Date: Mon, 23 Oct 2000 09:47:08 -0400 (EDT) From: Tim McMillen <timcm@umich.edu> To: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de> Cc: questions@FreeBSD.ORG Subject: Re: secure boot Message-ID: <Pine.SOL.4.10.10010230941490.12076-100000@gorf.gpcc.itd.umich.edu> In-Reply-To: <200010231306.PAA69534@gilberto.physik.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
No. If somebody has physical access to your box they can do anything they want. Including wiping freebsd off your HD and installing windows. For example you can mark the console as insecure so they have to have the superuser password. But all they have to do is have a boot floppy to get single user mode. You could take out the floppy and cdrom drive and allow booting only from the HD. An attacker could just install those things back. You can password protect the bios, but taking the battery off of it wipes it out and they can change the bios again. There is no substitute for physical security Doing some of the above will help, ie make it more inconvenient to attack the box, but you cannot be absolutely safe. Tim On Mon, 23 Oct 2000, Christoph Kukulies wrote: > > Is there a way to make FreeBSD absolutely safe against rebooting > and getting into super user mode, e.g. by interrupting the > boot process, ^C into single user or booting into single user mode? > > -- > Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.10.10010230941490.12076-100000>