[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux disk partition encryption

On Wed, 26 Jan 2011 23:24:07 +0100
Jochen Schulz <ml@well-adjusted.de> wrote:

> Celejar:
> > Brad Alexander <storm16@gmail.com> wrote:
> > 
> >> Linux admins used LUKS, and as a further step, I put /boot (the only
> >> partition that cannot be encrypted) on a USB stick, so that if anyone
> >> got the laptop, they had no access to the data.
> > 
> > Why does putting /boot on a USB stick gain you anything?
> 
> Because an unencrypted /boot may be altered by an attacker without you
> noticing it.  Theoretically, the kernel may be replaced by another one
> that reports your passphrase to the attacker.

Oh, basically the Evil Maid attack.  Fair enough.  But then you have to
make sure the attacker can't flash the BIOS ...

Celejar
-- 
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: