Date: Wed, 24 Oct 2007 19:38:58 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Daniel Marsh <jahilliya@gmail.com> Cc: Steve Bertrand <iaccounts@ibctech.ca>, freebsd-questions@freebsd.org Subject: Re: Booting a GELI encrypted hard disk Message-ID: <20071024173858.GA1119@garage.freebsd.pl> In-Reply-To: <ba5e78ea0710240946m41582e38g6507df7fe53b1016@mail.gmail.com> References: <470CCDE2.9090603@ibctech.ca> <20071010175349.GB9770@slackbox.xs4all.nl> <20071022174629.GA1118@garage.freebsd.pl> <1799.208.70.104.211.1193103682.squirrel@webmail.ibctech.ca> <ba5e78ea0710240946m41582e38g6507df7fe53b1016@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 25, 2007 at 12:46:53AM +0800, Daniel Marsh wrote: > Even if all data on a drive is encrypted, the partition table is not. > Software based disk encryption works on partitions. That's not true. One can configure full disk encryption using GELI. To do it you need to have a small USB pen-drive or CD-ROM with /boot/ directory, but that's all you need. Then you actually boot from your unencrypted pen-drive, but mount all file systems from encrypted disk. The pen-drive is not needed for your system to run and you can be easly take it with you, which is not always the case for your laptop. > How far into the boot sequence do you get before your system crashes with= out > the key present? > I would assume as far as reading the / partition to get the kernel etc... >=20 > It would have read the partition table and the boot loader, known which > partition was the "active" partition and tried booting it. >=20 > Now, to identify what OS this disk has on it you can check the partition > table and see what "type" has been set for each slice/partition. > You will be able to see that there is a BSD style slice on the disk just = by > running `fdisk /dev/mystolendiskdevice` > You now know it's a BSD OS, you could then make a guess as to what version > of BSD by the type of machine it was taken from, based on what hardware is > supported by each BSD. >=20 > I believe their slices and layout are identical but the file systems diff= er. >=20 > The person with your disk could then start trying to determine what kind = of > disk encryption is in place. That's all irrelevant. Security of GELI (or any sane cryptographic system) doesn't depend on secrecy of algorithms used. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --HlL+5n6rz5pIUxbD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHH4MxForvXbEpPzQRAhe2AKCNLikEUlPB/s3PguNOugFt0qfgpgCgrrhv mlH66sTt4Dr47U3puGx8Xqw= =cr73 -----END PGP SIGNATURE----- --HlL+5n6rz5pIUxbD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071024173858.GA1119>