Managing encrypted filesystems with dirlock
Did you know...? LWN.net is a subscriber-supported publication; we rely on subscribers to keep the entire operation going. Please help out by buying a subscription and keeping LWN on the net.
As with a mobile phone, a portable gaming device like the Steam Deck can contain lots of personal information that the owner would like to keep secret—especially given that such devices can do far more than gaming. Alberto Garcia worked with his colleagues at Igalia and people at Valve, the company behind the Steam gaming platform, to come up with a new tool to manage encrypted filesystems for SteamOS, which is a Linux distribution optimized for gaming. Garcia gave a talk about that tool, dirlock, at Open Source Summit Europe, which was held in Amsterdam in late August. In the talk, he looked at the design process for the encrypted-files feature, the alternatives considered, and why they made the choices they did.
Over a long career at Igalia, he has worked on many different projects, including GNOME, the Maemo and MeeGo mobile-Linux platforms, and more recently on QEMU. He is also a Debian developer; " I've been using Debian basically all of my life, but I'm also contributing to the project and I've been an active developer for many years ". At the moment, he is working on SteamOS.
He was quick to point out that dirlock is not a new encryption system as it is only meant to manage filesystems that are encrypted using existing tools. Steam Decks and similar devices are easy to misplace—or steal. Since the hard drive is not encrypted, whoever ends up with the device can read its contents. That may not sound all that problematic for a gaming handheld, but the devices are much more than that; they may have credentials for things other than just Steam accounts, for one thing. In addition, the devices have a desktop mode where various programs can be installed, including web browsers that may store even more personal information. Users have been requesting disk encryption for a long time, Garcia said.
From his slides, he showed the disk layout of the device. It is based around an A/B arrangement for the operating system partitions, which consists of two sets of read-only root partitions, boot partitions, and /var partitions. None of those are particularly sensitive; most of the data on those is downloaded to the device from the internet. The bulk of the disk is taken up with the /home partition, which is where all of the user's data is stored. That includes the games, but also configuration and other data that the user may want to keep private.
Currently, users do have an encryption option, but it is somewhat limited. SteamOS ships with the KDE Plasma desktop, so the Plasma Vault tool can be used to create encrypted directories. It is not a general-purpose solution, however, for encrypting everything in the user's home directory.
Goals
The goals of the project were focused on the needs of SteamOS, but " the idea is to make them general enough so they can be used in any Linux system or in other systems ". The most important goal is that if the device is lost or stolen, the personal files on it should be unreadable; there are other scenarios, such as the so-called evil maid attack, that are important to guard against, but the main goal is to protect the personal data, he said. For that, the user's home directory should be encrypted, but it would be nice to be able to encrypt other directories too. The devices have removable media that can be used to store games and other data, so encrypting those would be useful, for example.
While SteamOS is currently single-user, support for multiple users with independent encryption keys is another goal for the tool. Access to the encrypted files must be authenticated somehow, with a PIN, password, or something else. But, since handheld gaming devices do not have a physical keyboard, the expectation is that users will have short, weak passwords or PINs. Having support for a hardware-backed mechanism of some sort may help mitigate that weakness.
... continue reading