On Sat, Oct 06, 2001 at 12:44:32PM -0400, Hank Leininger wrote:
> Not speaking for Antti, but I'm concerned not just with "someone could
> steal the hard drive out of my laptop" but also "someone could steal the
> hard drive out of my laptop, trojan some important binaries in any
> non-encrypted partitions I have, then put it back, waiting for me to use it
> again and leak key material, run privileged tools while the encrypted
> filesystems are mounted, etc, and then steal it again."
>
> To provide at least some protection from that, you need some assurance of
> the integrity of, basically, everything. Plaintext /boot and encrypted
> everything else still isn't good enough, as the kernel / initrd could be
> swapped out by a malicious party. So, boot off a write-once CDROM with
Interesting discussion. As a low-tech way of doing this, you could make
a small DOS partition -- 3MB should be enough -- and use "pgp -c" to
secure your kernel. Decrypt the kernel then boot with loadlin.exe. Once
in GNU/Linux you can go back and verify the integrity of the kernel and
the DOS binaries (pgp and loadlin, as well as the OS files). This
verification could be automated by a script.
Wiping the DOS partition would be a good idea, because an attacker could
potentially recover your unencrypted kernel image, and with that could
possibly get your pgp -c passphrase. The wiping and restoration of the
partition could also be scripted.
This could be done with a bootable diskette instead of a partition, but
in that case you would need a DOS ramdrive to hold the decrypted kernel
and loadlin.exe. There may be issues with loadlin and the memory manager
needed for the ramdrive, though (I've never tried it.)
With loadlin you're limited to about 1MB compressed kernel image. No big
monolithic kernels -- you have to make it modular. This shouldn't be a
barrier for anyone yet, because most drivers can be used as modules.
Anyway, I just wanted to throw out an idea for those of us who still use
our old pre-CD-ROM laptops (portable dinosaurs. :)
> Then, of course, you're still trusting your BIOS, keyboard, EM
> radiation...
And if your opponents have that kind of will and capability they are
probably working for a TLA. That of course gives them many other "brute
force" methods of password "recovery" (I love how thieves use that word
to describe what they do.)
Rob - /dev/rob0
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
