RFC: Revision of /home encryption on SFOS

An update:

• project repositories have moved into Sailfish OS Open · GitHub . You could follow GitHub - sailfishos-open/sailfish-device-encryption-community: Support for device storage encrypti issues as a progress indicator.

• Decryption of /home is implemented using systemd units and scripts that request password(s) via systemd-ask-password

• Passwords can be entered through dedicated UI which is started during a boot. For that, keyboard is available (English chars, numbers, symbols).

• Proof of concept has been reached with the full text password, either plain or piped through Android hardware bound key for signing, used to decrypt /home partition.

• Solution should work for ports based on official devices approach (such as Sony Tama devices) and regular unofficial ports. Latter could just use loopback file for encrypting /home.

More work is needed, but it is getting there.

Update:

• instead of scrypt, I decided to use argon2 as that is fully packaged already as a part of ownKeepass efforts. In addition, as LUKS accepts larger key files as well, I skipped post-processing after signing with hardware bound key. So, key derivation scheme for Android keystore backed scheme is echo UserPassword | argon2 ... | hwcrypt. Implementation at sailfish-device-encryption-community/hwcrypt-key at master · sailfishos-open/sailfish-device-encryption-community · GitHub

Will now work on enabling encryption on devices via GUI, as a part of the first boot.

Great progress! argon2 is the original, no 2i or 2d? I don’t think it ‘really’ matters in our case, but I’m not sure.

See used command:

That doesn’t tell me which version of argon2. libargon-tools in 4.1 same as in 3.4?

OK, I misunderstood. It is from Chum: GitHub - sailfishos-chum/libargon2 . So same version for all supported versions.

Thanks! I’ll have a look!

EDIT: in the original, it looks like the default is to build all the variants (Argon2i, Argon2d, and Argon2id are parametrized by:…)
use Argon2d instead of Argon2i callargon2d_hash_rawinstead ofargon2i_hash_raw`

Are these available?

It is calling with -id option that should combine d and i after each other. As far as I understood, this is a recommended way of key derivation by argon2

Cool. I’m going to have to try this, but it probably makes more sense to get version 4.1 running on my second volla phone, or?. I also have an fp2 with 3.4 that might do.

Sadly, I still haven’t been able to flash 4.1 on the volla.

I am writing now startup wizard and settings app. It has started with support library which would be responsible for the actions. It would make sense to wait with trials until those are sorted. Then testing by myself, testing by you, and I hope someone can take time and review the code. After that, roll out

So, in this respect - you have few days to sort out Volla situation

Cool. I’ll get the next test device going.

Got first version of setup wizard written and managed to hit …

https://forum.sailfishos.org/t/allow-to-decouple-luks-password-from-used-security-code

Edit: found a workaround

Getting there. Settings app and daemon done - the first version of it:

Screenshot_20210911_0011080×2160 552 KB

Screenshot_20210911_0021080×2160 753 KB

Screenshot_20210911_0031080×2160 751 KB

@piggz has made a video with the startup: Pinephone /home encryption using SailfishOS - YouTube

We have just reached the state where all the initially planned functionality is ready. All packages involved in providing encryption solution as discussed above are tagged with their first release tags. I am planning to roll out this solution on Sony Tama port and I hope other devices will follow.

@rinigus If the subsystem is based on LUKS2 (@jolla) it would inheriting argon2i as PBKDF. A far better brute force protection …

On the released version (4.2 SFOS, Tama port and I presume some others as well), LUKS2 is used with argon2 based keygen. However, this is insufficient. Don’t forget that our phone CPUs are way weaker than your PC CPU. So, number of iterations done by argon2 is smaller than would be needed to protect against attack on PC/server. Hence, in the community encryption, hardware backed key is used as a part of the key generation procedure. This essentially limits the attack to be performed on phone itself - it is just too time consuming to start guessing the key otherwise. As hardware key access can be limited, it makes brute force attack rather unattractive option - something we, as users, would prefer to have.

is it possible now that i can use this on my Sony xperia 10 ? and how can i set it up ? can someone help me please ?

No, not yet. Official ports have LUKS password the same as your PIN. So, you cannot really do much with such setup. When asked on the community meeting regarding their LUKS alphanumeric passwords, Jolla developers replied that they don’t plan to use open-sourced solution, as it was developed here, and, instead, cruft something themself.

Now, I expect that they will have to drop this “brilliant” idea of having coupled LUKS password and PIN in that case. Which should allow to replace Jolla’s solution with this one if someone will want it. Hence, “not yet”. Let’s see whether such decoupling will happen with 4.4.

Do we know what they did?

I’m still confused why I have two passcodes and I don’t know how to change either. I’d certainly like SF to stop asking for one. I’d guess the other linked to the encryption key is virtually impossible to change.