[Freedombox-discuss] DreamPlugs arrived this week, work fine. Network experiment?
On Wed, 13 Apr 2011 15:16:39 +0200, bertagaz at ptitcanardnoir.org wrote:
> Maybe one way to start working on the freedombox with this plug you
> received might be to install debian on it, with encrypted rootfs, and then
> install a bunch of the software/services listed on the wiki, with minimal
> configuration and try to benchmark it to see how it behaves.
Just out of curiosity, why encrypt the rootfs?
I'd be mildly concerned that one is reducing the reliability and
performance of the system for no real gain.
One needs to choose whether to put the keys on the box (and so render
the encryption rather pointless) or to insist that one enters a passphrase
on reboot, and thus render the system unable to do an unattended reboot.
Also, if the reason for FB is to keep data safe from serious people from
the TLAs, I'm sure they're capable of swiping the machine while keeping
it powered up, and so preserving a filesystem key in RAM.
Also, also, if you are worrying about them swiping the storage and
attacking that, then you have given them a load of known plain-text by
encrypting the whole operating system, which seems unwise -- it would be
better to only encrypt the actual secrets, rather than /bin/bash etc..
I'm not saying that one should not for instance use encrypted file
systems on your laptop, if you're planning on carrying it around with
you, but the point of FB seems to be that it remain locked inside your
house, so having it able to boot back up after a power interruption
seems like a more useful feature.
|)| Philip Hands [+44 (0)20 8530 9560] http://www.hands.com/
|-| HANDS.COM Ltd. http://www.uk.debian.org/
|(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND