tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)

On Mon, 23 Mar 2009, Todd Vierling wrote:

On Mon, Mar 23, 2009 at 12:54 PM, David Brownlee <> 
Without something like TPM, doesn't solve the unattended server
problem, though perhaps that does require a more complex solution
(such as a ramdisk or small root partition, over which / is remounted)
to allow the key to be stored in a more flexible manner.

       Could you clarify how the latter would work - is the intention
       to allow the system to boot up to a point where the administrator
       can connect in to finish cgd configuration and remount?

No, it's much more simplistic than that -- storage of a (possibly
partial) key on a removable device so that the machine can fully start
unattended, but only with the extra media device in place.  Sort of a
"poor man's TPM".  This provides some of the benefits of encryption,
such as in-built resistance to media-level data forensics, and
unreadability of the physical disk outside of the machine in which it
was installed.  The idea is to make a common attacker (someone who
might run off with a pulled-out drive) eventually not so common.

        Then at the risk of feeping creatures... why can't the boot block
        do that? Either the bootblocks and external config lie on the
        USBkey or similar and then it configures the cgd on the main
        disk and then loads the kernel from it, or the bootblocks can
        read some additional config from the USBkey before mounting
        the main cgd, and even better can pass that extra data across
        to the kernel...

                David/absolute       -- No hype required --

Home | Main Index | Thread Index | Old Index