Date: Mon, 13 Mar 2006 04:07:13 -0800 (PST) From: Peter Thoenen <eol1@yahoo.com> To: freebsd-security@freebsd.org Cc: m.schiesser@quantentunnel.de Subject: Complete GBDE / GELI encryption for systems without removable local boot tokens (aka USB drives) Message-ID: <20060313120713.7524.qmail@web51904.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Speaking of GELI / GBDE. I was reading Marc's excellent paper on Complete harddrive encryption for FreeBSD using GBDE/GELI and the problem I have is it all depends on a bootable removable token that can by physically secured. While an excellent solution for laptop / desktop users it just doesn't work with a remote colo users. No way you can physically remove your unsecure boot token or at least not remove it and hope to recover remotely from a panic / reboot / failure in a timely manner. Anybody have any ideas on a solution how to do this with a colo'd server. Ideally you could, during boot, send some token (or lock file) via ssh or other secure method but boot does not currently support this. Other ideas considered and thrown out: - Boot your system as you would a headless system. The problem is how do you securely get your unsecure boot image from A to B (as it contains your keys and lock files). This fails as some local attacker could just stick a hub between your boot server and server and pull your unsecure image during a reboot. - Intel's secure boot (forgot what the tech is called, want to say PXE). Doesn't work as this only verifies the images checkum. Sure we know the image wasn't tampered with but the attacker still has your keys. Cheers, -Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060313120713.7524.qmail>