-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HI A while agoa it was talked about a laptop that was more secure bu preventing unauthorized booting. I did a proof of concept a year ago on the subject but I would like to release a GPLed HOWTO and code so it is more formalized. The whole concept is based on the linux encrypted loopback feature. You can mount a file or partition as a seperate encrypted filesystem. RedHat 8.0 supports the encrypted loopback out of the box. The command for this is | losetup -e aes -k 256 /dev/loop? [filename|partition] this command creates a device that uses AES (Advance Encryption Standard) with a 256 bit key. The loop? is a number starting at 0 up to 16 (loop0...loop16). the next command is | mke2fs -j /dev/loop? Password: This makes a journal files system that has been encrypted using the password you enter at the prompt. |mount /dev/loop? directory This mounts the encrypted filesystem on the directory. Now when you write files to the directory they will be encrypted. to remove it |umount directory |losetup -d /dev/loop/ now it will require a password to mount it again. The next question is what do we want to protect? the whole computer? the users data? ?? WE also want the DATA, harddisk to be safe even if it removed and put into another computer. Lets assume we want to protect data and meta-evidence (logs). Lets also assume that we want an external device that is needed to unlock the system (ibutton, USB memorystick) Now lets talk about the booting processs 1> BIOS 2>boot manager (GRUB| LILO) GRUB perfered 3> boot the kernel 4> the init program 5> inittab, rc.d , services...... 6> user login NOw the question here is at what point do wee add the checking hardware key and decrypting data. We don't have BIOS SOURCE so we can't change it, we can't intovate here. The boot manager, we have source but not the linux encryption support. We can check if the hardware is there not not decrypt it. 1st CHECK Next kernel loads Now the init program. We have source and encryption support. We now can decrypt the data on the pluging device and use thoses passwords to decrypt the parts of the system that are encrypted. It the hardware device is not there, the system will not finish booting. Question: do we want to know the master key to the hardware device or do we want the machine to make it? after the critical parts are mounted the the system finishes booting. Now when we login, we add a PAM module to ask for the password to unlock data on the hardware plug that get us the key the users data So two passwords are needed one for system login and one for the hardware plug user keys. This means all passwords the are used to decrypt the computer are on the hardware plug. The directories that could be encrypted are "/etc" this system setup info "/var" this is system data "/home" this is all the users data directory "/home/user" each user has their own key Any Ideas Shaun -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9pRk0n6I06Opz+XURAiKcAJ0XiZxUSFchrzNu7U2E/Ujd70OiAgCgmtJo gyOS//LjgjJb53Vb03mroX8= =j7Jx -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 18:06:49 PDT