Re: LVM+RAID+CRYPT

To: debian-user@lists.debian.org
Subject: Re: LVM+RAID+CRYPT
From: Matthew Moore <anonymous.jondoe@gmail.com>
Date: Fri, 8 Jan 2010 11:49:35 -0700
Message-id: <[🔎] 201001081149.35144.anonymous.jondoe@gmail.com>
In-reply-to: <[🔎] 201001081241.55019.sjors@desjors.nl>
References: <[🔎] 201001081213.14162.sjors@desjors.nl> <[🔎] 4B47166D.8070401@hardwarefreak.com> <[🔎] 201001081241.55019.sjors@desjors.nl>

On Friday January 8 2010 4:41:54 am Sjors van der Pluijm wrote:
> Just found out that /boot should not be in LVM because bootloaders might
>  not understand it. /boot unencrypted does not seem to be the end of the
>  world. http://tldp.org/HOWTO/LVM-HOWTO/benefitsoflvmsmall.html

Since we are being paranoid, what happens if the NSA breaks into your home 
when you are asleep and installs a hypervisor on your /boot that records your 
password/keyfile next time you derypt?

The way that I have heard to prevent this type of attack is to store checksums 
of every file in /boot on the encrypted partition and then verify those 
checksums on startup.

MM

Reply to:

Follow-Ups:
- Re: LVM+RAID+CRYPT
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: LVM+RAID+CRYPT
  - From: Celejar <celejar@gmail.com>

References:
- LVM+RAID+CRYPT
  - From: Sjors van der Pluijm <sjors@desjors.nl>
- Re: LVM+RAID+CRYPT
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: LVM+RAID+CRYPT
  - From: Sjors van der Pluijm <sjors@desjors.nl>

Prev by Date: Re: Problems with the install kernel on serverworks chipset.
Next by Date: Sound problem
Previous by thread: Re: LVM+RAID+CRYPT
Next by thread: Re: LVM+RAID+CRYPT
Index(es):
- Date
- Thread