From owner-freebsd-hackers@freebsd.org  Tue Sep  8 20:15:22 2015
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E7159CCC48
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Tue,  8 Sep 2015 20:15:22 +0000 (UTC)
 (envelope-from perryh@pluto.rain.com)
Received: from agora.rdrop.com (agora.rdrop.com [IPv6:2607:f678:1010::34])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 616011B68
 for <freebsd-hackers@freebsd.org>; Tue,  8 Sep 2015 20:15:22 +0000 (UTC)
 (envelope-from perryh@pluto.rain.com)
Received: from agora.rdrop.com (66@localhost [127.0.0.1])
 by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id t88KF8aP033761
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Tue, 8 Sep 2015 13:15:08 -0700 (PDT)
 (envelope-from perryh@pluto.rain.com)
Received: (from uucp@localhost)
 by agora.rdrop.com (8.13.1/8.14.2/Submit) with UUCP id t88KF8Fb033760;
 Tue, 8 Sep 2015 13:15:08 -0700 (PDT)
 (envelope-from perryh@pluto.rain.com)
Received: from fbsd81 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407)
 id AA12697; Tue, 8 Sep 15 13:03:00 PDT
Date: Tue, 08 Sep 2015 13:02:55 -0700
From: perryh@pluto.rain.com (Perry Hutchison)
To: xaol@amazon.com
Cc: freebsd-hackers@freebsd.org, igor@hybrid-lab.co.uk, analysiser@gmail.com
Subject: Re: Passphraseless Disk Encryption Options?
Message-Id: <55ef3eef.qeb+Jh3sjv8B9NgH%perryh@pluto.rain.com>
References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com>
 <CADWvR2iv7xz02Fw9b=159+SMuphQGRKZsfyy9DDeqGMxn=p1BA@mail.gmail.com>
 <D214715D.1A32%xaol@amazon.com> <D2147620.1A4A%xaol@amazon.com>
In-Reply-To: <D2147620.1A4A%xaol@amazon.com>
User-Agent: nail 11.25 7/29/05
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2015 20:15:22 -0000

Xiao Li wrote:

> I'm trying to protect a headless device that has FreeBSD installed
> on it. There is no usb/video input, only NIC and power are exposed.
> And I'm trying to protect its bootable drive.

I think this is fundamentally impossible* to do, with any real
security.  It is like stashing a key to your house somewhere in
the barn:  you think no one else knows where that key is, but
anyone who figures out what you've done can get in.

In Apple's scheme, at least the house key is in a lockbox -- the
login password is the key to the lockbox -- but even there the
hard drive encryption is ultimately only as strong as the login
password.

* Granted, statements like this carry some risk of ending up in
  the same category as "There is no reason for anyone to have a
  home computer" (Gordon Bell), or "No one should ever need more
  than 640K of main memory" (Bill Gates).