[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Musings about on-disk encryption in Fedora Core



On Tue, Jul 06, 2004 at 10:18:02AM +1000, Russell Coker wrote:
> On Tue, 6 Jul 2004 05:12, Alan Cox <alan redhat com> wrote:
> > /boot on the other hand cannot be encrypted usefully without hardware
> > key systems because then you cannot boot off it.
> 
> For a really secure system you have to boot from removable or read-only media.

It depends on the problem you wish to solve

Problem 1 is the "stolen laptop" problem. You want to be sure they can't
get the data off it.

Problem 2 is the "if someone takes it and puts it back" problem. You can't
solve this because I can flash you a new bios with alternative APM hooks or
similar. And - ironically - its easier to patch a bios and reflash it than
to do many of the fancier kernel hacking tricks.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]