1 |
On Tue, Dec 29, 2015 at 5:57 PM, Andrew Savchenko <bircoph@g.o> wrote: |
2 |
> |
3 |
> Though I see little point in whole / encryption. What is the |
4 |
> point to encrypt /usr, /lib, /bin, /sbin? Just do this |
5 |
> to /home, /var and other sensitive pieces. |
6 |
> |
7 |
|
8 |
An obvious advantage is to prevent rootkits, at least while the system |
9 |
is not running under your control. Of course, you'd need to control |
10 |
the entire boot chain for that. If you just use grub to decrypt your |
11 |
boot partition then you're still vulnerable to the bootloader being |
12 |
tampered with. |
13 |
|
14 |
A hard drive password is indeed another approach, and that would |
15 |
protect against offline attacks as long as you trust the drive vendor. |
16 |
|
17 |
If you use UEFI or a TPM those also provide protection against |
18 |
tampering, but I've yet to hear of anybody actually accomplishing this |
19 |
on linux with a TPM. On windows full-disk encryption backed by a TPM |
20 |
is fairly common - I think it even supports it out of the box. For |
21 |
Linux you need to use trusted grub and enable support in your kernel |
22 |
and initramfs. I have no idea how hard that is to set up (basically |
23 |
you encrypt the disk and store the key in the TPM, and then the TPM |
24 |
only provides the key if the system is booted with the same |
25 |
bootloader+kernel+initramfs. I imagine kernel updates get tricky in |
26 |
such a design, but it has the advantage of being completely |
27 |
transparent to the user. |
28 |
|
29 |
-- |
30 |
Rich |