From owner-freebsd-hackers@FreeBSD.ORG  Thu Sep 16 02:17:34 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 674F816A4CE
	for <hackers@freebsd.org>; Thu, 16 Sep 2004 02:17:34 +0000 (GMT)
Received: from ds.netgate.net (ds.netgate.net [205.214.170.232])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 051D443D1F
	for <hackers@freebsd.org>; Thu, 16 Sep 2004 02:17:34 +0000 (GMT)
	(envelope-from ctodd@chrismiller.com)
Received: (qmail 30130 invoked from network); 16 Sep 2004 02:17:33 -0000
Received: from vp4.netgate.net (ibrew@205.214.170.248)
  by ds.netgate.net with SMTP; 16 Sep 2004 02:17:33 -0000
Date: Wed, 15 Sep 2004 19:17:33 -0700 (PDT)
From: ctodd@chrismiller.com
X-X-Sender: ibrew@vp4.netgate.net
To: Peter Pentchev <roam@ringlet.net>
In-Reply-To: <20040916010317.GN1001@straylight.m.ringlet.net>
Message-ID: <Pine.BSI.4.58L.0409151855130.8383@vp4.netgate.net>
References: <200409072022.i87KM7Kf049770@wattres.Watt.COM>
	<20040916010317.GN1001@straylight.m.ringlet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: hackers@freebsd.org
cc: Frank Knobbe <frank@knobbe.us>
Subject: Re: Booting encrypted
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Sep 2004 02:17:34 -0000


> On Wed, Sep 15, 2004 at 07:30:19PM -0500, Frank Knobbe wrote:
> > On Tue, 2004-09-07 at 15:22, Steve Watt wrote:
> >
> > Seriously though, tying the boot process to a hardware dependent value
> > that is not accessible from within the booted system might be something
> > to consider.
>
> One word that Bruce M. Simpson already mentioned: TCPA :)

First let me say thanks, this is the kind of outside the box thinking I'm
looking for.

My main objective is to prevent someone from removing the drive and
mounting it from another *nix system and turning it into a unix toy
(turning on shell access, etc) which it's not designed to be, as well as
getting at the application and configuration. By having encryption done by
the loader in such a way that the key can not be derived, protects the
entire filesystem from tampering. Nothing this appliance is going to be
doing requires super fast disk i/o so encryption is not an issue. In fact
I've even considered using flash instead of a drive, but the same issue is
there.

I think what TCPA does has it's application, but I'm not too concerned
about the disk being booted from other hardware, or the hardware being
scavenged for other projects. TCPA sounds like something useful for the
internet tablet PCs of "the boom" that were sold at a loss to be made up
by a subscription to a service. Many of these were purchased for the
hardware (~$200) and hacked for geek projects :-).

Chris