Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] encrypted linux systems

> From: at [mailto:discuss-
> at] On Behalf Of Derek Atkins
> Note that this will allow you to encrypt all partitions except your
> /boot partition, 

Also, depending on whether or not you care, this introduces a mode for attack.  Because the kernel and initial environment can be tampered with in such a way that the user would not notice, and then the user happily types in password, which got recorded or communicated, etc.

The same problem is not true if you either (a) use TPM, which performs checksum on the pre-boot environment, and refuses to release key in the event of tampering (but TPM is primarily used by windows; I don't know any linux-based tools that use it)  or (b) as suggested, use whole disk encryption such as PGP, or truecrypt (if truecrypt supports linux now.)  Because the whole disk products must unlock the disk before the kernel or anything can start; hence they're protected from tampering.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /