Hey,

I just have a quick question about the behaviour of dd with encryption.

After creating a regular filesystem inside an encrypted partition, can I use dd to safely copy the contents of a drive image into that partition such that it will be encrypted?

What I assume is, so long as I copy into the mounted, decrypted partition, the copy should pass through the encryption layer and thus be encrypted as it is stored to disk, but for some reason I've got this lingering doubt.

Can anyone confirm that this is a reasonable approach?

(Background info: I'm building an image of a root drive to copy onto a small, slow, portable computer, hence the full drive encryption and the desire to build the OS on a different machine.)

dd copies an area of the hard disk, bit by bit. It does not care whether that data is encrypted.

I don't know what an "encrypted partition" is but, if you setup any partition, and then use dd to copy to it, it simply copies all the bits into the start of the partition. The result is determined by what was in the source.

I just did a quick experiment. I created and formatted a small partition (sda3) and copied a file to it normally. I then copied another file using dd:

dd if=filename of=/dev/sda3

The second file is not visible using normal commands. Using dd, it is visible at the very beginning of the partition---before any filesystem stuff. If it had been a larger file, it would have damaged the filesystem structures and the first file would disappear.

Hi Pixellany,

thanks for your test. I don't think I adequately explained the process I'm intending to use.

Rather than dd directly onto /dev/sda2, I would be creating an encrypted volume on sda2. Ie:

cryptsetup -s 256 -y luksFormat /dev/sda2

cryptsetup luksOpen /dev/sda2 cryptroot

So what I've done is create an encrypted partition on /dev/sda2, and opened it so its now accessible at /dev/mapper/cryptroot

Accessing /dev/mapper/cryptroot I can now create a filesystem on that device which is correctly formatted as (say) ext2 so I can then mount /dev/mapper/cryptroot on / providing my initrd opens the encrypted partition.

----

With that out of the way, I suppose the command I'd be attempting would be more like dd if=img.img of=/dev/mapper/cryptroot

And, if img.img contains an ext2 formatted partition I should be able to access it as I would a manually created partition, and the contents when written via dd will still get encrypted.

But as you said, dd is very low-level, so, newbie that I am, I was hoping someone with experience with encryption could confirm whether this will behave the way I've described.

Cheers.

Don't you mean something like:

mount -o loop img.img /mnt/img
(then mount the crypt partition to /mnt/crypt)
cp -a /mnt/img/* /mnt/crypt/.

It is not clear what the 'dd' approach would yield but you can try it using a large text file.

That's a good idea- even writing a smallish textfile into the partition then copying the contents of the actual device back and searching through for the contents of the text file should answer my question.

Thanks!

I really don't think dd cares about encryption---it copies each bit verbatim---those bits could be:
data
filessytem overhead
encryption overhead
partition tables
boot code
secret stuff installed by hardware vendors

To really answer your questions, you may want to take up exploring. Start with this:

dd /dev/sda|hexdump -C|more

to search for things:
dd /dev/sda|hexdump -C|grep <pattern> ##The way hexdump works you can search on hex patterns or the ascii equivalent.