From owner-freebsd-hackers@FreeBSD.ORG Thu Sep 16 02:17:34 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 674F816A4CE for ; Thu, 16 Sep 2004 02:17:34 +0000 (GMT) Received: from ds.netgate.net (ds.netgate.net [205.214.170.232]) by mx1.FreeBSD.org (Postfix) with ESMTP id 051D443D1F for ; Thu, 16 Sep 2004 02:17:34 +0000 (GMT) (envelope-from ctodd@chrismiller.com) Received: (qmail 30130 invoked from network); 16 Sep 2004 02:17:33 -0000 Received: from vp4.netgate.net (ibrew@205.214.170.248) by ds.netgate.net with SMTP; 16 Sep 2004 02:17:33 -0000 Date: Wed, 15 Sep 2004 19:17:33 -0700 (PDT) From: ctodd@chrismiller.com X-X-Sender: ibrew@vp4.netgate.net To: Peter Pentchev In-Reply-To: <20040916010317.GN1001@straylight.m.ringlet.net> Message-ID: References: <200409072022.i87KM7Kf049770@wattres.Watt.COM> <20040916010317.GN1001@straylight.m.ringlet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: hackers@freebsd.org cc: Frank Knobbe Subject: Re: Booting encrypted X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 02:17:34 -0000 > On Wed, Sep 15, 2004 at 07:30:19PM -0500, Frank Knobbe wrote: > > On Tue, 2004-09-07 at 15:22, Steve Watt wrote: > > > > Seriously though, tying the boot process to a hardware dependent value > > that is not accessible from within the booted system might be something > > to consider. > > One word that Bruce M. Simpson already mentioned: TCPA :) First let me say thanks, this is the kind of outside the box thinking I'm looking for. My main objective is to prevent someone from removing the drive and mounting it from another *nix system and turning it into a unix toy (turning on shell access, etc) which it's not designed to be, as well as getting at the application and configuration. By having encryption done by the loader in such a way that the key can not be derived, protects the entire filesystem from tampering. Nothing this appliance is going to be doing requires super fast disk i/o so encryption is not an issue. In fact I've even considered using flash instead of a drive, but the same issue is there. I think what TCPA does has it's application, but I'm not too concerned about the disk being booted from other hardware, or the hardware being scavenged for other projects. TCPA sounds like something useful for the internet tablet PCs of "the boom" that were sold at a loss to be made up by a subscription to a service. Many of these were purchased for the hardware (~$200) and hacked for geek projects :-). Chris