Date: Wed, 20 Feb 2013 08:46:55 +0100 From: Paul Schenkeveld <freebsd@psconsult.nl> To: Jason Hellenthal <jhellenthal@DataIX.net> Cc: hackers@freebsd.org Subject: Re: Chicken and egg, encrypted root FS on remote server Message-ID: <20130220074655.GA59952@psconsult.nl> In-Reply-To: <C69A03DB-D861-4400-96B4-2DF5925CB4FC@DataIX.net> References: <20130220065810.GA25027@psconsult.nl> <C69A03DB-D861-4400-96B4-2DF5925CB4FC@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 20, 2013 at 02:42:57AM -0500, Jason Hellenthal wrote: > Just a thought with no working example but… > > bootp / tftp - from a remote secured management frame to TX a key filesytem to unlock your rootfs. > > Could be something as simple as a remote wireless adhoc server with a 64GB thumbdrive to hold your data or just enough to tell the system where to get it. > > Considering a key can be any length string of a sort just to say but... Serve the rootfs key directly from a TXT out of a secured DNS zone only visible to so said machines. Thank you but manual entry of the passprase is a prerequisite here so serving the key automatically is not an option. With kind regards, Paul Schenkeveld
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130220074655.GA59952>