Re: summer of code - scrub feature

[Todd Vierling <tv%netbsd.org@localhost>]

On Mon, Mar 23, 2009 at 4:42 AM, David Brownlee <abs%netbsd.org@localhost> 
wrote:
>        A SoC project to add cgd support to the bootblocks and code to
>        pass across to the kernel could be very worthwhile...

/me perks up and peers out from his cubicley jail lined with systems
unfortunately not running nbsd....

There's a reason every single one of my Windoze systems use TrueCrypt
system drive level encryption.  Not one sector hits the disk without
going through at least an AES-Twofish cascade.

On Mon, Mar 23, 2009 at 5:06 AM, Geert Hendrickx <ghen%telenet.be@localhost> 
wrote:
> ... but it breaks unattended reboots for servers. :-(

TPM.

If that's too tinfoil-hat to bear, too inflexible in the face of
motherboard failure, or too locked in to x86 (and it is):  a carefully
constructed ramdisk or tiny unencrypted root partition, and a "mount
-o remount /" (or upper layer union mount, or just a very crafty
symlink farm) can allow cgdconfig to be part of an unattended boot
process.  Depending on how it's done, the key can be embedded in the
ramdisk, on a separate USB token/drive, or made to be a combination of
the two....

(Yes, I've done this before; my home server was set up this way since
the early days of cgd's existence.  Pop out the thumbdrive on which
half of the key lived, and the system would not boot.)

/me now returns to working on far less interesting things for a living....

-- 
-- Todd Vierling <tv%duh.org@localhost> <tv%pobox.com@localhost> 
<todd%vierling.name@localhost>