Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Oct 2007 19:46:30 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Steve Bertrand <iaccounts@ibctech.ca>, freebsd-questions@freebsd.org
Subject:   Re: Booting a GELI encrypted hard disk
Message-ID:  <20071022174629.GA1118@garage.freebsd.pl>
In-Reply-To: <20071010175349.GB9770@slackbox.xs4all.nl>
References:  <470CCDE2.9090603@ibctech.ca> <20071010175349.GB9770@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 

--Dxnq1zWXvFF0Q93v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 10, 2007 at 07:53:49PM +0200, Roland Smith wrote:
> On Wed, Oct 10, 2007 at 09:04:34AM -0400, Steve Bertrand wrote:
> > Hi all,
> >=20
> > I am voraciously attempting to get a FreeBSD system to boot from a GELI
> > encrypted hard disk, but am having problems.
>=20
> You don't need to encrypt the whole harddisk. You can encrypt separate
> slices. There is no need to encrypt stuff like / or /usr; what is there
> that needs to be kept secret?

Maybe not encryption, but integrity protection is very important for
laptops. GELI supports integrity protection for a while now. If you
don't protect integrity of your entire laptop disk, it is trivial to
trojan userland utilities and/or kernel and steal your password. If
someone needs your data, he can dump encrypted partition, trojan your
system and once you connect to the internet and attach your encrypted
partition, the trojan will send the password to the attacker. Many
people often leave their laptops in hotels rooms, for example.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--Dxnq1zWXvFF0Q93v
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHHOH1ForvXbEpPzQRAmCAAJ90e5syECUNVJPVuCwHbi5MhO2MAQCgpvNK
S58vnY01w/ZTWzXv4s5NJxE=
=1YkB
-----END PGP SIGNATURE-----

--Dxnq1zWXvFF0Q93v--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071022174629.GA1118>