265433 – In geli section, add explanation to data integrity management

Bug 265433 - In geli section, add explanation to data integrity management

Summary: In geli section, add explanation to data integrity management

Status:	New

Alias:	None

Product:	Documentation
Classification:	Unclassified
Component:	Books & Articles (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-doc (Nobody)

URL:
Keywords:	needs-patch

Depends on:
Blocks:

Reported:	2022-07-25 11:48 UTC by clear.screen
Modified:	2022-07-27 01:25 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description clear.screen 2022-07-25 11:48:13 UTC

In GELI section of handbook, the authentication feature should be more documented, as data integrity stands with confidentiality in order to avoid data corruption in uses cases which do not involve FS with specific features.

1) Add a dash in Section 18.13.2. "Disk Encryption with geli" with authentication main feature (summary)

2) In procedure, present the use case and why integrity data checking is essential versus confidentiality (some use case can also involve data corruption because of hardware/software failure and not because of an attack).

One example with data integrity should be given.

NB : 
- Implication with aesni full software computation instead of accelerated software should be explained.

Comment 1 Pau Amma 2022-07-26 21:15:30 UTC

(In reply to clear.screen from comment #0)

Can you explain the use case(s) in your point 2 in more detail?

Comment 2 clear.screen 2022-07-27 01:25:39 UTC

As the GELI manual page [GELI(8)] say : the additional option -a "Enable data integrity verification" [...] "If the option is not given, there will be no authentication, only encryption."

The encryption/decryption process provide confidentiality (prevent non-authorized people to grant access to the data). Such algorithm with cryptographic mechanism ensure that encrypted data with genuine encryption/decryption key(s) will be decrypted but could not offer any guarantee against data corruption at storage layer or during computation.

The whole data integrity process can rely (in sequence) on 
- checking and correction mechanism of the hardware storage unit (in case of a silent hardware failure)
- data integrity checking mechanism of the cryptographic layer (in case of failure in hardware or software implementation)
- finally, on the data integrity checking and correction mechanism of the filesystem

Any failure on this dependency chain will lead to data corruption which is not related to an attacker but to hardware/software failure.

In the case of the media itself does not report errors (damaged flash devices for example), altered encrypted blocks will lead to corrupted data output. 

Thus, retrieving data (if it's possible) will only rely on the filesystem capacities.

Having data authentication enabled on the encryption/decryption layer would allow warning at early and low-level stage.