From owner-freebsd-hackers@freebsd.org Wed Sep 9 09:57:37 2015 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5BE0B9CD29B for ; Wed, 9 Sep 2015 09:57:37 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.18.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 193C21F27 for ; Wed, 9 Sep 2015 09:57:36 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from [78.35.136.4] (helo=fabiankeil.de) by smtprelay02.ispgateway.de with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.84) (envelope-from ) id 1ZZc7K-00024H-Gy for freebsd-hackers@freebsd.org; Wed, 09 Sep 2015 11:56:38 +0200 Date: Wed, 9 Sep 2015 11:56:38 +0200 From: Fabian Keil To: freebsd-hackers@freebsd.org Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <74e08b7d.41e63923@fabiankeil.de> In-Reply-To: <74385D4D-48C7-4B5B-BF94-B99806C667EE@gmail.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> <55EF4B65.8030905@delphij.net> <74385D4D-48C7-4B5B-BF94-B99806C667EE@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/D6.8r5ZrEU8ROi9/IQKvQtQ"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Sep 2015 09:57:37 -0000 --Sig_/D6.8r5ZrEU8ROi9/IQKvQtQ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Analysiser wrote: > I=E2=80=99m trying to protect my startup disk=E2=80=99s data from being t= ampered with > by someone who has physically access to the disk. He might put it on some > other machine, add some malicious code or check the logs stored in /var, > and then put it back my machine, when the machine is stayed in some public > untrusted environment. When I regain the machine from a public untrusted > environment and boot the disk, some malicious code might running and try > to contaminate my own network or other machines, or monitor my activities > with the machine.=20 You can boot the system using an encrypted root pool by putting a geli keyfile and essential parts of the kernel on an unencrypted boot pool that is destroyed and overwritten once the system has booted. I do that with ElectroBSD but it works on vanilla FreeBSD as well. It's not perfect, but depending on your threat model it may be good enough: https://www.fabiankeil.de/gehacktes/electrobsd/#fde https://www.fabiankeil.de/gehacktes/cloudiatr/ Fabian --Sig_/D6.8r5ZrEU8ROi9/IQKvQtQ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlXwAlYACgkQBYqIVf93VJ1WsgCfVXm5UPPCbsMBos2SnyCeEr4a grsAn2aEJj6MFOHJ05PcT3hLvE5gsOwz =PKpT -----END PGP SIGNATURE----- --Sig_/D6.8r5ZrEU8ROi9/IQKvQtQ--