encrypted root fs
Russell Coker
russell at coker.com.au
Tue Aug 17 09:50:35 UTC 2004
On Tue, 17 Aug 2004 18:34, Ole Arntzen <Ole.Arntzen at ii.uib.no> wrote:
> Most of what you are trying to do is described in the "Disk Encryption
> HOWTO". Have a look at:
> http://tldp.org/HOWTO/Disk-Encryption-HOWTO/
Using offsets in loopback devices isn't going to work. As the HOWTO notes
it's written for 2.4.x and we get more options in 2.6.x.
The HOWTO recommends encrypting the entire disk to conceal the fact that Linux
is being used. I think it's better to assume that the attacker already knows
which OS we use. It is still a benefit to conceal the partition table, this
is probably best achieved by running cryptsetup on /dev/hda (or whatever the
disk is) and using that encrypted mapper device as a PV for LVM (so we get
multiple file systems).
Another issue is that the threat model may prevent encrypting the entire disk.
The attack that we are concerned with may come from another OS on the same
disk on a dual-boot system (a duel-boot system). For example it's common to
run Windows for games and Linux for serious work, but it would suck if the
first Windows worm that came along copied off all the Linux data...
I think that there is benefit in having two Linux file systems with different
encryption keys too so again with multiple boot partitions you don't lose
them all if you lose one (requires multiple USB keys to do properly).
Thanks for the URL, it gave me the idea of encrypting a PE. Although I don't
think it's practical for me to work on this idea until after we get Anaconda
to support encrypted LV's and partitions.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list