Full disk encryption without root partition
David Demelier
demelier.david at gmail.com
Sun Dec 30 09:35:03 UTC 2012
On 29/12/2012 23:53, Polytropon wrote:
> On Sat, 29 Dec 2012 22:43:29 +0100, Martin Laabs wrote:
>> So from the security point of view it might be a good choice to have a
>> unencrypted and (hardware) readonly boot partition.
>
> To prevent unintended modification by <attacker> of the
> boot process's components, an option would be to have the
> system boot from a R/O media (SD card, USB stick or USB
> "card in stick") and then _remove_ this media when the
> system has been booted. Of course this requires physical
> presence of some kind of operator who is confirmed to
> handle this specific media. The rest of the system on
> disk and the data may be encrypted now, and if (physically)
> stolen, the disks are useless. I agree that such kind of
> security isn't possible everywhere, especially not if
> you cannot physically access your server.
>
> To prevent further "bad things" (like someone steals
> this "boot stick"), manually entering a passphrase in
> combination with the keys on the stick could be required.
> Of course a strong passphrase would have to be chosen,
> and not written on the USB stick. :-)
>
> The options <attacker> has on a _running_ system with
> encrypted components is a completely different topic.
>
>
>
I think a good idea would be to store the key directly in the
bootloader, but that needs a large enough partition scheme that can
store the bootloader (boot0 or boot1) plus the encryption key. However
this needs to add support for that in both boot files and will be bigger.
More information about the freebsd-questions
mailing list