Jean-Michel Pouré - GOOZE <jmpoure@xxxxxxxx> wrote:
> When using smartcards, secrets are not displayed. So why should we need
> to crypt the initramfs at first stage? We only need to boot in first
> stage, non-encrypted, and then request secrets from PKCS#11 and uncrypt
> the complete system.
Well, what you should need does primarily depend on what you want to
have, i.e. on your security goals.
If your only security goal is the typical "stolen notebook" scenario,
i.e. prevent off-line access to your data, you don't need to care about
crypted initramfs or whatever.
If your security goals go further and you want to prevent secrets (keys,
passphrases) from being stolen you have to care about things like
root-access, backdoors, loggers, etc. An untrusted initramfs is able to
install such backdoors or loggers - so are untrusted boot-loaders,
BIOSes and hardwares.
If your security goal is to establish a full trust-chain, you have to
care about lot more things.
regards
Mario
--
As a rule, the more bizarre a thing is, the less mysterious it proves to be.
-- Sherlock Holmes by Arthur Conan Doyle
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
