From owner-freebsd-questions@FreeBSD.ORG Wed Oct 24 16:47:04 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D7DBC16A419 for ; Wed, 24 Oct 2007 16:47:04 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.250]) by mx1.freebsd.org (Postfix) with ESMTP id 787D513C4B9 for ; Wed, 24 Oct 2007 16:47:03 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so47195ana for ; Wed, 24 Oct 2007 09:46:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=BxgNW79ga/ztY5JI1SSieDimo46GEjAwjGDq6RXVQA0=; b=Mqz7vPRn5UGgu+vo6MW8NyqjF0MSWlEnX0KdgCwA/Cs+c5m5JxbUGZExjmksPQf4LgsytvoaEgRX8aOc0eZRBsV6RhzPp6EXaVmbDETVOjDvJgQSfVT7mozFgh93JuCAw94YDp3UQ4L829M1EbQ7x3IhE0W/NCyjE0msWHI/oWc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=S1U0+LBOD2Dpg0PvA3UM8ClKvy3Bn0q92H9KatSOAhvUkvXKytzEkL5O+1O0vKw5YK/IKLnzZN/eqJ79qjuppXhF3RMQfVQMnFv9Rumj8Q8pJIMmznRnp8BhuZFluvnKUntESesvVjCaTtYaVYRWGNULhFG/DQquf+8BCPK6Iv8= Received: by 10.142.101.17 with SMTP id y17mr242996wfb.1193244413165; Wed, 24 Oct 2007 09:46:53 -0700 (PDT) Received: by 10.143.163.21 with HTTP; Wed, 24 Oct 2007 09:46:53 -0700 (PDT) Message-ID: Date: Thu, 25 Oct 2007 00:46:53 +0800 From: "Daniel Marsh" To: "Steve Bertrand" In-Reply-To: <1799.208.70.104.211.1193103682.squirrel@webmail.ibctech.ca> MIME-Version: 1.0 References: <470CCDE2.9090603@ibctech.ca> <20071010175349.GB9770@slackbox.xs4all.nl> <20071022174629.GA1118@garage.freebsd.pl> <1799.208.70.104.211.1193103682.squirrel@webmail.ibctech.ca> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Pawel Jakub Dawidek , freebsd-questions@freebsd.org Subject: Re: Booting a GELI encrypted hard disk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2007 16:47:05 -0000 On 10/23/07, Steve Bertrand wrote: > > > >>> I am voraciously attempting to get a FreeBSD system to boot from > >>> a GELI encrypted hard disk, but am having problems. > >> > >> You don't need to encrypt the whole harddisk. You can encrypt > >> separate slices. There is no need to encrypt stuff like / or /usr; > >> what is there that needs to be kept secret? > > > > Maybe not encryption, but integrity protection is very important for > > laptops. GELI supports integrity protection for a while now. If you > > don't protect integrity of your entire laptop disk, it is trivial to > > trojan userland utilities and/or kernel and steal your password. If > > someone needs your data, he can dump encrypted partition, trojan your > > system and once you connect to the internet and attach your > > encrypted partition, the trojan will send the password to the > > attacker. Many people often leave their laptops in hotels rooms, for > > example. > > I don't quite grasp in what level you are using the term 'integrity' > here. > > My knowledge of encryption at the storage level is limited at best... > I'm just finding out all the finer points (temp directories, swap > etc). > > However, I'll throw out what I wanted, what I have and then a question: > > Want: > > - a FreeBSD system that runs from a fully encrypted disk with > passphrase and an encryption key on a removable thumb disk that can be > removed so that upon reboot, can not be started > > Have: > > - a FreeBSD system that runs from a fully encrypted disk with NO > passphrase (due to known, seemingly unsolved keyboard interaction > problems) that boots from a thumb drive that has an encryption key so > that when rebooted, does not boot (thumb drive can be removed once > boot procedure complete)) > > Question: > > - if the disk (PC) is stolen, having the entire disk encrypted so no > one can even tell what OS is on it, does it make it secure to the > point that no one will know what to look for anyway (eg: what is in > /usr)? If someone does not know the OS, then it makes it more > difficult to know what string or text attacks to perform, right? (I'm > not trying to start a security via obscurity/bikeshed war, I seriously > wouldn't mind opinion). > > I think it's fantastic. I'm not a disk forensic specialist, but it's > good enough for what I want. Again...thanks to everyone who worked on > the GEOM infrastructure. > > Performance is adequate in my benches so far for what I need, so long > as one has adequate memory as to not have to run a disk-based swap > space. > > Steve > Even if all data on a drive is encrypted, the partition table is not. Software based disk encryption works on partitions. How far into the boot sequence do you get before your system crashes without the key present? I would assume as far as reading the / partition to get the kernel etc... It would have read the partition table and the boot loader, known which partition was the "active" partition and tried booting it. Now, to identify what OS this disk has on it you can check the partition table and see what "type" has been set for each slice/partition. You will be able to see that there is a BSD style slice on the disk just by running `fdisk /dev/mystolendiskdevice` You now know it's a BSD OS, you could then make a guess as to what version of BSD by the type of machine it was taken from, based on what hardware is supported by each BSD. I believe their slices and layout are identical but the file systems differ. The person with your disk could then start trying to determine what kind of disk encryption is in place. So, a disk drive (I believe Seagate ship them now) that has an encryption chip built in to do hardware encryption regardless of software in use would be an excellent measure. On top of that add your GELI. Juts my 3 cents.