LaCie RuggedSafe under GNU/Linux

System administration One comment

20130515_163056

The RuggedSafe from LaCie is basically an encrypted external hard drive that uses 128 bit AES hardware encryption to protect your data. Your fingerprint is the key that is used to decrypt the content of the disk. It means that if your hard disk is stolen or lost, theoretically nobody can access your data.

It’s a shame that LaCie support is limited to Windows and Mac, you’ll need to first setup the drive (fingerprint + root key) under one of the these OSes using the provided tool “LaCie Safe Manager”.

We’ll see how it can be used simply under Linux without using the command line for a “plug and play” use.

How to

The device has two partitions: one in FAT32 of 34MB that is present when the disk is locked, it contains the LaCie tools. The second in NTFS of 500GB (depending on your model) contains your data when it’s unlocked.

The issue when using it under Linux is that by default udev mount the 34MB partition and when you unlock the disk this partition remains mounted preventing the data partition to be mounted. A workaround is to tell udev to never mount the “tools partition”.

To create the udev rule I needed to determine a way to identify if the device was locked or not. I used the the udevadm tool for that.

#udevadm info -a -p $(udevadm info -q path -n /dev/sdb) #sdb or whatever your disk is

I saw that the attribute “ATTR{ro}” was changing from 1 to 0 depending of the state of the disk (1=locked, 0=unlocked). With this we are able to write a rule asking udev to leave the disk unmounted if the “ATTR{ro}” is equal to 1.

For this create the rule:

#sudo touch /etc/udev/rules.d/85-lacie_rugged.rules

add the following to the file created above:

SUBSYSTEM=="block",KERNEL=="sd?1", ATTRS{idVendor}=="059f",ATTR{ro}=="1", ATTRS{idProduct}=="102b", ENV{UDISKS_PRESENTATION_NOPOLICY}="1"

Then restart the udev daemon;

#sudo service udev restart

Your device shouldn’t be automatically mounted if it’s locked. If you unlock the device it should appear unmounted on the device manager (on the left panel of a folder on Gnome). You can then click on the device and it’ll be automatically mounted.

One comment

  1. 128bits AES for only 500Gb capacity… Speaking about old age technology.
    They ought to do something better next time.

Leave a Reply