Date: Tue, 2 Aug 2005 15:11:23 -0400 From: Allan Fields <bsd@afields.ca> To: "Ronnel P. Maglasang" <rmaglasang@infoweapons.com> Cc: Alexander Leidinger <Alexander@Leidinger.net>, freebsd-geom <freebsd-geom@freebsd.org>, Pawel Jakub Dawidek <pjd@freebsd.org>, freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re: booting gbde-encrypted filesystem Message-ID: <20050802191123.GC230@afields.ca> In-Reply-To: <42EEDABE.7080402@infoweapons.com> References: <42E9BC12.2050401@infoweapons.com> <20050729065357.GA617@darkness.comp.waw.pl> <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net> <42EEDABE.7080402@infoweapons.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--tsOsTdHNUZQcU9Ye Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 02, 2005 at 10:30:22AM +0800, Ronnel P. Maglasang wrote: > What I had in mind is perhaps I could find a way to > enter the passphrase at the loader prompt, or configure > the loader to get the passphrase from an external > device or hardcoded the passphrase in the bootloader(really > insecure). I understand you model which is to have something required to ensure the disks cannot be read w/o physical token. Theoretically the loader could allow you to fetch some memory address and insert it into a boot variable. If you just want to ensure a token is required to enable access to a machine you could add something in the root-FS patch which reads directly from the hardware device, though this is before the full device infrastructure is bootstrapped IRC. What about the idea of adding support for HSM and TPMs? Hardware keystores and other similar authentication mechanisms which push a key into a secure memory accessible by the crypto API might be the answer. I am looking at similar solutions. My idea is to enable remote authentication through a secure means. So there are multiple options: to secure console access. * Some IPMI hardware has an ethernet accessible console, that can then be routed through a secure tunnel. * There is the idea of ethercons if it can be extended to support encryption. * A serial console can be accessed through another machine securely This one has been around since a few years back, but the below patch brings it closer to being workable. > Alexander Leidinger wrote: >=20 > >Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > > > >>This is not not possible with current GBDE. > >>I've patches which allows this here: > >> > >> http://people.freebsd.org/~pjd/patches/gbde.patch > > > > > >I fail to see how this allows an encryted root-FS, it doesn't add gbde > >support to boot0(ext) or to the loader. It needs access to an unencrypted > >kernel. I don't think this is what Ronnel had in mind (overlooking the= =20 > >fact > >that his suggestion to save the passphrase in the loader is insecure). An unencrypted kernel can be read off of another device and then used to mount the encrypted root. > >Bye, > >Alexander. > > -- = = =20 Allan Fields (afields) - Ottawa, Canada (45"10'N 75"56'W) = = =20 Himeji Systems http://himejisystems.com = = =20 Afields Research/AFRSL http://afields.ca=20 --tsOsTdHNUZQcU9Ye Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQFC78Va90UNcjm0VUERAiJQAJ0aSaKz1Jjpb7tpJy4U/8pjbmRITACgnXhk NYXLREie0vwpa+/Zd3/ery8= =JLPk -----END PGP SIGNATURE----- --tsOsTdHNUZQcU9Ye--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050802191123.GC230>