[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Musings about on-disk encryption in Fedora Core

From: Alan Cox <alan redhat com>
To: russell coker com au, Development discussions related to Fedora Core <fedora-devel-list redhat com>
Cc:
Subject: Re: Musings about on-disk encryption in Fedora Core
Date: Tue, 6 Jul 2004 11:20:44 -0400

On Tue, Jul 06, 2004 at 10:18:02AM +1000, Russell Coker wrote:
> On Tue, 6 Jul 2004 05:12, Alan Cox <alan redhat com> wrote:
> > /boot on the other hand cannot be encrypted usefully without hardware
> > key systems because then you cannot boot off it.
> 
> For a really secure system you have to boot from removable or read-only media.

It depends on the problem you wish to solve

Problem 1 is the "stolen laptop" problem. You want to be sure they can't
get the data off it.

Problem 2 is the "if someone takes it and puts it back" problem. You can't
solve this because I can flash you a new bios with alternative APM hooks or
similar. And - ironically - its easier to patch a bios and reflash it than
to do many of the fancier kernel hacking tricks.

References:
- Musings about on-disk encryption in Fedora Core
  - From: Nils Philippsen
- Re: Musings about on-disk encryption in Fedora Core
  - From: Nils Philippsen
- Re: Musings about on-disk encryption in Fedora Core
  - From: Alan Cox
- Re: Musings about on-disk encryption in Fedora Core
  - From: Russell Coker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]