Find the answer to your Linux question:
Results 1 to 5 of 5
Dear folks, Given that: * I want to access a (CCID) USB smartcard reader pre-boot (i.e. inside a boot loader). * The smartcard contains a key for disk decryption by ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2008
    Posts
    3

    Pre-boot access of USB device?


    Dear folks,

    Given that:
    * I want to access a (CCID) USB smartcard reader pre-boot (i.e. inside a boot loader).
    * The smartcard contains a key for disk decryption by TrueCrypt.
    * The system needs to boot via TrueCrypt using the key obtained from smartcard.

    My question are:
    * What USB device access APIs are available in boot loader context (either LILO or GRUB)? (Note the smartcard does not appear as a (standard supported) USB mass storage device.)
    * After reading the key from the USB device inside Linux boot loader, how can I subsequently start the TrueCrypt boot loader in order to continue & finish the boot?

    Thank you for your time,

    Kees

  2. #2
    Just Joined!
    Join Date
    Jun 2008
    Posts
    39
    Truecrypt? The USB CCID key "does not appear as a (standard supported) USB mass storage device?" That can pose a problem!

    This is not exactly an answer to your question. You will need to add USB support for that USB smartcard into an initrd. GRUB does not have that by itself, though GRUB will allow you to call the initrd that can have the support for it.

    You are running Linux? What support for the USB CCID smartcard does your distro have?

  3. #3
    Just Joined!
    Join Date
    Jun 2008
    Posts
    3
    Thanks felPmy.

    I am considering a two stage boot:
    * First a Linux boot loader in which I can hopefully add USB smartcard support (including CCID; so at pre-boot and not as OS support) more easily compared to modifying the TrueCrypt boot loader.
    * Secondly the TrueCrypt boot loader must be invoked which will then boot Windows; so not Linux.

    Do you perhaps have any background info about how initrd would be able to support a USB device like this? Or where I could find info about the details of accessing an USB device in pre-boot context?

    Kees

  4. #4
    Just Joined!
    Join Date
    Jun 2008
    Posts
    39
    Are you running Windows? What version?

    You are posting in Linux Forums?

    You can download a Linux LiveCD from the internet and boot up your machine with it, and see it recognizes the USB CCID smartcard. If it does, you can see if it loads a module for it, and if it does you can get the name of the modules and add them to the initrd. Note that this is typically for booting Linux, and not for booting Windows, from GRUB. You can boot Windows from GRUB, but that is typically without an initrd.

    Does TrueCrypt have any bootloader support?

    What USB CCID smartcard are you using (manufacturer, make, model)?

    "System encryption involves pre-boot authentication, which means that anyone who wants to gain access and use the encrypted system, read and write files stored on the system drive, etc., will need to enter the correct password each time before Windows boots (starts). Pre-boot authentication is handled by the TrueCrypt Boot Loader, which resides in the first cylinder of the boot drive and on the TrueCrypt Rescue Disk." Have you tried to see if TrueCrypt Boot Loader will recognize the USB CCID smartcard? Have you installed TrueCrypt?

  5. #5
    Just Joined!
    Join Date
    Jun 2008
    Posts
    3
    Thanks again for your time & effort.

    Yes, I post in a Linux forum because I ask about Linux boot loaders; the OS (in this case Windows) that is being booted after I'm done, does not matter.

    Why is the smartcard type important? Reader is OmniKey's CardMan 3121. Card I have no details of except that is a CCID compatible type that can be read with this reader.

    TrueCrypt does not have smartcard pre-boot key entry support (yet). You either enter a pin via the keyboard and/or can use data on e.g. a USBstick as key.

    Currently I'm investigating things to find a direction with good potential. I have the TrueCrypt source code and also have the Linux code. I lack background knowledge about BIOS and boot procedures to even guess what is needed for accessing some (no matter what type) USB device at pre-boot.

    Do you know what I need to do, or where I can find info about, if a booted Linux would NOT support my USB device? Does BIOS support raw USB device access for example? How does this whole area of low level stuff work?

    Thanks,

    Kees

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •