Musings about on-disk encryption in Fedora Core

[mike at flyn.org]

>>> Securing the system is exactly the same thing IMHO.
>>>
>>> If your system is insecure then encryption won't help, the attacker will
>>> get all your passwords and happily decrypt all your data!

>> I would argue that it depends on what you are securing against.  For
>> example, securing data against physical laptop theft does not really
>> require booting from removable media...as long as you don't trust the
>> laptop once it is recovered.
> 
> True.  But what about servers?  How secure is YOUR server room?  Taking
> disks out etc is not difficult to do.  Replacing the BIOS on the
motherboard 
> adds an extra level of difficulty and the risk is decreased if that is what
> an attacker would be forced to do.

You are entirely right.  Again, my point is that it depends what you are
securing against.  I don't have a server room.  I am interested in securing
my laptop.  The important thing is that, as these techniques are developed,
we are straight forward with and aware of the precise things they defend
against.  
 
>> However, if you are requiring a physical token to provide a key then
>> booting from that token is not too much of a leap.  Assuming your firmware
>> supports booting from, say, USB.  This seems outside the scope of mkinitrd
>> and more a responsibility of properly configuring yaboot, lilo, grub, etc.
> 
> You need the initrd to be able to mount an encrypted root fs, so there are 
> some changes to initrd needed.  They are probably more significant than the

> changes to allow booting from a USB device.

Yes.  I am already working on modifying mkinitrd (see elsewhere in this
thread).  So, as I mentioned, once mkinitrd/initrd supports encrypted root
filesystems and accessing a key on a removable device then booting from that
same device should be simple.

--
Mike