I can survive if kernel and initrd stay in a separated partition. May be i create a script to generate hash and sign them. If I use a separated partition, what is the next logical step?
--
Marcos Barbosa <marcosestevesbarbosa@xxxxxxxxx>
2011/11/9 Arno Wagner <arno@xxxxxxxxxxx>
You don't. What you do instead is use an encrypted
data partition, which may be supported by some
Ubuntu tool.
The problem is that the kernel and an initrd have to
reside outside of the encrypted space. There is no
way around that. As a consequence, an attacker can
already modify those two and get complete control.
If you are worried about this, use some form of
physical protection. Weak protection comes from using
write-once media like a CD-R. Stronger comes from
using an encrypted memory-stick with keypad. (Beware,
there are secure and insecure ones on the market.)
You can also ware the stick around your neck.
Arno
> _______________________________________________
On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote:
> How i create a Ubuntu liveUSB inside a USB stick?
> The trick: The casper files is inside a encrypted partition with LUKS.
>
> any ideas?
>
> --
> Marcos Barbosa <marcosestevesbarbosa@xxxxxxxxx>
> dm-crypt mailing list
> dm-crypt@xxxxxxxx
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
Marcos Barbosa <marcosestevesbarbosa@xxxxxxxxx>
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt