The talk describes the architecture of data integrity protection with cryptsetup on Linux systems and the following steps that need to be achieved to have encrypted block-level authenticated storage.
The full disk encryption is a well-known way to achieve confidentiality of data. Unfortunately, it usually does not provide any integrity protection of data because of its length-preserving nature (plaintext is the same size as ciphertext; there is no space for data integrity tags). Since Linux kernel 4.12 and cryptsetup2 we can configure new Linux kernel dm-integrity and dm-crypt devices that support data integrity protection over block devices (by emulating sector data integrity extensions over standard disks). We will explain the architecture of such integrity-protected block devices (with the support of new integritysetup tool) and also a possibility to use cryptographically sound data integrity protection (authenticated encryption) in combination with disk encryption. We will also shortly introduce new LUKS2 on-disk format that is designed to integrate these features into existing Linux disk encryption toolset easily.
Speakers: Milan Broz