netbsd-users: laptop security

Subject: laptop security
To: None <netbsd-users@netbsd.org>
From: Wolfgang Rupprecht <wolfgang+gnus20020228T093402@wsrcc.com>
List: netbsd-users
Date: 02/28/2002 10:39:24
Recently my beloved vaio 505tx laptop (along with all my other
portable electronics) walked out my back door.  Unfortunately my
laptop had an after-market 20gig disk that I was using as a "hot"
backup of my main NFS server.  (I guess it is still a "hot backup"
now, but in a different sense!) In any case, I've suddenly acquired a
keen interest in a crypto-secured file system.  

Is there a crypto filesystem that works with netbsd?

After scratching my head quite a few times as to what to do when fsck
coughs up hairballs.  I'm beginning to think that securing some part
of the FS infrastructure (such as encrypting the superblock and
inodes) would raise the work effort sufficiently to deter a common
thief.  In effect one could run strings over /dev/wd0d and get all the
heap of file data, but the file data would not be accessible as a
filesystem and would effectively be an unorganized heap of 4k byte
file chunks.  Given todays disk sizes, thats 1e6 to 5e6 (or more) 4k
chunks that someone has to sift through.

-wolfgang

(And yes, I did set the laptop's bios password, but I don't expect
that to hold the thieves back for long.  I get the distinct impression
that there are well-known back doors built into the bios to allow
repair places to clear the password.  For one, Sony repair managed to
boot the laptop without being told the password.)

Sony Vaio 505TX ultra-portable computer
     gray/charcoal case with blue/purple accents.
     aftermarket 20 Gigabyte disk (IBM 9.5mm)
     answers to the name of pasillo.wsrcc.com
     lots of files owned by user "wolfgang" and "alison"
     bootup selector allows for netbsd or win98 boot.
     has boot password set
     part number: P-28987630-P
     serial number: S01-3102514-2

Sony Vaio 505VE ultra-portable computer
     gray/charcoal case with blue/purple accents.
     answers to the name of tepin.wsrcc.com
     lots of files owned by user "wolfgang" and "alison"
     bootup selector allows for netbsd or win98 boot.
     has boot password set
     part number: P-2830310-2
     serial number: S-01-325658-F

Axis 2100 Ethernet Camera.  Orange rj45 ethernet cable.
     tan-colored case.
     answers to name cam.wsrcc.com
     will superimpose the name "WSRCC" on the top of the picture frame
     has reconfigure password set
     sn 00408C592C31 
     pn 0106-004-01 
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/