Complete GBDE / GELI encryption for systems without removable local boot tokens (aka USB drives)



Speaking of GELI / GBDE. I was reading Marc's excellent paper on
Complete harddrive encryption for FreeBSD using GBDE/GELI and the
problem I have is it all depends on a bootable removable token that can
by physically secured. While an excellent solution for laptop /
desktop users it just doesn't work with a remote colo users. No way
you can physically remove your unsecure boot token or at least not
remove it and hope to recover remotely from a panic / reboot / failure
in a timely manner. Anybody have any ideas on a solution how to do
this with a colo'd server. Ideally you could, during boot, send some
token (or lock file) via ssh or other secure method but boot does not
currently support this.

Other ideas considered and thrown out:

- Boot your system as you would a headless system. The problem is how
do you securely get your unsecure boot image from A to B (as it
contains your keys and lock files). This fails as some local attacker
could just stick a hub between your boot server and server and pull
your unsecure image during a reboot.

- Intel's secure boot (forgot what the tech is called, want to say
PXE). Doesn't work as this only verifies the images checkum. Sure we
know the image wasn't tampered with but the attacker still has your
keys.

Cheers,

-Peter
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: Password Security
    ... > I need to secure my data and server. ... > I am going to place my FreeBSD server at a shared place? ... > or make it possible that booting in Single user mode, ... boot, there isn't any security in this kind of environment. ...
    (freebsd-questions)
  • Re: stock f20 bootloader not signed
    ... As I understand it Fedora paid Microsoft to register their key so Secure ... Boot does indeed work with Fedora. ... Secure Boot is not meant to verify signature of Linux bootloader (GRUB) ...
    (Fedora)
  • Re: Ubuntu on UEFI and Win 8
    ... Secure boot is required for Windows 8 Certification. ... It is not required for Windows 8 to boot, and it should be possible to turn off in BIOS. ...
    (Ubuntu)
  • Re: [SLE] laptop security
    ... the key so I don't have to enter it each time I boot (only if I am ... (internal ops and the internet). ... group to encrypt their email. ... He forgot to secure the key in anyway... ...
    (SuSE)
  • F18+Windows7+"Secure boot not enabled"
    ... When starting the laptop F2 opens the Phoneix setup menu, ... sub-menu there is not option to enable "secure boot". ... F18 documentation as I made the assumption that if I can't boot from the ...
    (Fedora)