From owner-freebsd-hackers@FreeBSD.ORG  Tue Aug  2 19:11:25 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9962316A41F;
	Tue,  2 Aug 2005 19:11:25 +0000 (GMT)
	(envelope-from afields@afields.ca)
Received: from afields.ca (afields.ca [216.194.67.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 36B1C43D45;
	Tue,  2 Aug 2005 19:11:25 +0000 (GMT)
	(envelope-from afields@afields.ca)
Received: from afields.ca (localhost.afields.ca [127.0.0.1])
	by afields.ca (8.12.11/8.12.11) with ESMTP id j72JBOna097156;
	Tue, 2 Aug 2005 15:11:24 -0400 (EDT)
	(envelope-from afields@afields.ca)
Received: (from afields@localhost)
	by afields.ca (8.12.11/8.12.11/Submit) id j72JBNFx097155;
	Tue, 2 Aug 2005 15:11:23 -0400 (EDT) (envelope-from afields)
Date: Tue, 2 Aug 2005 15:11:23 -0400
From: Allan Fields <bsd@afields.ca>
To: "Ronnel P. Maglasang" <rmaglasang@infoweapons.com>
Message-ID: <20050802191123.GC230@afields.ca>
References: <42E9BC12.2050401@infoweapons.com>
	<20050729065357.GA617@darkness.comp.waw.pl>
	<20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net>
	<42EEDABE.7080402@infoweapons.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="tsOsTdHNUZQcU9Ye"
Content-Disposition: inline
In-Reply-To: <42EEDABE.7080402@infoweapons.com>
User-Agent: Mutt/1.4i
Cc: Alexander Leidinger <Alexander@Leidinger.net>,
	freebsd-geom <freebsd-geom@freebsd.org>,
	Pawel Jakub Dawidek <pjd@freebsd.org>,
	freebsd-hackers <freebsd-hackers@freebsd.org>
Subject: Re: booting gbde-encrypted filesystem
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2005 19:11:25 -0000


--tsOsTdHNUZQcU9Ye
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 02, 2005 at 10:30:22AM +0800, Ronnel P. Maglasang wrote:
> What I had in mind is perhaps I could find a way to
> enter the passphrase at the loader prompt, or configure
> the loader to get the passphrase from an external
> device or hardcoded the passphrase in the bootloader(really
> insecure).

I understand you model which is to have something required
to ensure the disks cannot be read w/o physical token.

Theoretically the loader could allow you to fetch some memory address
and insert it into a boot variable.

If you just want to ensure a token is required to enable access
to a machine you could add something in the root-FS patch which
reads directly from the hardware device, though this is before
the full device infrastructure is bootstrapped IRC.

What about the idea of adding support for HSM and TPMs?  Hardware
keystores and other similar authentication mechanisms which push a
key into a secure memory accessible by the crypto API might be the
answer.

I am looking at similar solutions.  My idea is to enable remote
authentication through a secure means.  So there are multiple options:
to secure console access.

* Some IPMI hardware has an ethernet accessible console, that can
then be routed through a secure tunnel.

* There is the idea of ethercons if it can be extended to support
encryption.

* A serial console can be accessed through another machine securely

This one has been around since a few years back, but the below
patch brings it closer to being workable.


> Alexander Leidinger wrote:
>=20
> >Pawel Jakub Dawidek <pjd@freebsd.org> wrote:
> >
> >>This is not not possible with current GBDE.
> >>I've patches which allows this here:
> >>
> >>    http://people.freebsd.org/~pjd/patches/gbde.patch
> >
> >
> >I fail to see how this allows an encryted root-FS, it doesn't add gbde
> >support to boot0(ext) or to the loader. It needs access to an unencrypted
> >kernel. I don't think this is what Ronnel had in mind (overlooking the=
=20
> >fact
> >that his suggestion to save the passphrase in the loader is insecure).

An unencrypted kernel can be read off of another device and then used
to mount the encrypted root.

> >Bye,
> >Alexander.
> >

--                                                                         =
                                                                           =
         =20
Allan Fields (afields)                  - Ottawa, Canada (45"10'N 75"56'W) =
                                                                           =
         =20
 Himeji Systems                         http://himejisystems.com           =
                                                                           =
         =20
 Afields Research/AFRSL                 http://afields.ca=20

--tsOsTdHNUZQcU9Ye
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQFC78Va90UNcjm0VUERAiJQAJ0aSaKz1Jjpb7tpJy4U/8pjbmRITACgnXhk
NYXLREie0vwpa+/Zd3/ery8=
=JLPk
-----END PGP SIGNATURE-----

--tsOsTdHNUZQcU9Ye--