From owner-freebsd-security@FreeBSD.ORG Fri Jul 29 11:46:01 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B079516A41F; Fri, 29 Jul 2005 11:46:01 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com [194.25.134.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FDDB43D48; Fri, 29 Jul 2005 11:46:00 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from fwd26.aul.t-online.de by mailout07.sul.t-online.com with smtp id 1DyTJO-000064-01; Fri, 29 Jul 2005 13:45:58 +0200 Received: from Andro-Beta.Leidinger.net (SOkMxYZp8eZNCzlKsWqx3CHvPocSdyqG6GSmeL7Q+uOaz6fbFdncsW@[84.165.201.169]) by fwd26.sul.t-online.de with esmtp id 1DyTJL-18HMzA0; Fri, 29 Jul 2005 13:45:55 +0200 Received: from localhost (localhost [127.0.0.1]) by Andro-Beta.Leidinger.net (8.13.3/8.13.3) with ESMTP id j6TBjmAw061039; Fri, 29 Jul 2005 13:45:48 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from 141.113.101.31 ([141.113.101.31]) by netchild.homeip.net (Horde MIME library) with HTTP for ; Fri, 29 Jul 2005 13:45:48 +0200 Message-ID: <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net> X-Priority: 3 (Normal) Date: Fri, 29 Jul 2005 13:45:48 +0200 From: Alexander Leidinger To: Pawel Jakub Dawidek References: <42E9BC12.2050401@infoweapons.com> <20050729065357.GA617@darkness.comp.waw.pl> In-Reply-To: <20050729065357.GA617@darkness.comp.waw.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-ID: SOkMxYZp8eZNCzlKsWqx3CHvPocSdyqG6GSmeL7Q+uOaz6fbFdncsW@t-dialin.net X-TOI-MSGID: 82a2a4a0-6caf-4639-9241-f63ea2662f16 X-Mailman-Approved-At: Fri, 29 Jul 2005 13:21:46 +0000 Cc: freebsd-security , freebsd-geom , freebsd-hackers , "Ronnel P. Maglasang" Subject: Re: booting gbde-encrypted filesystem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jul 2005 11:46:02 -0000 Pawel Jakub Dawidek wrote: > This is not not possible with current GBDE. > I've patches which allows this here: > > http://people.freebsd.org/~pjd/patches/gbde.patch I fail to see how this allows an encryted root-FS, it doesn't add gbde support to boot0(ext) or to the loader. It needs access to an unencrypted kernel. I don't think this is what Ronnel had in mind (overlooking the fact that his suggestion to save the passphrase in the loader is insecure). Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 The man who can smile when things go wrong has thought of someone he can blame it on.