Passphraseless Disk Encryption Options?

Analysiser analysiser at gmail.com
Tue Sep 8 20:22:44 UTC 2015 

To Brandon and Igor, 
Thanks for your pointing out about the facts of FileValut and yes I understood your point in indicating the login IS the decryption process. That is merely an appearance I think that *looks* something I would like to have. I cannot have a login as the decryption process so it has to be done somewhere before login.

To Nik,
Thanks for the suggestion at it looks very feasible. I’m thinking it might needs a strong algorithm to calculate the passphrase with some rotating secret. I think I could test this way first.

To Richard,
Thank you for the suggestion. I believe that we have a secure boot protected by the TPM. I think I could trust the motherboard and if someone steals the TPM module the system would absolutely fail to boot. I have some programs that relies on TPM attestation too that could report the system status to a remote attester. However, since the programs are not checking everything in OS I’m hoping to perform a startup disk encryption to further prevent unwanted alterations on the files or executables in OS that might perform attacks. The device is headless in that it has no exposed optical disks, usb ports, video outputs… I like the idea of self-destruct USB stick idea but I cannot have it :D

Thanks again!
Xiao 


  

> On Sep 8, 2015, at 12:52 PM, Richard Hodges <richard at hodges.org> wrote:
> 
> On Tuesday 08 September 2015,"Li, Xiao via freebsd-hackers" <freebsd-hackers at freebsd.org> 
> wrote:
>> Agreed, that¹s why I¹m stuck in here: it seems like something either
>> unachievable or haven¹t been done before. 
> 
> The decryption key has to come from somewhere. Usually someone types it in, but they key 
> could be on removable media, like a USB memory stick, a CD ROM, floppy, etc.
> 
> I think you hinted at secure boot. Do you trust the security of the motherboard? But if 
> someone steals your hard drives, can't they also steal your other hardware?
> 
> It might be interesting to think about an external key, such as in a USB stick, that could 
> be set to self-destruct (eg, overvoltage) coupled with a tamper sensor.
> 
> If you could describe your threat model in more detail, and tell exactly what parts are 
> trusted, someone might have a helpful idea.
> 
> -Richard

More information about the freebsd-hackers mailing list