Passphraseless Disk Encryption Options?
Igor Mozolevsky
igor at hybrid-lab.co.uk
Wed Sep 9 10:23:41 UTC 2015
On 9 September 2015 at 10:56, Fabian Keil <freebsd-listen at fabiankeil.de>
wrote:
> Analysiser <analysiser at gmail.com> wrote:
>
> > I’m trying to protect my startup disk’s data from being tampered with
> > by someone who has physically access to the disk. He might put it on some
> > other machine, add some malicious code or check the logs stored in /var,
> > and then put it back my machine, when the machine is stayed in some
> public
> > untrusted environment. When I regain the machine from a public untrusted
> > environment and boot the disk, some malicious code might running and try
> > to contaminate my own network or other machines, or monitor my activities
> > with the machine.
>
> You can boot the system using an encrypted root pool by putting a
> geli keyfile and essential parts of the kernel on an unencrypted
> boot pool that is destroyed and overwritten once the system has
> booted.
>
> I do that with ElectroBSD but it works on vanilla FreeBSD as
> well. It's not perfect, but depending on your threat model it
> may be good enough:
> https://www.fabiankeil.de/gehacktes/electrobsd/#fde
> https://www.fabiankeil.de/gehacktes/cloudiatr/
Can't this be simply undermined by the adversary yanking the power cord
resulting in the disk being but a source of entropy? There is, of course, a
number of scenarios where that would be a perfectly desirable outcome, but
based on what was said earlier, I doubt this is one of them.
I am still unclear what the OP is trying to achieve: first the requirement
was to protect the data on disk from being taken by third party, then the
OP said they just wanted to prevent tampering because they'd be bringing
the box back into their network…
Then, there's the whole headless issue: it was said that there's only the
NIC and the power cord. If that is true, the only way to tamper with data
is to gain physical access to the device. The OP thinks that TPM+trusted
gptBoot waves some magic wand and makes the system secure from tampering; I
seriously doubt that- if one can replace the disk, why can't their replace
TPM, clear BIOS with a jumper, or replace the board all together? The point
I'm driving at is that it seems that the threat model and attack vectors
are not properly analysed for that particular environment, and there's
wishful thinking about a magic genie-in-a-box solution.
The final point is: you cannot have a device that guarantees
confidentiality, availability, and integrity of data in the circumstances
described- you have to sacrifice at least one of the three. If you are
storing the decryption key alongside the encrypted data, no sane person
should ever think that data is actually encrypted.
--
Igor M.
More information about the freebsd-hackers
mailing list