From owner-freebsd-hackers@FreeBSD.ORG  Tue Sep  7 21:41:22 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6C0E416A4CE
	for <hackers@freebsd.org>; Tue,  7 Sep 2004 21:41:22 +0000 (GMT)
Received: from arginine.spc.org (arginine.spc.org [195.206.69.236])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A5A5A43D2F
	for <hackers@freebsd.org>; Tue,  7 Sep 2004 21:41:21 +0000 (GMT)
	(envelope-from bms@spc.org)
Received: from localhost (localhost [127.0.0.1])
	by arginine.spc.org (Postfix) with ESMTP
	id D169B651F7; Tue,  7 Sep 2004 22:41:19 +0100 (BST)
Received: from arginine.spc.org ([127.0.0.1])
 by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 62808-01-2; Tue,  7 Sep 2004 22:41:19 +0100 (BST)
Received: from empiric.dek.spc.org (dhcp113.icir.org [192.150.187.113])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by arginine.spc.org (Postfix) with ESMTP
	id 6E741651F4; Tue,  7 Sep 2004 22:41:18 +0100 (BST)
Received: by empiric.dek.spc.org (Postfix, from userid 1001)
	id 784576427; Tue,  7 Sep 2004 14:41:16 -0700 (PDT)
Date: Tue, 7 Sep 2004 14:41:16 -0700
From: Bruce M Simpson <bms@spc.org>
To: ctodd@chrismiller.com
Message-ID: <20040907214116.GB815@empiric.icir.org>
References: <200409072022.i87KM7Kf049770@wattres.Watt.COM>
	<Pine.BSI.4.58L.0409071341060.19821@vp4.netgate.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSI.4.58L.0409071341060.19821@vp4.netgate.net>
cc: Steve Watt <steve@Watt.COM>
cc: hackers@freebsd.org
Subject: Re: Booting encrypted
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2004 21:41:22 -0000

On Tue, Sep 07, 2004 at 01:54:43PM -0700, ctodd@chrismiller.com wrote:
> If the authorization mechanism is limited to plain text, then yes. I know
> that "strings" can be used to attempt to find the passphrase in the load,
> but there may be ways to prevent the passphrase from being retrieved in
> this manner.

On the other hand, you could use TCPA. Support for the TCPA chips found in
many recent IBM machines, particularly the ThinkPad T4x series, was written
for NetBSD by the folks at CITI.  It's on my wishlist.

You could probably teach GDBE about TCPA key retrieval, but the upshot is,
you still need to log in to the TCPA chip. However, if you activated TCPA
and only allowed it to boot your FreeBSD-derived product OS, by means of
their signature mechanism, then you might well achieve your stated aims.

BMS