Date: Tue, 8 Sep 2015 19:27:04 +0100 From: Igor Mozolevsky <igor@hybrid-lab.co.uk> To: "Li, Xiao" <xaol@amazon.com> Cc: Analysiser <analysiser@gmail.com>, Hackers freeBSD <freebsd-hackers@freebsd.org> Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <CADWvR2iVubsBQjnvQ8mDGGS7ujsR8wPQ2RAxn=kvFkmVGQkXiQ@mail.gmail.com> In-Reply-To: <D214715D.1A32%xaol@amazon.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> <CADWvR2iv7xz02Fw9b=159%2BSMuphQGRKZsfyy9DDeqGMxn=p1BA@mail.gmail.com> <D214715D.1A32%xaol@amazon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8 September 2015 at 19:14, Li, Xiao <xaol@amazon.com> wrote: > Hi Igor, > > Thanks for the suggestion! I=C2=B9m trying to achieve that the data could= only > be accessed in a trusted booted system and cannot be decrypted when the > startup disk is a cold storage device. Something like FileVault on Mac OS > X (https://support.apple.com/en-us/HT204837). Please read Apple's blurb- your logging in unlocks the FileVault; if you forget your login password (and you haven't set up password recovery) you data is just a source of entropy. I suspect what they did was that their uefi loader logs you in and decrypts the drive. --=20 Igor M.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADWvR2iVubsBQjnvQ8mDGGS7ujsR8wPQ2RAxn=kvFkmVGQkXiQ>