Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
-----BEGIN PGP SIGNED MESSAGE-----
On 27/09/18 03:17, Jonathan Dowland wrote:
> On Wed, Sep 26, 2018 at 06:14:42PM +0200, deloptes wrote:
>> so how can we do it with initram and without some external key
>> server? Imagine I have only boot not encrypted on the server. I
>> want to boot the machine and get a prompt via SSH or something
>> like SSH, where I can type in the password and decrypt root and
>> all other volumes. I do not want to store password or anything
>> sensitive in the boot directory. I can imagine one time ssh
>> created when you try to login, but it is still not secure
> What you describe is exactly how the dropbear/initramfs
> integration works. The data stored in /boot is the initramfs, and
> within that, the only material you might consider sensitive is an
> SSH server keypair (public&private) for the SSHD instance in the
> initramfs environment - this does not need to be the same as for
> your running system; and an authorized_keys file, containing your
> SSH *public* key. Are those too sensitive for you?
The biggest weakness with the Dropbear setup is that the initramfs is
stored on an unencrypted partition (no matter which file system is
used). That means that someone with physical access can rebuild the
initramfs and include their own key as well as other stuff to
compromise the security of the server.
Aside from the fact that the IME is suspect, it would be great if grub
can be, somehow, given a method that allows for full disk encryption
which will include everything in /boot -- especially initramfs.
Even so, then grub might have another attack vector of itself. But it
would at least allow for encrypted /boot ...
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----