Musings about on-disk encryption in Fedora Core
mike at flyn.org
mike at flyn.org
Tue Jul 6 15:36:40 UTC 2004
>>> Securing the system is exactly the same thing IMHO.
>>>
>>> If your system is insecure then encryption won't help, the attacker will
>>> get all your passwords and happily decrypt all your data!
>> I would argue that it depends on what you are securing against. For
>> example, securing data against physical laptop theft does not really
>> require booting from removable media...as long as you don't trust the
>> laptop once it is recovered.
>
> True. But what about servers? How secure is YOUR server room? Taking
> disks out etc is not difficult to do. Replacing the BIOS on the
motherboard
> adds an extra level of difficulty and the risk is decreased if that is what
> an attacker would be forced to do.
You are entirely right. Again, my point is that it depends what you are
securing against. I don't have a server room. I am interested in securing
my laptop. The important thing is that, as these techniques are developed,
we are straight forward with and aware of the precise things they defend
against.
>> However, if you are requiring a physical token to provide a key then
>> booting from that token is not too much of a leap. Assuming your firmware
>> supports booting from, say, USB. This seems outside the scope of mkinitrd
>> and more a responsibility of properly configuring yaboot, lilo, grub, etc.
>
> You need the initrd to be able to mount an encrypted root fs, so there are
> some changes to initrd needed. They are probably more significant than the
> changes to allow booting from a USB device.
Yes. I am already working on modifying mkinitrd (see elsewhere in this
thread). So, as I mentioned, once mkinitrd/initrd supports encrypted root
filesystems and accessing a key on a removable device then booting from that
same device should be simple.
--
Mike
More information about the fedora-devel-list
mailing list