Integrate eCryptfs

Registered by Zach Pfeffer on 2011-09-22

On Tue, Sep 20, 2011 at 9:05 PM, Zach Pfeffer <email address hidden> wrote:
> Ha!
>
> Yeah sounds cool.
>
> Happy to meet up. We could probably pull it into our builds - create
> an ecryptfs partition for people to play with.

Thanks for the intro, Andy!

Zach, the cool thing about eCryptfs is that it doesn't require a
partition. It's a layered filesystem, so you just mount one directory
on top of another. The top one has a cleartext view of files/folders.
 The lower one (which is the one that's actually written to the lower
filesystem -- any filesystem you like -- contains the encrypted data,
which gets written to disk).

If you want to play with it, just install ecryptfs-utils, and assuming
ecryptfs is built into your kernel (it is by default in Ubuntu), just
run "ecryptfs-setup-private". Logout, and then back in. Your
$HOME/Private directory is where you'd save your sensitive data (like
a ~/.firefox cache, for instance, which you can symlink back into
place). The actual encrypted data is stored in $HOME/.Private. Play
with it a bit and you'll get the idea. Alternatively, you can encrypt
*all* of $HOME. Anyway, seems like it might be kinda cool, from a
security and privacy PoV for Linaro builds.

I'm in Austin this week, and then traveling to Boston for the next 2.
Grab a beer some time after that, and before UDS?

Cheers,
--
:-Dustin

Dustin Kirkland
Manager, Systems Integration
Corporate Services
Canonical, LTD

Blueprint information

Status:
Not started
Approver:
Zach Pfeffer
Priority:
Undefined
Drafter:
Dustin Kirkland 
Direction:
Needs approval
Assignee:
Dustin Kirkland 
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Notes:
[zpfeffer 2011/11/8] Dustin, would you mind breaking this BP up a little? We do month-to-month cycles, so having this BP plus a 11.11 BP that just takes care of the tangibles for 11.11 would let us get it on the Android schedule. As the cycles continue this overall BP will get smaller. Sound good?

Note that Android is doing something similar-but-different using dmcrypt:
 * http://source.android.com/tech/encryption/android_crypto_implementation.html

I think eCryptfs has some advantages over dmcrypt here, but it would be good to make sure we're aware of what's going on there too.

Work items:
Compile ecryptfs into kernel (and dependencies, plus keyring, crypto algorithms like cbc and aes)
cryptfs-utils is GPLv2, Google says it's "no go", but Linaro is okay with it
pam stack? no pam stack
encryption penalty? probably not extremely bad
compression + encryption could speed things up because sdcard io is slow
data is stored in /data/data/APPNAME
/data/data could be mounted ecryptfs
need to see if anything in /data/data is needed to boot
could do an ecryptfs app per /data/data/APPNAME
could do more like a Private approach, with symlinks, with each app being able to be encrypted, or not
could look at app meta data properties about what app needs access to, to determine if encryption might be useful
could require strong passphrase at boot time
[bero] request kernel config building of ecryptfs iMX53: DONE
[bero] request kernel config building of ecryptfs Snowball: INPROGRESS
[bero] request kernel config building of ecryptfs Panda: INPROGRESS
[bero] request kernel config building of ecryptfs Panda upstream: INPROGRESS
[bero] request kernel config building of ecryptfs Origen: INPROGRESS
[bero] add ecryptfs-utils to manifest
[doanac] android.mk needs to be added to ecryptfs-utils packaging
[kirkland+tyhicks] get a panda board or a imx53, talk to joey
monthly releases
prove out changes on a panda board, then apply changes to a cyanogen and try on a phone
would need to get ecryptfs-utils building and running against bionic libc and on ARM
need to look at ext4 vs. yaffs2
put Private/ on vfat /sdcard, symlink app data to it!
probably not encrypt filenames, but maybe look into it

(?)

Work Items