[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != ro
|
From: |
Robert Millan |
|
Subject: |
Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading) |
|
Date: |
Sun, 3 Aug 2008 14:23:11 +0200 |
|
User-agent: |
Mutt/1.5.13 (2006-08-11) |
On Sun, Aug 03, 2008 at 02:08:33PM +0200, Robert Millan wrote:
>
> This line of thinking is what is commonly used to justify draconian measures
> (i.e. Treacherous Computing) but it doesn't make any sense. If your security
> policy is such that you don't trust users with physical access, try any of
> the following:
>
> - Crypt your whole disk. Have your /boot in a usb drive you carry with you.
>
> - Remove your CD drive and unexpose USB slots (use locks or if really
> paranoid
> sink your board in concrete).
Or use a crypto module where you load a key from a secure environment and use
that to implement measurement during boot. The TPM could have become such
module, but they decided to cripple it by:
a) Loading the key themselves.
b) Not giving you a copy of the key.
I still hope sooner or later a sane company (that is, one that understands
basic rights like ownership) will manufacture modules for this purpose.
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."