On Wed, 7 Jul 2004 00:43, "mike@xxxxxxxx" <mike@xxxxxxxx> wrote: > > Securing the system is exactly the same thing IMHO. > > > > If your system is insecure then encryption won't help, the attacker will > > get all your passwords and happily decrypt all your data! > > I would argue that it depends on what you are securing against. For > example, securing data against physical laptop theft does not really > require booting from removable media...as long as you don't trust the > laptop once it is recovered. True. But what about servers? How secure is YOUR server room? Taking disks out etc is not difficult to do. Replacing the BIOS on the motherboard adds an extra level of difficulty and the risk is decreased if that is what an attacker would be forced to do. > However, if you are requiring a physical token to provide a key then > booting from that token is not too much of a leap. Assuming your firmware > supports booting from, say, USB. This seems outside the scope of mkinitrd > and more a responsibility of properly configuring yaboot, lilo, grub, etc. You need the initrd to be able to mount an encrypted root fs, so there are some changes to initrd needed. They are probably more significant than the changes to allow booting from a USB device. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
