From owner-freebsd-hackers@freebsd.org Tue Sep 8 20:32:40 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 23ED5A00630 for ; Tue, 8 Sep 2015 20:32:40 +0000 (UTC) (envelope-from amesbury@oitsec.umn.edu) Received: from mail.oitsec.umn.edu (mail.oitsec.umn.edu [128.101.238.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.oitsec.umn.edu", Issuer "InCommon RSA Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 001901887 for ; Tue, 8 Sep 2015 20:32:39 +0000 (UTC) (envelope-from amesbury@oitsec.umn.edu) Received: from mail.oitsec.umn.edu (localhost [127.0.0.1]) by mail.oitsec.umn.edu (Postfix) with ESMTP id CB7BA5C822; Tue, 8 Sep 2015 15:32:30 -0500 (CDT) X-Virus-Scanned: amavisd-new at oitsec.umn.edu Received: from mail.oitsec.umn.edu ([127.0.0.1]) by mail.oitsec.umn.edu (mail.oitsec.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uvDZwSlBJx4N; Tue, 8 Sep 2015 15:32:30 -0500 (CDT) Received: from optimator.oitsec.umn.edu (optimator.oitsec.umn.edu [134.84.23.1]) (Authenticated sender: amesbury) by mail.oitsec.umn.edu (Postfix) with ESMTPSA id 0EA185C821; Tue, 8 Sep 2015 15:32:29 -0500 (CDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\)) Subject: Re: Passphraseless Disk Encryption Options? From: Alan Amesbury In-Reply-To: <55ef3eef.qeb+Jh3sjv8B9NgH%perryh@pluto.rain.com> Date: Tue, 8 Sep 2015 15:32:28 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <4B1D3515-2C6F-48C2-9773-7E4E9C686135@oitsec.umn.edu> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> <55ef3eef.qeb+Jh3sjv8B9NgH%perryh@pluto.rain.com> To: freebsd-hackers@freebsd.org, xaol@amazon.com X-Mailer: Apple Mail (2.2102) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2015 20:32:40 -0000 On Sep 8, 2015, at 15:02 , Perry Hutchison = wrote: > I think this is fundamentally impossible* to do, with any real > security. It is like stashing a key to your house somewhere in > the barn: you think no one else knows where that key is, but > anyone who figures out what you've done can get in. >=20 > In Apple's scheme, at least the house key is in a lockbox -- the > login password is the key to the lockbox -- but even there the > hard drive encryption is ultimately only as strong as the login > password. [snip] I think there's a difference between Apple's FileVault and FileVault 2. = I recall the former booting completely to a login prompt, i.e., the OS = was running and everything but home directories were accessible once the = boot process was completed. Logging in caused home directories to = become available, probably through using the user's password to decrypt = a copy of the disk encryption key (as has already been described). I = thought there was also a recovery partition. I could very well be wrong = about this, though; it's been some time since I saw FileVault. FileVault 2 appears to encrypt the entire drive, including the OS. = Booting the system to its normal state is not possible without user = interaction; you have to enter your password to allow the boot process = to decrypt the key that's used to decrypt the rest of the filesystem = containing the normal operating environment. It looks like there's no = recovery partition, either, at least under Yosemite (v10.10.x), even = though there appears to be one on disk; it doesn't show up as a boot = option when the option key is pressed at boot. The only options given = are to boot from the drive normally (which prompts for a password), or = boot from the network. I agree that it seems unlikely to be able to have a system boot without = user interaction unless the key is stored in plaintext somewhere that = the boot process can retrieve it... which means it's likely accessible = to other things, too. --=20 Alan Amesbury University Information Security http://umn.edu/lookup/amesbury