Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)

To: Todd Vierling <tv%netbsd.org@localhost>
Subject: Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
From: David Brownlee <abs%NetBSD.org@localhost>
Date: Mon, 23 Mar 2009 16:54:43 +0000 (GMT)

On Mon, 23 Mar 2009, Todd Vierling wrote:

On Mon, Mar 23, 2009 at 9:12 AM, David Brownlee <abs%netbsd.org@localhost> 
wrote:

       Converting a running system to an encryped filesystem without
       requiring a dump/restore is a very nice additional feature, but
       I think NetBSD would really benefit from 'just' the cgd support
       in the bootblocks and passing the relevant data across to the
       kernel so it can get a cgd encrypted root filesystem...


Works for workstations, if the bootblocks have passphrase entry (and
better yet, cgd decrypt support to load the kernel itself from an
encrypted root); that would work much like other full-disk encryption
systems.


        I think that would be the ideal case for any mahine which
        doesn't require unattended reboot - the only unencrypted
        data on the disk would be the bootblocks and some cdg config
        (which may well be written into the bootblocks). Once installed
        it should be transparent to the user including updating kernels
        and anything other than bootblocks :)

Without something like TPM, doesn't solve the unattended server
problem, though perhaps that does require a more complex solution
(such as a ramdisk or small root partition, over which / is remounted)
to allow the key to be stored in a more flexible manner.

Collectively this sounds more like two projects to me, though the
latter could suffice for both cases, for a first stab at it.  The
latter is also less low-level code and more scripting work (and
perhaps crunchgen for space), which may make multiplatform support
less painful.  Mentors' mileage may vary.


        Could you clarify how the latter would work - is the intention
        to allow the system to boot up to a point where the administrator
        can connect in to finish cgd configuration and remount?

        I can see the utility of both, and would be very happy with
        either :)

--
                David/absolute       -- www.NetBSD.org: No hype required --

Follow-Ups:
- Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
  - From: Jan Danielsson
- Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
  - From: Todd Vierling
- Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
  - From: Cem Kayali

References:
- summer of code - scrub feature
  - From: Stathis Kamperis
- Re: summer of code - scrub feature
  - From: Thor Lancelot Simon
- Re: summer of code - scrub feature
  - From: Alistair Crooks
- Re: summer of code - scrub feature
  - From: Thor Lancelot Simon
- Re: summer of code - scrub feature
  - From: Christos Zoulas
- Re: summer of code - scrub feature
  - From: David Brownlee
- Re: summer of code - scrub feature
  - From: Todd Vierling
- Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
  - From: David Brownlee
- Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
  - From: Todd Vierling

Prev by Date: Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
Next by Date: Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
Previous by Thread: Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
Next by Thread: Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)
Indexes:

Home | Main Index | Thread Index | Old Index