[dm-crypt] Newbies - Question on unattended boot

[Xavi Montero <xmontero@dsitelecom.com>]

Hi all.

First, congrats to the coders that have made this available.

Second, a question from a newbie in dm-crypt.

THE QUESTION IN SHORT:

How do I boot a protected system but not having to type the key at any 
point? It is an unattended system.

JUST A BIT MORE:

The PC runs our software, but is located in another place, with another 
people who don't have to have access to the system itself, but need the 
machine to be local there. We reach the system over a DSL, via ssh.

FULL DETAILS OF WHY I ASK THIS:

While I use Linux from a decade+ ago, I've never had the need to crypt 
data on hard disks. Now I have a need, I initially though dm-crypt could 
be the solution but I'm not sure of how to do a thing that maybe others 
have already been exploring.

PROBLEM:

I sell radio advertising of third-party broadcasters. We are automating 
  all and radios put a PC on each studio and we control it remotely. It 
is needed locally because it is from there where the audio-spots are 
casted, but we control when and where remotely. The software to put in 
their PC is Linux-based and is ours.

The radios are thousands of Km away and we do all on-line and by phone. 
There are radios I've never seen in person.

What I do up to now is to release a bootable ISO, the radio downloads it 
and burns a CD. Boots from CD and the installer formats, installs and 
then boots from the HD. The radio must then insert their net 
configuration and config their router so I can access the machine from a 
DSL line over ssh.

Up to here, we have not used encription, because I trust very much the 
people on the first stations I have had representation for.

Now we are growing. We have 46 stations from other owners. As the 
station number increases, I start to loose control of what they do with 
that software and I don't want they "copying" the HD to give it to 
"friends" and another person building a business that compete with me 
based on my own system.

I therefore thought to crypt the partitions. If radios give the full HD 
to a friend... hey! doesn't matter, if their friends do not know the 
passphrase, will not be able to read the contents even having a full-copy.

To avoid people entering into the live system, it does not have any 
tty's avaiable (no one can log from the Keyboard) so no way to "run the 
system and enter on it". The only way to copy our soft is to extract the 
HD and plug into another computer as secondary, or boot that machine 
from a liveCD.

SOLUTIONS I'VE BEEN THINKING BUT I DON'T SEE FOR CLEAR:

a) I thought of install dm-crypt and set some kind of "auto-mount". Of 
course if passphrase is as simple as "blank", then no secret is there, 
and for the "friend" it is easy to try and enter. This is not a 
solution. A passphrase should be there.

b) Nevertheless, if I have a passphrase, -as that is in a REMOTE 
location from me- I would have to ask the admins to insert the key by 
hand, thus they would know it. They could give the phrase to their 
friends. No sense. The passphrase must be secret (at least up to certain 
point -ie: not "clearly known"-).

So if the system must boot, must have a passphrase and nobody has to 
type it, only 3 solutions appear in my mind:

1) A script contains somewhere instructions with the plain-pass-phrase. 
Although this difficults from "plugging and seeing content", this is not 
too difficult to track or discover.

2) A script or binary-exe contains some kind of bainary version of the 
phrase. Performs "mounting". While rigorously "crackable", it is not 
"obvious". For a person knowing enough as to do this, can "crack" the 
system, but probably a person having such knowledge would build a clone 
of my system from scratch instead of intending to re-use it.

3) A script "queries" the passphrase to a central sever at the 
boot-time. This way if they "copy" the HD, the pass is not ther. Of 
course this has a hughe-big-disastrous disadvantage: If the "key-server" 
(in our office) fails and the radio has to reboot that machine they will 
not be able to boot. Even not having the passphrease on the HD, I really 
dislike this method because of the dependencies.

THE QUESTION:

What do you reccomend?

Thanks to everybody for helping, and again to the coders/maintainters of 
dm-crypt for the job done.

Xavi.

-- 
Xavier Montero - 93 589 71 91 - 630 59 01 62 - xmontero@dsitelecom.com