booting gbde-encrypted filesystem

Allan Fields bsd at afields.ca
Tue Aug 2 19:11:25 GMT 2005


On Tue, Aug 02, 2005 at 10:30:22AM +0800, Ronnel P. Maglasang wrote:
> What I had in mind is perhaps I could find a way to
> enter the passphrase at the loader prompt, or configure
> the loader to get the passphrase from an external
> device or hardcoded the passphrase in the bootloader(really
> insecure).

I understand you model which is to have something required
to ensure the disks cannot be read w/o physical token.

Theoretically the loader could allow you to fetch some memory address
and insert it into a boot variable.

If you just want to ensure a token is required to enable access
to a machine you could add something in the root-FS patch which
reads directly from the hardware device, though this is before
the full device infrastructure is bootstrapped IRC.

What about the idea of adding support for HSM and TPMs?  Hardware
keystores and other similar authentication mechanisms which push a
key into a secure memory accessible by the crypto API might be the
answer.

I am looking at similar solutions.  My idea is to enable remote
authentication through a secure means.  So there are multiple options:
to secure console access.

* Some IPMI hardware has an ethernet accessible console, that can
then be routed through a secure tunnel.

* There is the idea of ethercons if it can be extended to support
encryption.

* A serial console can be accessed through another machine securely

This one has been around since a few years back, but the below
patch brings it closer to being workable.


> Alexander Leidinger wrote:
> 
> >Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
> >
> >>This is not not possible with current GBDE.
> >>I've patches which allows this here:
> >>
> >>    http://people.freebsd.org/~pjd/patches/gbde.patch
> >
> >
> >I fail to see how this allows an encryted root-FS, it doesn't add gbde
> >support to boot0(ext) or to the loader. It needs access to an unencrypted
> >kernel. I don't think this is what Ronnel had in mind (overlooking the 
> >fact
> >that his suggestion to save the passphrase in the loader is insecure).

An unencrypted kernel can be read off of another device and then used
to mount the encrypted root.

> >Bye,
> >Alexander.
> >

--                                                                                                                                                              
Allan Fields (afields)                  - Ottawa, Canada (45"10'N 75"56'W)                                                                                      
 Himeji Systems                         http://himejisystems.com                                                                                                
 Afields Research/AFRSL                 http://afields.ca 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20050802/e9ccab6b/attachment.bin


More information about the freebsd-geom mailing list