Date: Tue, 8 Sep 2015 15:32:28 -0500 From: Alan Amesbury <amesbury@oitsec.umn.edu> To: freebsd-hackers@freebsd.org, xaol@amazon.com Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <4B1D3515-2C6F-48C2-9773-7E4E9C686135@oitsec.umn.edu> In-Reply-To: <55ef3eef.qeb%2BJh3sjv8B9NgH%perryh@pluto.rain.com> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> <CADWvR2iv7xz02Fw9b=159%2BSMuphQGRKZsfyy9DDeqGMxn=p1BA@mail.gmail.com> <D214715D.1A32%xaol@amazon.com> <D2147620.1A4A%xaol@amazon.com> <55ef3eef.qeb%2BJh3sjv8B9NgH%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 8, 2015, at 15:02 , Perry Hutchison <perryh@pluto.rain.com> = wrote: > I think this is fundamentally impossible* to do, with any real > security. It is like stashing a key to your house somewhere in > the barn: you think no one else knows where that key is, but > anyone who figures out what you've done can get in. >=20 > In Apple's scheme, at least the house key is in a lockbox -- the > login password is the key to the lockbox -- but even there the > hard drive encryption is ultimately only as strong as the login > password. [snip] I think there's a difference between Apple's FileVault and FileVault 2. = I recall the former booting completely to a login prompt, i.e., the OS = was running and everything but home directories were accessible once the = boot process was completed. Logging in caused home directories to = become available, probably through using the user's password to decrypt = a copy of the disk encryption key (as has already been described). I = thought there was also a recovery partition. I could very well be wrong = about this, though; it's been some time since I saw FileVault. FileVault 2 appears to encrypt the entire drive, including the OS. = Booting the system to its normal state is not possible without user = interaction; you have to enter your password to allow the boot process = to decrypt the key that's used to decrypt the rest of the filesystem = containing the normal operating environment. It looks like there's no = recovery partition, either, at least under Yosemite (v10.10.x), even = though there appears to be one on disk; it doesn't show up as a boot = option when the option key is pressed at boot. The only options given = are to boot from the drive normally (which prompts for a password), or = boot from the network. I agree that it seems unlikely to be able to have a system boot without = user interaction unless the key is stored in plaintext somewhere that = the boot process can retrieve it... which means it's likely accessible = to other things, too. --=20 Alan Amesbury University Information Security http://umn.edu/lookup/amesbury
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B1D3515-2C6F-48C2-9773-7E4E9C686135>