4

Dear Linux super users,

I'd like to mount a filesystem that whose range I would like to ommit from the partition table in order to hide it from anyone looking for data on my disk.

This capability together with volatile/non-fstab mounts and dm-crypt plain would make my data very secure from people who are interested in my data or the possibility of data being there at all.

Is this possible with mount(8)?

galva
  • 143
  • 1
  • 5
  • 3
    You want `losetup` and particularly its `--offset` and `--sizelimit` switches. Once you have a loopback device configured, you should be able to mount it normally. – user Jan 31 '17 at 15:58
  • That may fool someone not looking very closely, but anyone using `binwalk` or scanning for file system signatures in some other way would find it easily, encrypted or not. Security by obscurity can buy you time, but it doesn't make it safer. – dirkt Jan 31 '17 at 18:51
  • 1
    @dirkt I disagree about `binwalk` and signatures. *Contrary to LUKS, dm-crypt plain mode does not require a header on the encrypted device [...] encrypted disk that will be indistinguishable from a disk filled with random data, which could allow deniable encryption.* ([Source](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Plain_dm-crypt)). – Kamil Maciorowski Feb 01 '17 at 13:38
  • 1
    @dirkt Security-through-obscurity can only buy you time, but that does not mean it is not part of a valid security system. Knowing its purposes and using it appropriately can increase general system security and it should not be downplayed. – music2myear Feb 01 '17 at 20:35

1 Answers1

9

It is possible with non-encrypted filesystem. E.g if your partition starts at the sector 34607104 and the sector size is 512, you go with:

mount -o offset=$((512*34607104)) /dev/sdX /mnt/foo/

The partition table entry may or may not exist, it doesn't matter. mount will examine the filesystem and do its job (you can help with -t switch).

I don't know much about dm-crypt plain but it appears you should decrypt the device (partition) first, then mount. Michael Kjörling's comment is useful:

You want losetup and particularly its --offset and --sizelimit switches. Once you have a loopback device configured, you should be able to mount it normally.

I would change the last words to "decrypt it normally" to fit your needs.

There is also dmsetup tool. It allows you to create a mapped device from chunks of various files/devices. E.g. you can hide your encrypted "partition" in several gaps between normal partitions inside one or more HDDs. Read my answer to another question and study man dmsetup. Make your /dev/mapper/barbaz a franken-partition and have fun with plain encryption on it.

Hint: in the said answer I use losetup to create devices from files because dmsetup doesn't work with regular files. You will work with already existing devices. Use their /dev/something paths when building the map for dmsetup – no need for losetup in this case.

Kamil Maciorowski
  • 69,815
  • 22
  • 136
  • 202
  • 1. Good tip about dmsetup! 2. I knew about losetup, but didn't know it can do devices too! So thanks @Michael too! – galva Feb 01 '17 at 13:39