Re: Linux disk partition encryption
On Wed, 26 Jan 2011 23:24:07 +0100
Jochen Schulz <ml@well-adjusted.de> wrote:
> Celejar:
> > Brad Alexander <storm16@gmail.com> wrote:
> >
> >> Linux admins used LUKS, and as a further step, I put /boot (the only
> >> partition that cannot be encrypted) on a USB stick, so that if anyone
> >> got the laptop, they had no access to the data.
> >
> > Why does putting /boot on a USB stick gain you anything?
>
> Because an unencrypted /boot may be altered by an attacker without you
> noticing it. Theoretically, the kernel may be replaced by another one
> that reports your passphrase to the attacker.
Oh, basically the Evil Maid attack. Fair enough. But then you have to
make sure the attacker can't flash the BIOS ...
Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: