Date: Sat, 29 Dec 2012 23:53:19 +0100 From: Polytropon <freebsd@edvax.de> To: Martin Laabs <info@martinlaabs.de> Cc: freebsd-questions@freebsd.org Subject: Re: Full disk encryption without root partition Message-ID: <20121229235319.2ee5cb85.freebsd@edvax.de> In-Reply-To: <50DF6401.50001@martinlaabs.de> References: <CAHUOma=wCDQPUy%2B6yVHnMDzd8j75pJ1xn7KBqknqnod99Abgtw@mail.gmail.com> <CAHUOmant1m446mVY85R7EpBd2Pw14gdL03fpmVPMKsrr_epfPw@mail.gmail.com> <50DF6401.50001@martinlaabs.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 Dec 2012 22:43:29 +0100, Martin Laabs wrote: > So from the security point of view it might be a good choice to have a > unencrypted and (hardware) readonly boot partition. To prevent unintended modification by <attacker> of the boot process's components, an option would be to have the system boot from a R/O media (SD card, USB stick or USB "card in stick") and then _remove_ this media when the system has been booted. Of course this requires physical presence of some kind of operator who is confirmed to handle this specific media. The rest of the system on disk and the data may be encrypted now, and if (physically) stolen, the disks are useless. I agree that such kind of security isn't possible everywhere, especially not if you cannot physically access your server. To prevent further "bad things" (like someone steals this "boot stick"), manually entering a passphrase in combination with the keys on the stick could be required. Of course a strong passphrase would have to be chosen, and not written on the USB stick. :-) The options <attacker> has on a _running_ system with encrypted components is a completely different topic. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121229235319.2ee5cb85.freebsd>