On Sat, May 04, 2002 at 12:52:58AM -0400, Eric wrote: > Is there anyway to securely encrypt the root partition such that if the disk > is removed from the machine, that the disk will not be able to be decrypted? > I'd like to encrypt the root partition, but unless I manually enter the > password by hand upon every boot, I don't see what would stop someone from > removing the HD from my machine, mounting it in another, and having access > to all the data... I want to create an autonomous machine, which can reboot > by itself if it ever goes down. But I don't want to have to enter a > password manually. > > Am I missing something here? Is there any way to securely encrypt the root > partition? Short answer: No Long answer: Most cases have an intruder detection function. If a contact located near the case opening gap is disconnected, then something (depends on the motherboard) will be triggered. This could be used to flush the secret from memory. (This is far from tamperproof) There is the possiblity to that you supply the secret via an ssh connection too.. Anyway I think it's more paying to focus on the stability of your box then it's ability to reboot autonomously. > On NT/2000/XP, for example, each NTFS volume is mapped to a particular root > user id. Which means that even if the drive is put in another PC, root on > another PC still won't have access to it. The ext2 filesystem, as far as I > can tell, doesn't have that security - if the drive is moved to another > system, root gets full access. There is no secret involved, so there can't be security. This is a software based access control mechanism, which can be easily circumvented. Just put the drive into a linux box. clemens
Attachment:
pgp00015.pgp
Description: PGP signature
