From owner-freebsd-hackers@FreeBSD.ORG Thu Sep 16 17:30:11 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2438816A4CE for ; Thu, 16 Sep 2004 17:30:11 +0000 (GMT) Received: from mail.praemunio.com (mail.praemunio.com [66.179.47.216]) by mx1.FreeBSD.org (Postfix) with SMTP id ABD9543D2F for ; Thu, 16 Sep 2004 17:30:10 +0000 (GMT) (envelope-from frank@knobbe.us) Received: from localhost (HELO mail.knobbe.us) by localhost with SMTP; 16 Sep 2004 12:30:09 -0500 Received: from localhost (HELO ??) by localhost with SMTP; 16 Sep 2004 12:30:08 -0500 From: Frank Knobbe To: Bruce M Simpson In-Reply-To: <20040916032406.GC7413@empiric.icir.org> References: <200409072022.i87KM7Kf049770@wattres.Watt.COM> <20040916010317.GN1001@straylight.m.ringlet.net> <20040916032406.GC7413@empiric.icir.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-C+CVKfCfJpSD0IokEevN" Message-Id: <1095355800.530.24.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 16 Sep 2004 12:30:01 -0500 cc: hackers@freebsd.org Subject: Re: Booting encrypted X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 17:30:11 -0000 --=-C+CVKfCfJpSD0IokEevN Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2004-09-15 at 22:24, Bruce M Simpson wrote: > Using TCPA, you could lock down your device in this way, and extract the > symmetric key for the media from nonvolatile secure storage on the chip > once the OS has logged into it. Of course you'd have to sign the OS image > in such a way that booting it unlocked the secure storage.=20 Yes, TCPA offers solutions for that. But they might be overkill for what he wants to accomplish. Having the key in the boot loader will do what he wants -- prevent someone booting from a CD and mounting the drive. But the key on the encrypted media itself (in the boot loader) is bad practice. Hence the idea of fetching it from hardware. Sure, it is still possible to break the systems (by booting a CD, reading the CPU ID, or VGA S/N, or whatever is used, and manually decrypting the drive). But it presents a significantly higher effort, while still not dependent on TCPA ready hardware and all the (key) management stuff that comes with it. Call it a poor-mans TCPA :) It's a balance, an in-between. For real security, choose TCPA. For good-enough security, this solution may work better. All depends on the level of paranoia present :) Cheers, Frank --=-C+CVKfCfJpSD0IokEevN Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBSc2YJjGc5ftAw8wRAtFaAKD06WTs28llxev5p52SJYUsj5sxAQCfa4A4 bAujvUEKzFxm3n/zfnXJt+w= =Lxbo -----END PGP SIGNATURE----- --=-C+CVKfCfJpSD0IokEevN--