 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- > bounces+blu=nedharvey.com at blu.org] On Behalf Of Derek Atkins > > Note that this will allow you to encrypt all partitions except your > /boot partition, Also, depending on whether or not you care, this introduces a mode for attack. Because the kernel and initial environment can be tampered with in such a way that the user would not notice, and then the user happily types in password, which got recorded or communicated, etc. The same problem is not true if you either (a) use TPM, which performs checksum on the pre-boot environment, and refuses to release key in the event of tampering (but TPM is primarily used by windows; I don't know any linux-based tools that use it) or (b) as suggested, use whole disk encryption such as PGP, or truecrypt (if truecrypt supports linux now.) Because the whole disk products must unlock the disk before the kernel or anything can start; hence they're protected from tampering.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
