| 1 |
On Tue, Dec 29, 2015 at 5:57 PM, Andrew Savchenko <bircoph@g.o> wrote: |
| 2 |
> |
| 3 |
> Though I see little point in whole / encryption. What is the |
| 4 |
> point to encrypt /usr, /lib, /bin, /sbin? Just do this |
| 5 |
> to /home, /var and other sensitive pieces. |
| 6 |
> |
| 7 |
|
| 8 |
An obvious advantage is to prevent rootkits, at least while the system |
| 9 |
is not running under your control. Of course, you'd need to control |
| 10 |
the entire boot chain for that. If you just use grub to decrypt your |
| 11 |
boot partition then you're still vulnerable to the bootloader being |
| 12 |
tampered with. |
| 13 |
|
| 14 |
A hard drive password is indeed another approach, and that would |
| 15 |
protect against offline attacks as long as you trust the drive vendor. |
| 16 |
|
| 17 |
If you use UEFI or a TPM those also provide protection against |
| 18 |
tampering, but I've yet to hear of anybody actually accomplishing this |
| 19 |
on linux with a TPM. On windows full-disk encryption backed by a TPM |
| 20 |
is fairly common - I think it even supports it out of the box. For |
| 21 |
Linux you need to use trusted grub and enable support in your kernel |
| 22 |
and initramfs. I have no idea how hard that is to set up (basically |
| 23 |
you encrypt the disk and store the key in the TPM, and then the TPM |
| 24 |
only provides the key if the system is booted with the same |
| 25 |
bootloader+kernel+initramfs. I imagine kernel updates get tricky in |
| 26 |
such a design, but it has the advantage of being completely |
| 27 |
transparent to the user. |
| 28 |
|
| 29 |
-- |
| 30 |
Rich |
Archives