...and on Fri, Mar 05, 2004 at 02:31:50PM +0000, Dave Ewart used the keyboard:
>
> I'm not sure I get your point, Grega - are you suggesting that using
> LoopAES is a good idea and that a system with LoopAES should also boot
> up automatically?
>
> I don't understand that at all. If it boots up automatically, then the
> encryption is effectively transparent and pointless. All data on the
> disk is 'pre-decrypted', very conveniently for whoever has just stolen
> the server/disk.
>
> If you're using LoopAES, it should *require* manual intervention, i.e.
> passphrase to be entered. If you want the system to boot up
> automatically, using LoopAES is redundant and so should not be used.
Darn, you made me shorten my hefty post into ten lines. :-(
Just when I I was beginning to like it the way it was... :)
Mind, this is not only in reference to LoopAES.
All I'm saying is that good local security _can_ provide for lack of any
kind of interactive unlock procedure during boot in case the piece of
information required to un(b)lock access to encrypted media can be securely
stored and used by the boot loader in a non-revelatory manner, for example
by pushing the authentication process one step down. One example of that
would be a PSK-protecting boot loader (for boot arguments) and some sort
of key-encrypted boot loader config file.
That way, even if someone can boot the Damn Thing [tm], they can not log
into the system and access the protected data, nor do they have access to
information required to access unencrypted data (passphrases, keys, ...).
Cheers,
--
Grega Bremec
Senior Administrator
Noviforum Ltd., Software & Media
http://www.noviforum.si/
