opportunity. Now i can't read the SD-Card on my Linux-PC. That's a pit.., but okay! (Maybe in a couple of years my lokal police will do. I mean, do you really use 8-char-passwords today?) If there would be an easy2use GUI for LUKS (and LVM) it would be a winning tool for linux desktop and mobile!

so, thank you very much for your great work!

p.s.: shouldn't it be possible in the future the recrypt LUKS-devices on a higher enc-level without rebuilding the whole installation?

edit flag offensive delete publish link more
5

answered 2015-08-24 10:31:53 +0300

cray gravatar image

I find LUKS (https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) to be best for my use cases. It's pretty standard so SD card can be used in any Linux system and you can select whatever file system you want on top of LUKS.

edit flag offensive delete publish link more
6

answered 2015-05-03 02:38:33 +0300

pisco gravatar image

"A set of patches adding encryption to the ext4 filesystem" is announced for kernel version 4.1.  󠀠󠀠It is said to be easier on the resources than other approaches.

Any chance to benefit from it?

edit flag offensive delete publish link more

Comments

No, we probably will never get 4.1, at least not for the phone.

chemist ( 2015-05-03 12:37:38 +0300 )edit

@chemist please explain ...

luchmhor ( 2015-07-03 11:03:09 +0300 )edit
4

As long as Qualcomm sits on their drivers we are stuck with what we have now, and as it is very unlikely that they upgrade them even themselves there won't be a newer Kernel possible.

chemist ( 2015-07-03 14:40:07 +0300 )edit

that is disappointing

strayobject ( 2015-09-16 16:46:10 +0300 )edit
26

answered 2015-04-06 21:39:43 +0300

gabs5807 gravatar image

This is an very old feature-request. But now, with the announcement of mobile security, it is nesseccary to give this a higher priority. What help secure data/voice transfer, when the content on the mobile device is not crypted. The linux kernel used in SailfishOS supports LUKS/cryptsetup and the dmcrypt kenel modul. The standard boot mechanism with systemd also support loading the modul during boot and ask for a passphrase to unlock the device. Unlocking the root, the home and the sim card with the same passphrase should be possible and the UI to wayland grafic engine should also be possible. I hope at SailfishOS V2.0 this feature request wil be implemented.

Greetings

edit flag offensive delete publish link more
7

answered 2014-12-08 23:19:35 +0300

the_mgt gravatar image

Part of the SD Card specification is the ability to lock cards with a password. Nokia phones supported that. http://en.wikipedia.org/wiki/Secure_Digital#Card_password Of course, the card will probably only be readable with the phone that it was encrypted on. Sources on the web say, it might be compatible to identical devices.

I guess the NSA and the Bavarian Illuminati have a master key for that encryption, but at least your local police might not be able to search your sd card. It would be totally neat of course if all photos taken with the Jolla were stored on the locked card.

This was already proposed by @Alex in Apr 18 '14, but this feature of the SD cards seem to be neglected throughout tjc.

edit flag offensive delete publish link more

Comments

Simply use Secrecy an Android app that encrypts image and file data, you would have to copy it into the container and delete the unprotected file.

http://m.playboi2nv.store.aptoide.com/app/market/com.doplgangr.secrecy/53/7898510/SECRECY+-+Encrypt%2FHide+Files+α#

DarkTuring ( 2016-10-28 03:25:38 +0300 )edit
-1

answered 2014-05-30 09:16:59 +0300

AL13N gravatar image

updated 2014-05-30 09:18:23 +0300

I may be a valid option to have a master key fallback for when people forget their passwords and want their data unlocked. I don't know if this is feasible, but Shamir Shared Secret should for example, allow the user to unlock the data, but for example at the same time, a minimum of 3 of 9 possible sailors could also unlock the data in order to reset the password or something.

At the same time, a security value stored in the NFC of TOH might be required too... this makes it sort of a 2point authentication.

I don't know if people want this, but i'm just giving the option. (complex though it might be).

edit flag offensive delete publish link more

Comments

6

As I understand it, you want to enable Jolla to unlock our data if we forget the keys? As much as I trust Jolla, that is never a good idea. If they would happen to be compromised, all your data would immediately be compromised as well. Just as you don't give the keys of your house to the mayor of your village, you shouldn't give the keys to your data to whoever created your data carrier.

nthn ( 2014-05-30 13:41:08 +0300 )edit
3

I don't think having an universal master key is a good idea. Even if it is somehow split between multiple persons. This is an unnecessary security risk. So I prefer a simple encrypted drive. If the passphrase is lost all data is lost. If there are important files on the phone they should be backed up somewhere.

blubdibub ( 2014-11-21 00:57:59 +0300 )edit
7

How about using cryptsetup and luks? It allows for multiple key slots to unlock the encryption key itself.

That way if the user trusts Jolla, they leave the Jolla pre-shared key in slot N (ideally ability to toggle off in settings). If they do not, or if their employer wants/needs key escrow, they use cruptsetup for luksAddKey, luksRemoveKey, luksKillSlot, etc. maybe with some parts exposed via settings UI.

User key, entered via settings UI, would ideally allows setting a slot, so one can easily give e.g. a trusted spouse an unlock code.

pcfe ( 2014-11-22 18:29:04 +0300 )edit

this sounds great. I wasn't aware of this feature of cryptsetup and luks. As long as you can disable multiple keys or chose who has these keys I am all for it. Now we only need to more people to vote to increase the priority of device encryption.

blubdibub ( 2014-11-22 20:07:30 +0300 )edit
2

cryptsetup has (per default) eight slots for passphrases (per partition). And you are able to dump the slots and save them on an other place. So you can restore the partition if the sector with the slots are corrupt (if you are able to transfer the rest of the partition). The 'default' configuration of a secure linux system is to create a uncrypted /boot partition and a crypted / (root), swap and eventually /home partition. To unlock all crypted partitions at once, i use ond crypted partition used by LVM and place the favored partitions as logical volumes. But there are many other ways to get a secure device :-).

gabs5807 ( 2015-08-11 15:54:28 +0300 )edit
Login/Signup to Answer

Question tools

Follow
86 followers

Stats

Asked: 2013-12-26 01:26:45 +0300

Seen: 11,521 times

Last updated: Aug 18 '16