Date: Tue, 8 Sep 2015 13:22:41 -0700 From: Analysiser <analysiser@gmail.com> To: Richard Hodges <richard@hodges.org> Cc: freebsd-hackers@freebsd.org, Igor Mozolevsky <igor@hybrid-lab.co.uk> Subject: Re: Passphraseless Disk Encryption Options? Message-ID: <98EEAA48-2C2C-4CBC-BBAF-F57D5F74464A@gmail.com> In-Reply-To: <201509081352.25700.richard@hodges.org> References: <8B7FEE2E-500E-49CF-AC5E-A2FA3054B152@gmail.com> <CADWvR2iVubsBQjnvQ8mDGGS7ujsR8wPQ2RAxn=kvFkmVGQkXiQ@mail.gmail.com> <D2147761.1A53%xaol@amazon.com> <201509081352.25700.richard@hodges.org>
next in thread | previous in thread | raw e-mail | index | archive | help
To Brandon and Igor,=20 Thanks for your pointing out about the facts of FileValut and yes I = understood your point in indicating the login IS the decryption process. = That is merely an appearance I think that *looks* something I would like = to have. I cannot have a login as the decryption process so it has to be = done somewhere before login. To Nik, Thanks for the suggestion at it looks very feasible. I=92m thinking it = might needs a strong algorithm to calculate the passphrase with some = rotating secret. I think I could test this way first. To Richard, Thank you for the suggestion. I believe that we have a secure boot = protected by the TPM. I think I could trust the motherboard and if = someone steals the TPM module the system would absolutely fail to boot. = I have some programs that relies on TPM attestation too that could = report the system status to a remote attester. However, since the = programs are not checking everything in OS I=92m hoping to perform a = startup disk encryption to further prevent unwanted alterations on the = files or executables in OS that might perform attacks. The device is = headless in that it has no exposed optical disks, usb ports, video = outputs=85 I like the idea of self-destruct USB stick idea but I cannot = have it :D Thanks again! Xiao=20 =20 > On Sep 8, 2015, at 12:52 PM, Richard Hodges <richard@hodges.org> = wrote: >=20 > On Tuesday 08 September 2015,"Li, Xiao via freebsd-hackers" = <freebsd-hackers@freebsd.org>=20 > wrote: >> Agreed, that=B9s why I=B9m stuck in here: it seems like something = either >> unachievable or haven=B9t been done before.=20 >=20 > The decryption key has to come from somewhere. Usually someone types = it in, but they key=20 > could be on removable media, like a USB memory stick, a CD ROM, = floppy, etc. >=20 > I think you hinted at secure boot. Do you trust the security of the = motherboard? But if=20 > someone steals your hard drives, can't they also steal your other = hardware? >=20 > It might be interesting to think about an external key, such as in a = USB stick, that could=20 > be set to self-destruct (eg, overvoltage) coupled with a tamper = sensor. >=20 > If you could describe your threat model in more detail, and tell = exactly what parts are=20 > trusted, someone might have a helpful idea. >=20 > -Richard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98EEAA48-2C2C-4CBC-BBAF-F57D5F74464A>