1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 04.09.2012 20:48, Michael Hampicke wrote: |
5 |
>> In theory grub2 is able to open a luks-encrypted volume though |
6 |
>> it seems to have some disadvantages: you'll need to enter the |
7 |
>> passphrase (or pass the keyfile) two times, because grub itself |
8 |
>> needs to decrypt the volume to get the later stages from the |
9 |
>> encrypted volume and afterwards the decryption in the bootprocess |
10 |
>> itself takes place. |
11 |
>> |
12 |
>> I can't give any real advice about it though, because I use an |
13 |
>> unencrypted boot partition. Depending on your needs it could be |
14 |
>> an increase of security, because you can stop an attacker from |
15 |
>> injecting malicious code into your kernel (or replace it |
16 |
>> completely). |
17 |
> |
18 |
> I don't think so, I still can replace your bootloader and grab |
19 |
> your password. If you really think you might need something like |
20 |
> this, I suggest you put your kernel and bootloader on a USB stick |
21 |
> and boot your machine from that. When not in use keep the stick on |
22 |
> your person. |
23 |
> |
24 |
> That still does not protect you from physically tempering with your |
25 |
> device. |
26 |
> |
27 |
> Anyway, what about one those fancy tin foil hats to protect |
28 |
> oneself against the governments mind control rays :) |
29 |
> |
30 |
|
31 |
Ah yes - the aluminium foil deflector beanie |
32 |
(http://zapatopi.net/afdb/)... |
33 |
|
34 |
I just use it, when going out of my house or when updating my |
35 |
MindGuard (http://zapatopi.net/mindguard/) |
36 |
|
37 |
|
38 |
Enough fun - I just wanted to name the possibility because it's there |
39 |
and it would't require you to repartition your drive. |
40 |
I think it would be an increase in security nonetheless, though you're |
41 |
correct: there are a lot more possible attack vectors with side |
42 |
channel stuff getting very freaky indeed (i.e.: there is an |
43 |
interesting paper about using the gyroscopes of a mobile telephone to |
44 |
make a (>80%) correct guess about the pressed key) |
45 |
|
46 |
-----BEGIN PGP SIGNATURE----- |
47 |
Version: GnuPG v2.0.19 (GNU/Linux) |
48 |
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ |
49 |
|
50 |
iQEcBAEBAgAGBQJQRl/GAAoJEJwwOFaNFkYcHbcH/i5ncHgButsE3ximu7Mdm113 |
51 |
ly0JVbINO4Bc7mkzj9eQAI8Ewr3JYhTpxpShfmWGGSBTTaAwltp1pYt+bj7xw3/E |
52 |
+euJGjfffmcxsBkLtlaI5SQHvO/fNiKZ8cAga++HXtxWoJ/DTN5UBEmzI6xXm3Tk |
53 |
RA6kGCDukiSpo4VjsfBMz1h8O9vtr2cgj4HlnOjNByzeSWk40XC9jKlSCLgjpkTp |
54 |
pJNvY0qHE7hMZoH+S9Ai3ZDtDgHpcdtSCslJGiOGh16BBzhOyunDdj1SVfkSq0bg |
55 |
1vKnqT6zQS0vSl3JyoP9zc8MOW9/IwK2anKRHhE817Y9rXrawsx1QwPu6xVLxe0= |
56 |
=0NRV |
57 |
-----END PGP SIGNATURE----- |