Musings about on-disk encryption in Fedora Core
Alan Cox
alan at redhat.com
Tue Jul 6 15:20:44 UTC 2004
On Tue, Jul 06, 2004 at 10:18:02AM +1000, Russell Coker wrote:
> On Tue, 6 Jul 2004 05:12, Alan Cox <alan at redhat.com> wrote:
> > /boot on the other hand cannot be encrypted usefully without hardware
> > key systems because then you cannot boot off it.
>
> For a really secure system you have to boot from removable or read-only media.
It depends on the problem you wish to solve
Problem 1 is the "stolen laptop" problem. You want to be sure they can't
get the data off it.
Problem 2 is the "if someone takes it and puts it back" problem. You can't
solve this because I can flash you a new bios with alternative APM hooks or
similar. And - ironically - its easier to patch a bios and reflash it than
to do many of the fancier kernel hacking tricks.
More information about the devel
mailing list