>>> Securing the system is exactly the same thing IMHO. >>> >>> If your system is insecure then encryption won't help, the attacker will >>> get all your passwords and happily decrypt all your data! >> I would argue that it depends on what you are securing against. For >> example, securing data against physical laptop theft does not really >> require booting from removable media...as long as you don't trust the >> laptop once it is recovered. > > True. But what about servers? How secure is YOUR server room? Taking > disks out etc is not difficult to do. Replacing the BIOS on the motherboard > adds an extra level of difficulty and the risk is decreased if that is what > an attacker would be forced to do. You are entirely right. Again, my point is that it depends what you are securing against. I don't have a server room. I am interested in securing my laptop. The important thing is that, as these techniques are developed, we are straight forward with and aware of the precise things they defend against. >> However, if you are requiring a physical token to provide a key then >> booting from that token is not too much of a leap. Assuming your firmware >> supports booting from, say, USB. This seems outside the scope of mkinitrd >> and more a responsibility of properly configuring yaboot, lilo, grub, etc. > > You need the initrd to be able to mount an encrypted root fs, so there are > some changes to initrd needed. They are probably more significant than the > changes to allow booting from a USB device. Yes. I am already working on modifying mkinitrd (see elsewhere in this thread). So, as I mentioned, once mkinitrd/initrd supports encrypted root filesystems and accessing a key on a removable device then booting from that same device should be simple. -- Mike
