6

Is there a file system standard (like LUKS) that allows anyone who can plug in the hard drive to read files, but requires a passphrase to modify or write? For example, I can do something similar by signing an unencrypted file with gpg whenever I save it.

I admit it's impossible to prevent a malicious OS from modifying the files anyway. Therefore I'm looking for a file system that can detect malicious changes in such a way that an attacker without the passphrase cannot simulate an authorized change without breaking a modern cryptographic function.

Liz
  • 63
  • 3

1 Answers1

5

Yes, this is called dm-verity, which is supported by cryptsetup. It verifies the filesystem as it is read using cryptographic hashes. If anyone was to modify the filesystem without the appropriate credentials, your operating system would throw an error next time it is read, alerting you to the fact that there may be tampering. Making changes involves rebuilding the filesystem with a new hash tree.

The tool for configuring dm-verity is veritysetup(8).

forest
  • 64,616
  • 20
  • 206
  • 257
  • 1
    Is it possible to detect the roll-back, i.e. changing the encrypted file system into an old version? – kelalaka Apr 06 '19 at 07:29
  • 3
    @kelalaka I think you can seal the root hash with the TPM, so rollback would only be possible if you had the PIN for the TPM. Otherwise no, an attacker could roll back. The integrity of `dm-verity` relies on the integrity of the root hash, and protecting that hash isn't the job of the device mapper subsystem. – forest Apr 06 '19 at 07:31