From owner-freebsd-questions@FreeBSD.ORG Sun Dec 30 09:35:03 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D932B1BA for ; Sun, 30 Dec 2012 09:35:03 +0000 (UTC) (envelope-from demelier.david@gmail.com) Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) by mx1.freebsd.org (Postfix) with ESMTP id 62A1C8FC0A for ; Sun, 30 Dec 2012 09:35:03 +0000 (UTC) Received: by mail-wi0-f173.google.com with SMTP id hn17so8893805wib.12 for ; Sun, 30 Dec 2012 01:35:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=RnJDRa+P/uN4RRR+PApUbxA0tPQJbDIyUwoO/5uk4BU=; b=IknrrdPafnIIPqv3HHWpHt8ucN2IHGa+HufO2h1FG346AuCI6q8kaF5huBSifyNTXl 3ClT4AqL8RIDtzDX5Tbt7e+4eLvf8mxkHcjAmHuc7BKJcOjzTQXv70QUCVJ980iD0yWx sgqCybZ+a6omrZ+bMUHHAOg7Mt26DTwUwz3vrZQpDSQgdmGp71jm9Xout43FbtDPgA0n Woem+TGtTtMGbcKGaQGxPZKphuKcRTzC8SSxVTKtE+GWwawaCJ2LRtM3QxRUUtic0DOy tEaIna8jFweq1ovD/FFRfKi2kU+Vv8d6PLFVWs2K88fFoAcjNRh7qn2v+q2OvZ/uqjKv F0XA== X-Received: by 10.180.20.109 with SMTP id m13mr59038019wie.16.1356860102362; Sun, 30 Dec 2012 01:35:02 -0800 (PST) Received: from Melon.malikania.fr (110.89.123.78.rev.sfr.net. [78.123.89.110]) by mx.google.com with ESMTPS id g2sm63541037wiy.0.2012.12.30.01.35.00 (version=SSLv3 cipher=OTHER); Sun, 30 Dec 2012 01:35:01 -0800 (PST) Message-ID: <50E00ABB.9080200@gmail.com> Date: Sun, 30 Dec 2012 10:34:51 +0100 From: David Demelier User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Full disk encryption without root partition References: <50DF6401.50001@martinlaabs.de> <20121229235319.2ee5cb85.freebsd@edvax.de> In-Reply-To: <20121229235319.2ee5cb85.freebsd@edvax.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Dec 2012 09:35:03 -0000 On 29/12/2012 23:53, Polytropon wrote: > On Sat, 29 Dec 2012 22:43:29 +0100, Martin Laabs wrote: >> So from the security point of view it might be a good choice to have a >> unencrypted and (hardware) readonly boot partition. > > To prevent unintended modification by of the > boot process's components, an option would be to have the > system boot from a R/O media (SD card, USB stick or USB > "card in stick") and then _remove_ this media when the > system has been booted. Of course this requires physical > presence of some kind of operator who is confirmed to > handle this specific media. The rest of the system on > disk and the data may be encrypted now, and if (physically) > stolen, the disks are useless. I agree that such kind of > security isn't possible everywhere, especially not if > you cannot physically access your server. > > To prevent further "bad things" (like someone steals > this "boot stick"), manually entering a passphrase in > combination with the keys on the stick could be required. > Of course a strong passphrase would have to be chosen, > and not written on the USB stick. :-) > > The options has on a _running_ system with > encrypted components is a completely different topic. > > > I think a good idea would be to store the key directly in the bootloader, but that needs a large enough partition scheme that can store the bootloader (boot0 or boot1) plus the encryption key. However this needs to add support for that in both boot files and will be bigger.