LUKS security with chunks of free space

Support for security such as Firewalls and securing linux
Post Reply
Posts: 1
Joined: 2014/07/12 11:29:33

LUKS security with chunks of free space

Post by regularcentosuser » 2014/07/12 11:43:06

Hello all,

As some of you might already have noticed, the anaconda installer creates chunks of free space at the beginning as well as at the end of the HDD (ca. 1MB) and there is no way to turn this behavior off. But anyway, could you please tell me how this small yet unallocated space affects LUKS security? Is it possible that a small amount of unencrypted data may leak there, just as it could happen with partial (non full-disk) encryption? I'm aware that we basically need an explicitly created filesystem to let this occur, but what about potential vulnerabilities and exploits which could point to the empty space? I just have to be absolutely sure that my LUKS protection will fully work before I'll store any confidential data on the disk so any help would be greatly appreciated. Thank you in advance. :-)

User avatar
Forum Moderator
Posts: 2964
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland

Re: LUKS security with chunks of free space

Post by avij » 2014/07/15 15:38:43

CentOS will not write to that unallocated space. It does not affect LUKS security. If you have some sort of malware that is smart enough to write to the unallocated space, LUKS won't help you with that.

It is my understanding that the unallocated space is not explicitly zeroed when installing CentOS. If you had something on the hard disk prior to installing CentOS on it, it may be possible that some bits of the hard disk's previous contents may be left in the unallocated space. To make sure this won't happen, you can clear the hard disk prior to installation with a dd if=/dev/zero of=/dev/sda or similar (or if=/dev/urandom, or use shred).

Post Reply