Re: booting gbde-encrypted filesystem

看板FB_security作者時間20年前 (2005/07/29 19:53), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/6 (看更多)
In message <20050729134548.1cc28dr8gg0k4k0g@netchild.homeip.net>, Alexander Leidinger writes: >Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > >> This is not not possible with current GBDE. >> I've patches which allows this here: >> >> http://people.freebsd.org/~pjd/patches/gbde.patch > >I fail to see how this allows an encryted root-FS, it doesn't add gbde >support to boot0(ext) or to the loader. It needs access to an unencrypted >kernel. I don't think this is what Ronnel had in mind (overlooking the fact >that his suggestion to save the passphrase in the loader is insecure). There is a difference between loading the kernel from an encrypted volume (very hard!) and mounting the root filesystem from an encrypted volume (possible with pawels patch. Now of course, if your kernel has been trojaned, you're in trouble, but then again, most people just worry about their data if the machine gets stolen. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 phk. 的文章
文章代碼(AID): #12wXZH00 (FB_security)
更多 phk. 的文章
文章代碼(AID): #12wXZH00 (FB_security)