Luca Berra wrote:
On Mon, Dec 28, 2009 at 09:28:43PM +0100, Olivier Sessink wrote:
Hi all,
I was wondering if there are some 'common' ways to prevent tampering
with the unencrypted kernel and initrd in the case of an encrypted
root filesystem? If somebody has access to your computer they could
change the initrd and kernel and make your encryption useless (e.g.
store the password in /boot, or send it over the network, etc. etc.).
It shouldn't be too hard to make this at least very difficult.
I'm sorry if anyone has physical access to the machine, you lose.
there is nothing you can do to prevent it.
If your laptop is stolen and later found, i would not trust typing my
password again booting from that disk. I would boot from a rescue media
or install the disk in another machine and recover the data.
What you suggest only creates a false sense of security and should be
avoided.
yes you are 100% right from a perfect security viewpoint. However, we're
looking at a "regular user" deployment, and we know that our regular
users are not going to look after their devices as good as most IT
security professionals will do (they might even carry their password in
their wallet, or tell the password over the phone). So our aim is not
100% perfect security, but just "make it (a lot) harder" to get to the
data.
The data on the devices is interesting enough for a simple hack, but not
interesting enough for a very complicated attack (or a physical
keylogger or tempest attack). So if we can avoid the simple attacks we
have improved the overall security.
So in our not-so-perfect world we will loose from a determined hacker
anyway. But perhaps we can be safe from the script kiddies.
Olivier
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt