On Thu, Oct 18, 2007 at 09:51:45PM +0200, Michael Heide wrote: > I was concerned about the fact, that there is one simple way to circumvent the hole encryption system if someone has physical access to the pc: to simply replace the kernel or initrd at the boot partition to include some trojan horses, or something else... Filesystem encryption does *not* protect against trojan horses and similar kind of malware. It serves other purposes, for example prevention of offline attacks and data leakage. In theory, any file in use in the running system (and therefore unencrypted) can be targeted by a trojan horse. Even if you are able to encrypt the boot partition what about the code in the MBR? If you are concerned about the physical security of a system you can't solve it just with software. Rather look for access restrictions to the hardware, chassis lock and intrusion sensors, disabled alternative boot methods, restrictions on BIOS and bottloader level. > It simply checks the md5sum of all files in /boot and if there are new or vanished files. > It has to be run after every kernel update, needless to say. This is better achieved with integrity checkers like aide or tripwire. Note that the difficult task is not to create the checksums but to store it in a secure but accessible location. Even an integrity check during kernel boot is no help to ensure a trusted boot process (consider virtualization attacks at the bios/boot loader level). An older but good starting point for this topic is http://www.cis.upenn.edu/~waa/aegis.ps Also have a look what the TCG made out of it. Michel
Attachment:
signature.asc
Description: Digital signature