If your server can reboot without a human being present to enter a password, what's to stop someone who steals your server to obtain access to the data?
The FDE does NOT protect your data against hackers - if they hack your running system, they have access to all data that your application has access to as well.
FDE only has something to offer against an adversary getting physical access to an *in-active*/un-mounted disk. And even then, only if the required credentials are *not* stored on/with the same system.
Rgds,
Jeroen
-----Original message-----
To: debian-security@lists.debian.org;
From: Thomas Nguyen Van <t.nguyenvan@jumper.ie>
Sent: Mon 24-01-2011 09:15
Subject: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny
Good morning
Our company needs to encrypt hard drives on our machines running under Linux Debian Lenny.
Seagate proposes FDE solutions with Momentus 5400 and/or 7200 (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_ii_sq_kit.pdf)
This solution is very interesting because the password or the passphrase is not stored on the hard drive but in the BIOS in their case. So that a server can reboot without any human intervention.
However, this solution only works under windows !! They don't plan to support under linux such a disk. :o(
So my question is : could you suggest another FDE solution compliant with a Lenny distribution?
Thanks in advanceThomas NGUYEN VAN