Archive for April, 2011

Encrypting your entire hard disk (almost)

0

I have a small netbook that I use when I travel, one of the original Asus EeePC’s, the 900.  It has a 9″ screen and a 16GB flash drive.  It runs Linux, and it’s just about right for accessing email, some light surfing, and doing small tasks like writing blog posts and messing with my checkbook.  And since it runs Linux, I can do a lot of nice network stuff with it, like SSH tunneling, VPN’s, and I can even make it act like a wireless access point.

However, the idea of leaving my little PC in a hotel room while I am out having fun leaves me a little uneasy.  I am not concerned with the hardware… it’s not worth much.  But I am concerned about my files, and the temporary files like browser cookies and cache.  I’d hate for someone to walk away with my EeePC and also gain access to
countless other things with it.

So this week, I decided to encrypt the main flash drive.  Before, the entire flash device was allocated as one device:

partition 1  –  16GB  –  the whole enhilada

Here’s how I made my conversion.

(0) What you will need:

  • a 1GB or larger USB stick (to boot off of)
  • an SD card or USB drive big enough to back up your root partition

(1) Boot the system using a “live USB stick” (you can create one in Ubuntu by going to “System / Administration / Startup Disk Creator”.  Open up a terminal and do “sudo -i” to become root.

ubuntu@ubuntu:~$ sudo -i
root@ubuntu:~$ cd /
root@ubuntu:/$

(2) Install some tools that you’ll need… they will be installed in the Live USB session in RAM, not on your computer.  We’ll install them on your computer later.

root@ubuntu:/$ apt-get install cryptsetup

(3) Insert an SD card and format it. I formatted the entire card.  Sometimes, you might want to make partitions on it and format one partition.

root@ubuntu:/$ mkfs.ext4 /dev/sdb
root@ubuntu:/$ mkdir /mnt/sd
root@ubuntu:/$ mount /dev/sdb /mnt/sd
root@ubuntu:/$

(4) Back up the main disk onto the SD card. The “numeric-owner” option causes the actual owner and group numbers to be stored in the tar file, rather than trying to match the owner/group names to the names from /etc/passwd and /etc/group (remember, we booted from a live USB stick).

root@ubuntu:/$ tar --one-file-system --numeric-owner -zcf /mnt/sd/all.tar.gz .
root@ubuntu:/$

(5) Re-partition the main disk. I chose 128MB for /boot.  The rest of the disk will be encrypted.  The new layout looks like this:

partition 1  –  128MB  –  /boot, must remain unencrypted
partition 2  –  15.8GB  –  everything else, encrypted

root@ubuntu:/$ fdisk -l

Disk /dev/sda: 16.1 GB, 16139354112 bytes
255 heads, 63 sectors/track, 1962 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0002d507

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        1          17      136521   83  Linux
/dev/sda2           18        1962    15623212+  83  Linux
root@ubuntu:/$

(6) Make new filesystems on the newly-partitioned disk.

root@ubuntu:/$ mkfs.ext4 /dev/sda1
root@ubuntu:/$ mkfs.ext4 /dev/sda2
root@ubuntu:/$

(7) Restore /boot to sda1. It will be restored into a “boot” subdirectory, because that’s the way it was on the original disk.  But since this is a stand-alone /boot partition, we need to move the files to that filesystem’s root.

root@ubuntu:/$ mkdir /mnt/sda1
root@ubuntu:/$ mount /dev/sda1 /mnt/sda1
root@ubuntu:/$ cd /mnt/sda1
root@ubuntu:/mnt/sda1$ tar --numeric-owner -zxf /mnt/sd/all.tar.gz ./boot
root@ubuntu:/mnt/sda1$ mv boot/* .
root@ubuntu:/mnt/sda1$ rmdir boot
root@ubuntu:/mnt/sda1$ cd /
root@ubuntu:/$ umount /mnt/sda1
root@ubuntu:/$

(8) Make an encrypted filesystem on sda2. We will need a label, so I will call it “cryptoroot”.  You can choose anything here.

root@ubuntu:/$ cryptsetup luksFormat /dev/sda2

WARNING!
========
This will overwrite data on /dev/sda2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: ********
Verify passphrase: ********
root@ubuntu:/$ cryptsetup luksOpen /dev/sda2 cryptoroot
root@ubuntu:/$ mkfs.ext4 /dev/mapper/cryptoroot
root@ubuntu:/$

(9) Restore the rest of the saved files to the encrypted filesystem that lives on sda2.  We can remove the extra files in /boot, since that will become the mount point for sda1.  We need to leave the empty /boot directory in place, though.

root@ubuntu:/$ mkdir /mnt/sda2
root@ubuntu:/$ mount /dev/mapper/cryptoroot /mnt/sda2
root@ubuntu:/$ cd /mnt/sda2
root@ubuntu:/mnt/sda2$ tar --numeric-owner -zxf /mnt/sd/all.tar.gz
root@ubuntu:/mnt/sda2$ rm -rf boot/*
root@ubuntu:/mnt/sda2$ cd /
root@ubuntu:/$

(10) Determine the UUID’s of the sda2 device and the encrypted filesystem that sits on top of sda2.

root@ubuntu:/$ blkid
/dev/sda1: UUID="285c9798-1067-4f7f-bab0-4743b68d9f04" TYPE="ext4"
/dev/sda2: UUID="ddd60502-87f0-43c5-aa28-c911c35f9278" TYPE="crypto_LUKS"   << [UUID-LUKS]
/dev/mapper/root: UUID="a613df67-3179-441c-8ce5-a286c16aa053" TYPE="ext4"   << [UUID-ROOT]
/dev/sdb: UUID="41745452-3f89-44f9-b547-aca5a5306162" TYPE="ext3"
root@ubuntu:/$

Notice that you’ll also see sda1 (/boot) and sdb (the SD card) as well as some others, like USB stick.  Below, I will refer to the actual UUID’s that we read here as [UUID-LUKS] and [UUID-ROOT].

(11) Do a “chroot” inside the target system. A chroot basically uses the kernel from the Live USB stick, but the filesystem from the main disk.  Notice that when you do this, the prompt changes to what you usually see when you boot that system.

root@ubuntu:/$ mount /dev/sda1       /mnt/sda2/boot
root@ubuntu:/$ mount --bind /proc    /mnt/sda2/proc
root@ubuntu:/$ mount --bind /dev     /mnt/sda2/dev
root@ubuntu:/$ mount --bind /dev/pts /mnt/sda2/dev/pts
root@ubuntu:/$ mount --bind /sys     /mnt/sda2/sys
root@ubuntu:/$ chroot /mnt/sda2
root@enigma:/$

(12) Install cryptsetup on the target.

root@enigma:/$ apt-get install cryptsetup
root@enigma:/$

(13) Change some of the config files on the encrypted drive’s /etc so it will know where to find the new root filesystem.

root@enigma:/$ cat /etc/crypttab
cryptoroot  UUID=[UUID-LUKS]  none  luks
root@enigma:/$ cat /etc/fstab
proc  /proc  proc  nodev,noexec,nosuid  0  0
# / was on /dev/sda1 during installation
# UUID=[OLD-UUID-OF-SDA1]  /  ext4  errors=remount-ro  0  1
UUID=[UUID-ROOT]  /  ext4  errors=remount-ro  0  1
/dev/sda1  /boot  ext4  defaults  0  0
# RAM disks
tmpfs   /tmp       tmpfs   defaults   0  0
tmpfs   /var/tmp   tmpfs   defaults   0  0
tmpfs   /var/log   tmpfs   defaults   0  0
tmpfs   /dev/shm   tmpfs   defaults   0  0
root@enigma:/$

(14) Rebuild the GRUB bootloader, since the files have moved from sda1:/boot to sda1:/ .

root@enigma:/$ update-grub
root@enigma:/$ grub-install /dev/sda
root@enigma:/$

(15) Update the initial RAM disk so it will know to prompt for the LUKS passphrase so it can mount the new encrypted root filesystem.

root@enigma:/$ update-initramfs -u -v
root@enigma:/$

(16) Reboot.

root@enigma:/$ exit
root@ubuntu:/$ umount /mnt/sda2/sys
root@ubuntu:/$ umount /mnt/sda2/dev/pts
root@ubuntu:/$ umount /mnt/sda2/dev
root@ubuntu:/$ umount /mnt/sda2/proc
root@ubuntu:/$ umount /mnt/sda2/boot
root@ubuntu:/$ umount /mnt/sda2
root@ubuntu:/$ reboot

When it has shut down the Live USB system, you can remove the USB stick and let it boot the system normally.  If all went well, you will be prompted for the LUKS passphrase a few seconds into the bootup process.

Vacation in Hawaii

0

In April, our family went on a vacation in Hawaii.  My parents went with us, and we spent a week on Oahu, the “main island”.  We stayed in Waikiki Beach, which is just southwest of Honolulu.

Wednesday 2011-04-13

Wednesday was a long travel day.  We woke up at 3am to get ready for our early flight out, hopping across the country, finally to arrive in Honolulu at 6pm (plus six hours time zone difference).  By the time we got to the hotel and had supper, it had been a 24-hour travel day.

Thursday 2011-04-14

Thursday started at 2am, when Foong’s ipod alarm clock (still on Eastern time) went off.  She woke us up, claiming that it was 8am and that we needed to get ready for our “orientation breakfast”.  After our long day before and a half-night’s rest, no one wanted to get up.  It would be several hours before some of us were alert enough to figure out what had happened.

At the real 8am, we were ready to get up, and so we went to an “orientation breakfast”.  That’s a free welcome breakfast, sponsored by the hotel and many local businesses, where they tell you all about Hawaii and give suggestions on what to do.  We got suckered into taking a shuttle bus “to our hotel” by way of a museum and jewelry store, where they show you how coral is collected and polished into jewelry.  I spent most of my effort convincing Sydney that she would not get to open an oyster and discover (purchase) a pearl.  This game would last all week.

When we finally caught the shuttle back to our hotel, we decided tp declare our independence from our breakfast-feeding captors.  So we took our van and drove through Waikiki beach and to Diamond Head crater.  The trail to the top was closed for repairs, but we got to watch a helicopter taking supplies up to the top of the trail.  We found a geocache, and then headed out to explore some more.

One place we explored was Safeway.  We wanted to pick up breakfast stuff for the hotel, and some snacks and drinks for when we’re out.  They had a full lunch buffet, so we ate there and we watched the locals shop… an adventure in itself.

We spent the afternoon at our hotel, on the beach and at the pool.

Friday 2011-04-15

On Friday, we visited Pearl Harbor.  We saw the submarine USS Bowfin, the Arizona memorial, and the USS Missouri battleship.  It wasn’t a day that will live in infamy, but it was a sobering, educational trip.

Saturday 2011-04-16

We spent Saturday at the Polynesian Cultural Centure, which is on the Northeast side of Oahu.  This is a Polynesian-themed park that is run by the nearby Brigham Young University – Hawaii.  Like most of the park’s employees, our tour guides, Liam from New Zealand and Kotona from Japan, were BYU-H students.  We visited villages from Hawaii, Samoa, Aotearoa (New Zealand), Fiji, Tahiti and Tonga.  Each village had activities which showcase some aspect of Polynesian life.  We had dinner at a Luau, and later saw their eveng show, “H?: Breath of Life”.

The trip to the Polynesian Cultural Centure was definitely a highlight of our visit to Hawaii.

Sunday 2011-04-17

On Sunday, we drove to the North Shore to visit the Dole Plantation.  We took a ride on their mini-train, where they showed all of the different types of tropical crops that are grown in the area.  The most surprising part of our visit was learning that pineapples grow as blooms on the top of small bushes (I had always imagined them hanging from trees, like bananas or coconuts).  While we were on the train, it started raining.  Unfortunately, this was a long tropical mountain rain that did not let up, and so the rest of our visit was spent inside the gift shop.

We left the plantation and drove on to the North Shore.  Although the drive was only 8 miles, the landscape and weather changed dramatically along the way.  It was sunny and warm in Haleiwa, and so we got out and walked on the beach.  We also spent some time just up the road at Waimea Bay Beach Park.  The sand on the North Shore is a beautiful mix of shell fragments and volcanic pieces (especially compared to the sand at our hotel in Waikiki, which is trucked in from somewhere else, because of years of erosion).

Monday 2011-04-18

On Monday, we went snorkeling in Hanauma Bay, a bay that formed in an old volcano crater.  The floor of the bay is covered in coral, and you can easily see tropical fish and other wildlife.  This was an excellent place for a family to try snorkeling for the first time, because there are few waves and currents, the water is not very deep, and it’s easy to go from the snorkeling area back to the beach.  We saw all sorts of fish, and we even saw an octopus — and on the shore, there were chickens!

In the afternoon, we walked over to the Hilton to see their “Hawaiian Village”, which I thought was supposed to be some sort of display of native Hawaiian culture.  Instead, what we found was a collection of fancy shops that surrounds the Hilton’s pool pavilion.  It was nice, but not what I had expected.  The real shocker was seeing their display of African Black-Footed Penguins… in Hawaii??

We spent the rest of the day hanging around the pool and the outdoor restaurant at our hotel.

Tuesday 2011-04-19

We did some rough calculations, and we decided that it would be a good idea to do at least one load of laundry before we had to start “recycling”.  So we consulted the internet and made an elaborate plan to have our breakfast in Waikiki, just down the street from a laundromat.  This would also give us a chance to explore downtown Waikiki.  So we got the van, found a place to park, started a load, had breakfast, found a geocache, moved the clothes to the dryer, explored Waikiki some, and picked up our clothes.  We were so proud of how clever we were.  (Later, we discovered that our own hotel had a coin laundry in the basement, but it never occurred to us to check that close to home base!!!)

From there, we headed into downtown Honolulu to explore the ‘Iolani Palace, which was the official residence of King Kal?kaua and Queen Lili’uokalani.  Inside the palace, we learned about how the many tribes of Hawaii were united by King Kamehameha, and later how the queen complied under protest to the forceful annexation by the United States.

From there, we visited the Aloha Tower, which overlooks Honolulu Harbor, and is surrounded by shops.

I had made up my mind that it was time to experience an authentic Hawaiian meal, so we went to a place called “Kaka’ako Kitchen”.  It’s not much in terms of atmosphere, but it’s supposed to be good food.  I had Loco Moco and Nalo Greens… which I discovered was really just country chopped steak with gravy and a green salad.  So much for culture.

Wednesday 2011-04-20

We woke up Wednesday morning and headed back over to the Hilton’s “lagoon”, where the girls rented a paddleboard, which is like a large surfboard that they stand on and paddle with a long oar.

We had already seen the beaches, volcanoes, the city, and Pearl Harbor, but we still had not seen the tropical rainforest.  So after lunch, we decided to take a hike on the Manoa Falls trail.  According to the guide book that we read, this was supposed to be an “easy” trail, perfect for families.  In reality, although it was less than a mile long (one way), it was steep and muddy, and slippery in many parts.  The scenery along the path was amazing, with a thick forest at the base, then twisted viney trees, large clusters of bamboo, and finally an opening at the foot of a 100-foot waterfall.

After our hike, we had a little bit of afternoon daylight left, so we drove up to punchbowl crater, which is a large dormant volcano surrounded by a residential neighborhood in Honolulu.  Inside the crater is the National Memorial Cemetery of the Pacific.

Thursday 2011-04-21

Our flight back home was at 9pm, so we had most of Thursday free to explore.  We packed up and checked out of the hotel, and then Audrey and I bought one last souvenir, a ukulele.

Our final tourist attraction was Bishop Museum, which has exhibits on everything from early Polynesian culture to lava and volcanoes.

Wednesday 2011-04-13Wednesday was a long travel day.  We woke up at 3am to get ready for our early flight out, hopping across the country, finally to arrive in Honolulu at 6pm (plus six hours time zone difference).  By the time we got to the hotel and had supper, it had been a 24-hour travel day.

Thursday 2011-04-14

Thursday started at 2am, when Foong’s ipod alarm clock (still on Eastern time) went off.  She woke us up, claiming that it was 8am and that we needed to get ready for our “orientation breakfast”.  After our long day before and a half-night’s rest, no one wanted to get up.  It would be several hours before some of us were alert enough to figure out what had happened.

At the real 8am, we were ready to get up, and so we went to an “orientation breakfast”.  That’s a free welcome breakfast, sponsored by the hotel and many local businesses, where they tell you all about Hawaii and give suggestions on what to do.  We got suckered into taking a shuttle bus “to our hotel” by way of a museum and jewelry store, where they show you how coral is collected and polished into jewelry.  I spent most of my effort convincing Sydney that she would not get to open an oyster and discover (purchase) a pearl.  This game would last all week.

When we finally caught the shuttle back to our hotel, we decided tp declare our independence from our breakfast-feeding captors.  So we took our van and drove through Waikiki beach and to Diamond Head crater.  The trail to the top was closed for repairs, but we got to watch a helicopter taking supplies up to the top of the trail.  We found a geocache, and then headed out to explore some more.

One place we explored was Safeway.  We wanted to pick up breakfast stuff for the hotel, and some snacks and drinks for when we’re out.  They had a full lunch buffet, so we ate there and we watched the locals shop… an adventure in itself.

We spent the afternoon at our hotel, on the beach and at the pool.

Friday 2011-04-15

On Friday, we visited Pearl Harbor.  We saw the submarine USS Bowfin, the Arizona memorial, and the USS Missouri battleship.  It wasn’t a day that will live in infamy, but it was a sobering, educational trip.

Saturday 2011-04-16

We spent Saturday at the Polynesian Cultural Centure, which is on the Northeast side of Oahu.  This is a Polynesian-themed park that is run by the nearby Brigham Young University – Hawaii.  Like most of the park’s employees, our tour guides, Liam from New Zealand and Kotona from Japan, were BYU-H students.  We visited villages from Hawaii, Samoa, Aotearoa (New Zealand), Fiji, Tahiti and Tonga.  Each village had activities which showcase some aspect of Polynesian life.  We had dinner at a Luau, and later saw their eveng show, “H?: Breath of Life”.

The trip to the Polynesian Cultural Centure was definitely a highlight of our visit to Hawaii.

Sunday 2011-04-17

On Sunday, we drove to the North Shore to visit the Dole Plantation.  We took a ride on their mini-train, where they showed all of the different types of tropical crops that are grown in the area.  The most surprising part of our visit was learning that pineapples grow as blooms on the top of small bushes (I had always imagined them hanging from trees, like bananas or coconuts).  While we were on the train, it started raining.  Unfortunately, this was a long tropical mountain rain that did not let up, and so the rest of our visit was spent inside the gift shop.

We left the plantation and drove on to the North Shore.  Although the drive was only 8 miles, the landscape and weather changed dramatically along the way.  It was sunny and warm in Haleiwa, and so we got out and walked on the beach.  We also spent some time just up the road at Waimea Bay Beach Park.  The sand on the North Shore is a beautiful mix of shell fragments and volcanic pieces (especially compared to the sand at our hotel in Waikiki, which is trucked in from somewhere else, because of years of erosion).

Monday 2011-04-18

On Monday, we went snorkeling in Hanauma Bay, a bay that formed in an old volcano crater.  The floor of the bay is covered in coral, and you can easily see tropical fish and other wildlife.  This was an excellent place for a family to try snorkeling for the first time, because there are few waves and currents, the water is not very deep, and it’s easy to go from the snorkeling area back to the beach.  We saw all sorts of fish, and we even saw an octopus — and on the shore, there were chickens!

In the afternoon, we walked over to the Hilton to see their “Hawaiian Village”, which I thought was supposed to be some sort of display of native Hawaiian culture.  Instead, what we found was a collection of fancy shops that surrounds the Hilton’s pool pavilion.  It was nice, but not what I had expected.  The real shocker was seeing their display of African Black-Footed Penguins… in Hawaii??

We spent the rest of the day hanging around the pool and the outdoor restaurant at our hotel.

Tuesday 2011-04-19

We did some rough calculations, and we decided that it would be a good idea to do at least one load of laundry before we had to start “recycling”.  So we consulted the internet and made an elaborate plan to have our breakfast in Waikiki, just down the street from a laundromat.  This would also give us a chance to explore downtown Waikiki.  So we got the van, found a place to park, started a load, had breakfast, found a geocache, moved the clothes to the dryer, explored Waikiki some, and picked up our clothes.  We were so proud of how clever we were.  (Later, we discovered that our own hotel had a coin laundy in the basement, but it never occured to us to check that close to home base!!!)

From there, we headed into downtown Honolulu to explore the ‘Iolani Palace, which was the official residence of King Kal?kaua and Queen Lili’uokalani.  Inside the palace, we learned about how the many tribes of Hawaii were united by King Kamehameha, and later how the queen complied under protest to the forceful annexation by the United States.

From there, we visited the Aloha Tower, which overlooks Honolulu Harbor, and is surrounded by shops.

I had made up my mind that it was time to experience an authentic Hawaiian meal, so we went to a place called “Kaka’ako Kitchen”.  It’s not much in terms of atmosphere, but it’s supposed to be good food.  I had Loco Moco and Nalo Greens… which I discovered was really just country chopped steak with gravy and a green salad.  So much for culture.

Wednesday 2011-04-20

We woke up Wednesday morning and headed back over to the Hilton’s “lagoon”, where the girls rented a paddleboard, which is like a large surfboard that they stand on and paddle with a long oar.

We had already seen the beaches, volcanos, the city, and Pearl Harbor, but we still had not seen the tropical rainforest.  So after lunch, we decided to take a hike on the Manoa Falls trail.  According to the guide book that we read, this was supposed to be an “easy” trail, perfect for families.  In reality, although it was less than a mile long (one way), it was steep and muddy, and slippery in many parts.  The scenery along the path was amazing, with a thick forest at the base, then twisted viney trees, large clusters of bamboo, and finally an opening at the foot of a 100-foot waterfall.

After our hike, we had a little bit of afternoon daylight left, so we drove up to punchbowl crater, which is a large dormant volcano surrounded by a residential neighborhood in Honolulu.  Inside the crater is the National Memorial Cemetery of the Pacific.

Thursday 2011-04-21

Our flight back home was at 9pm, so we had most of Thursday free to explore.  We packed up and checked out of the hotel, and then Audrey and I bought one last souvenir, a ukulele.

Our final tourist attraction was Bishop Museum, which has exhibits on everything from early Polynesian culture to lava and volcanos.

Go to Top