Re: [dm-crypt] Feitian PKI donation to dm-crypt projetc

[Arno Wagner <arno@wagner.name>]

On Thu, Nov 04, 2010 at 01:57:23PM +0100, Mario 'BitKoenig' Holbe wrote:
> Heinz Diehl <htd@fancy-poultry.org> wrote:
> > On 04.11.2010, Arno Wagner wrote: 
> >> Having a not completely encrypted initrd and kernel does
> > How would you boot such a system when initramfs / initrd is encrypted?
> 
> Enable your boot-loader to decrypt it. Meanwhile, grub can do this.

One other option is trusted hardware, that can do the initial
decryption.
 
> This somewhat reduces but, of course, not eliminates the trust-problem:
> instead of having to trust your hardware, BIOS, boot-loader, kernel, and
> initramfs, you now have to trust your hardware, BIOS, and boot-loader
> only.

I completely agree. And with trusted hardware, you still have to 
trust the hardware. However, there is some (limited) benefit, 
namely the earlier in the boot process, the harder it gets for
an attacker, i.e. the more expensive. 

Also, with good trusted hardware, remote attacks become infeasible 
and you have to physically access the hardware. The same could be 
done with booting from a write-protected memory stick or CD/DVD.

In all cases a class vulnerability remains, namely that everything
is open once the system runs. This is one reason, why encrypted
root is basically only worthwhile if the attacker _has_
physical access. But in that case a whole set of new attacks
become possible, that encryption does not help against, such
as hardware-keyloggers, patched BIOSes, changes to your read-only
boot-medium, etc..

I doubt that system encryption does help a lot in cases other
than when the complete system gets stolen (laptop). But then
normal system encryption for Windoes (e.g. TrueCrytp), and 
data+tmp+var+swap encryption for Linux is quite enough. 

Side note: Benefit of a chipcard in the scope of disk encryption
is that people that have trouble with passwords do not need to 
remember them. I really don't see any other. This can be a valid
application, though.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier