[BitVisor-users-en:13] Re: Howto for Windows

Katsuya MATSUBARA matsu at igel.co.jp
Tue Nov 27 11:27:09 JST 2012 

 Hi Sandy,
 (Cc: BitVisor Users ML)

From: Sandy Herman <sandyherman at gmx.net>
Date: Tue, 13 Nov 2012 09:39:57 +0100

> How would you install Bitvisor on a notebook?
> The problem is to encrypt the exiting partition, isn't it?
> 
> What I did:
> a) Start a Ubuntu Live CD
> b) Shrink the NTFS-partition
> c) Create an unformated 100 MB partition - LBA[465371136]
> d) Adapt "bitvisor.conf", build Bitvisor with "Bitvisor bootloader"
> e) ./install.sh   -f /dev/sda   0  465371136
>         /tmp/bitvisor-1.3/boot/loader/bootloader
>         /tmp/bitvisor-1.3/bitvisor.elf
>         /tmp/bitvisor-1.3/boot/login-simple/module1.bin
>         /tmp/bitvisor-1.3/boot/login-simple/module2.bin
> The new system won't boot, maybe because "sda1" - LBA[63,465371134] -
> is not encrypted?

 Probably so.
 Did you enable the background storage encryption
 ('autoenc' for short) in both .config and bitvisor.conf?
 You should make sure of CONFIG_STORAGE_AUTOENC=1 in your .config
 with the config.sh command.
 And you can compare your bitvisor.conf with my sample conf
 attached in this mail.

 In addition, I regret to find that there is an issue 
 around the autoenc in BitVisor 1.3.
 In my environment (PC: ThinkPad X220, guest OS: Windows 7),
 progress status of the autoenc could be lost if I put
 my PC in sleep mode or shut it down while the autoenc is running.
 So you should keep the power of your PC until the autoenc is
 completed once it started. You can see initiation and
 completion of the autoenc in BitVisor log output;

 AHCI 0:0 Auto Encryption
 storage_bgenc_hook_storage_new (PCI00:1F.2,0,0,0x426ff800)
 ...
 PCI00:1F.2 AHCI 0,0 Encryption completed...
                 ^^^ host id and device id for the target disk

 Thanks,
---
 Katsuya Matsubara / IGEL Co., Ltd
 matsu at igel.co.jp

> Am 13.11.2012 08:52, schrieb Katsuya MATSUBARA:
>>   Hi Sandy,
>>
>> From: Sandy Herman <sandyherman at gmx.net>
>> Date: Fri, 09 Nov 2012 22:53:38 +0100
>>
>>> Is there a chance to encrypt the harddisk running an
>>> Ubuntu live System?
>>> I can install Bitvisor (with background-encryption-patch),
>>> but the harddisk is not encrypted - and remains unencrypted.
>>   Please see the attached file.
>>   This is an example configuration for the background encyption.
>>
>>   This configuration is 'defconfig'-sytled.
>>   You should modify the 'storage' section in your defconfig,
>>   that exists at root of the source code tree, using the example.
>>   Especilly you must adjust the 'data_lba', 'keys', 'lba-low' and
>>   'lba-high' parameters for your environment.
>>   Then you can rebuild bitvisor.elf with the modified defconfig.
>>
>>   You cannot use the boot/login-simple and the boot/login
>>   if you want to validate 'defconfig' since bitvisor.conf overwrites
>>   the whole parameters defined by defconfig.
>>   If you would like to use the login authentication, you can try to
>>   rewrite the example for bitvisor.conf.
>>   Unfortunately I have never tried to enable/configure the
>>   background encyption with bitvisor.conf, but it must work.
>>
>>   Thanks,
>> ---
>>   Katsuya Matsubara / IGEL Co. Ltd.
>>   matsu at igel.co.jp
>>
> 
-------------- next part --------------
# idman
#idman.pkc01File=
#idman.pkc02File=
#idman.pkc03File=
idman.randomSeedSize=128
idman.maxPinLen=16
idman.minPinLen=16
#idman.authenticationMethod=PKI
# VPN ???
vpn.mode=L3IPsec
vpn.virtualGatewayMacAddress=00-88-88-88-88-88
vpn.bindV4=true
vpn.guestIpAddressV4=192.168.100.1
vpn.guestIpSubnetV4=255.255.255.0
vpn.guestMtuV4=1400
#vpn.guestVirtualGatewayIpAddressV4=192.168.6.254
vpn.dhcpV4=true
vpn.dhcpLeaseExpiresV4=3600
vpn.dhcpDnsV4=192.168.3.254
vpn.dhcpDomainV4=sec.softether.co.jp
vpn.adjustTcpMssV4=1240
vpn.hostIpAddressV4=192.168.12.11
vpn.hostIpSubnetV4=255.255.255.0
vpn.hostMtuV4=1500
vpn.hostIpDefaultGatewayV4=192.168.12.254
vpn.optionV4ArpExpires=60
vpn.optionV4ArpDontUpdateExpires=true
vpn.vpnGatewayAddressV4=192.168.11.1
vpn.vpnAuthMethodV4=Password
vpn.vpnPasswordV4=password1
vpn.vpnIdStringV4=user1 at tsukuba.ac.jp
#vpn.vpnCertFileV4=/path/to/cert
#vpn.vpnCaCertFileV4=/path/to/cacert
#vpn.vpnRsaKeyFileV4=/path/to/rsakey
vpn.vpnSpecifyIssuerV4=false
vpn.vpnPhase1CryptoV4=3DES
vpn.vpnPhase1HashV4=SHA-1
vpn.vpnPhase1LifeSecondsV4=7200
vpn.vpnPhase1LifeKilobytesV4=0
vpn.vpnWaitPhase2BlankSpanV4=100
vpn.vpnPhase2CryptoV4=3DES
vpn.vpnPhase2HashV4=SHA-1
vpn.vpnPhase2LifeSecondsV4=7200
vpn.vpnPhase2LifeKilobytesV4=0
vpn.vpnConnectTimeoutV4=5
vpn.vpnIdleTimeoutV4=300
vpn.vpnPingTargetV4=192.168.3.120
vpn.vpnPingIntervalV4=12
vpn.vpnPingMsgSizeV4=32
vpn.bindV6=false
vpn.guestIpAddressPrefixV6=2000::
vpn.guestIpAddressSubnetV6=64
vpn.guestMtuV6=1400
#vpn.guestVirtualGatewayIpAddressV6=
vpn.raV6=true
vpn.raLifetimeV6=300
vpn.raDnsV6=2001:dc4::1
vpn.hostIpAddressV6=5000::1:2:3:4
vpn.hostIpAddressSubnetV6=64
vpn.hostMtuV6=1500
vpn.hostIpDefaultGatewayV6=5000::254
vpn.optionV6NeighborExpires=60
vpn.vpnGatewayAddressV6=1000::1
vpn.vpnAuthMethodV6=Password
vpn.vpnPasswordV6=Akihabara
vpn.vpnIdStringV6=testv6 at tsukuba.ac.jp
#vpn.vpnCertFileV6=/path/to/cert
#vpn.vpnCaCertFileV6=/path/to/cacert
#vpn.vpnRsaKeyFileV6=/path/to/rsakey
#vpn.vpnSpecifyIssuerV6=
vpn.vpnPhase1CryptoV6=3DES
vpn.vpnPhase1HashV6=SHA-1
vpn.vpnPhase1LifeSecondsV6=7200
vpn.vpnPhase1LifeKilobytesV6=0
vpn.vpnWaitPhase2BlankSpanV6=100
vpn.vpnPhase2CryptoV6=3DES
vpn.vpnPhase2HashV6=SHA-1
vpn.vpnPhase2LifeSecondsV6=7200
vpn.vpnPhase2LifeKilobytesV6=0
vpn.vpnPhase2StrictIdV6=false
vpn.vpnConnectTimeoutV6=5
vpn.vpnIdleTimeoutV6=300
vpn.vpnPingTargetV6=2001:200:564:0:230:48ff:fe83:cf41
vpn.vpnPingIntervalV6=12
vpn.vpnPingMsgSizeV6=32

# ?????????????????????????????????????
# / ??? ./ ?????????????
#storage.encryptionKey0.place=IC
#storage.encryptionKey0.place=USB
storage.encryptionKey0.place=./StorageKey0

# background encryption
storage.sched_conf0.algo_name=seqwin
storage.sched_conf0.unit=4096
storage.sched_conf0.data_lba=530000000
storage.sched_conf0.prio=0

# ??????????
storage.conf0.type=AHCI
storage.conf0.host_id=0
storage.conf0.device_id=0
#storage.conf0.lba_low=63
#storage.conf0.lba_high=12851999
storage.conf0.lba_low=596611072
storage.conf0.lba_high=600563711
storage.conf0.keyindex=0
storage.conf0.crypto_name=aes-xts
storage.conf0.keybits=256
storage.conf0.mode=AUTO
storage.conf0.schedindex=0

storage.conf1.type=USB
storage.conf1.host_id=-1
storage.conf1.device_id=-1
storage.conf1.lba_low=0
storage.conf1.lba_high=0x7FFFFFFF
storage.conf1.keyindex=0
storage.conf1.crypto_name=aes-xts
storage.conf1.keybits=256

storage.conf2.type=ATAPI
storage.conf2.host_id=1
storage.conf2.device_id=0
storage.conf2.lba_low=0
storage.conf2.lba_high=1409024
storage.conf2.keyindex=0
storage.conf2.crypto_name=aes-xts
storage.conf2.keybits=256

# VMM
vmm.f11panic=0
vmm.f12msg=0
vmm.auto_reboot=1
vmm.shell=1
vmm.dbgsh=1
vmm.status=0
vmm.tty_pro1000=1
vmm.tty_pro1000_mac_address=00-1b-21-2d-e5-ec
vmm.driver.ata=1
vmm.driver.usb.uhci=0
vmm.driver.usb.ehci=0
vmm.driver.concealEHCI=0
vmm.driver.conceal1394=0
vmm.driver.concealPRO1000=0
vmm.driver.vpn.PRO100=0
vmm.driver.vpn.PRO1000=0
vmm.driver.vpn.RTL8169=0
vmm.driver.vpn.ve=0
vmm.iccard.enable=0
vmm.iccard.status=0
vmm.boot_active=0

More information about the BitVisor-users-en mailing list