machizero is the main computer operating system under the umbrella of zandiro (currently under construction), powered by Gentoo Linux. It is the cornerstone of (almost) all zandiro applications. The followings are the essential aspects of the machizero, not one less.
- Plausible deniability encryption (against offline attackers)
- Data redundancy (against hardware failures)
- Data integrity check (against silent data corruptions)
- Snapshot (against malfunctioning software and/or human errors)
Plausible deniability encryption
Plausible deniability is archived by full disk encryption with detached header. As the header is detached (e.g. to a removable USB), the main storage is no more than a random sequence of bits without the decryption key in the header. In theory, the attackers will not be able to prove if the disk is wiped with random data or containing encrypted data.
Apart from extreme situations, having full disk encryption allows us to return our hard disks for warranty claims without any worries.
It may seem invincible though, even a properly configured system is vulnerable to many other threats, including keylogger attack or as simple as shoulder surfing attack.
Computer users fall into two groups:- those that do backups those that have never had a hard drive fail. -NeddySeagoon
Storage media is hardware. All hardware will fail. If it does not fail now, it will fail some days later.
Data confidentiality is critical, meanwhile storage reliability is equally important. machizero archives both by building software RAID on top of the full disk encryption.
Data integrity check
Data redundancy provides an extra copy (or copies) when data corruption occurs. The system needs to know when. There needs to be a mechanism to check whether the data is corrupted or not. Moreover, in case of a bit rot happens, the system needs to know which copies among the pool of redundancies are correct. This cannot be done without checksumming.
RAID and checksumming may tackle hardware errors well, there are significant times that data losses are due to human errors (including malfunctioning software) where data backup will save the day.
Conventional backup creation is usually a lengthy process and requires taking the system offline, which is not feasible to high-availability systems.
A full backup may consume up to the size of the original data. The storage space requirement is large. Considering machizero is already having data redundancy, a certain file can be duplicated into up to 4 places. This renders storage efficiency could be as low as 25%, which is undesirable.
|Active Disks||Mirror Disks|
A certain file
Mirror of the file
Full initial backup of the file
Mirror of the backup file
To solve the aforementioned issues, snapshots come into play. Snapshot creation does not require system downtime. Furthermore, the creation of a snapshot does not take up extra storage space. It only takes a “snapshot” of the system state at the moment, meanwhile allowing the system to be rolled back to a particular point in the past. Snapshot serves the purpose of undoing human and/or software errors.
This section is under construction. Content here is incomplete or even incorrect. Please skip this section for now until this warning banner is taken down.
When considering redundancy over encryption (RAID on LUKS), versus encryption over redundancy (LUKS on RAID), many documentations recommend the later approach. Benefits includes:
On the contrary, the issues of having encryption over redundancy (LUKS on RAID) those need to be overcome includes:
- Debugging RAID problems becomes much harder. In case of RAID failure, one needs to be sure there are snapshots to roll back to previous working state.
- You cannot do automatic RAID assembly
- You need to keep the encryption keys for the different RAID components in sync or manage them somehow.
Filesystem 1 <- top | Encryption (LUKS) | RAID | Raw partitions (optional) | Raw disks <- bottom
Filesystem 2 <- top | Encryption (LUKS) | RAID | Raw partitions (optional) | Raw disks <- bottom
|Layer||Concept||Implemented by||Proof of concept||Implemented||Documented||Automated|
|6||Container||LXD||Not yet||Not yet||Not yet||Not yet|
|5||Graphical user interface||KDE Plasma||Partial||Partial||Not yet||Not yet|
|4||Display server||Wayland||Not yet||Not yet||Not yet||Not yet|
|3||Operating system||Gentoo Linux||Yes||Yes||Not yet||Not yet|
|2||RAID and filesystem||ZFS with RAIDZ||Yes||Yes||Not yet||Not yet|
|1||Full disk encryption||LUKS with detached header||Yes||Yes||Not yet||Not yet|
|0||Physical Storage||Hard Disks||N/A||N/A||N/A||N/A|
Full disk encryption
Full disk encryption is implemented using Linux Unified Key Setup (LUKS) with detached header. LUKS, an implementation of cryptsetup, is the best feature-wise, well maintained, and open source full disk encryption solution.
RAID and Filesystem
To avoid any filesystem metadata appears on the physical disk which breaks plausible deniability, bare LUKS encryption needs to be sit in the lowest layer just on the bare disks. Besides, having multiple hard disks with identical random bit sequences would lower the degree of plausible deniability. Each member of the mirror or RAID needs its own LUKS header.
Graphical user interface
The setup steps of machizero is highly inspired by the Gentoo Linux amd64 Handbook, the Sakaki's EFI Install Guide, and the Fearedbliss's Installing Gentoo Linux On ZFS. The commons, deviations, and options of choices will be explicitly annotated between the steps.
- Installation Prerequisites. Encryption is a double edged sword. It adds confidentiality to our system. Yet it is easy to render our data unrecoverable if not handled correctly. In this section there are some examples to get familiar with LUKS and ZFS. There are also some tests for performance. And gather necessary information to start the installation process.
- LUKS on raw disks.
- ZFS mirror
- Install Gentoo
- KDE Plasma
- Bullet Proof Data Encryption with LUKS and a detached Header, originally inspired by this article.
- Cryptsetup FAQ Item 5.18 What about Plausible Deniability? So, does the idea work in practice? No, unfortunately.
- Rubber-hose cryptanalysis.
- The $5 wrench approach.
- Cryptsetup FAQ Item 2.2 Scenario 4 RAID on LUKS?. One is that suddenly debugging RAID issues becomes much harder.
- Comparison of disk encryption software