[sf-lug] Full Disk Encryption options?

Asheesh Laroia asheesh at asheesh.org
Mon Mar 24 00:13:36 PDT 2008 

On Sun, 23 Mar 2008, Tom Haddon wrote:

> On Sun, 2008-03-23 at 18:11 -0700, Kristian Erik Hermansen wrote:
>> On Sun, Mar 23, 2008 at 3:09 PM, Tom Haddon <tom at greenleaftech.net> wrote:
>>>  Hope this isn't too irrelevant, but why would you want to do full disk
>>>  encryption? You're slowing down your machine by forcing it to do extra
>>>  processing and you're encrypting many many files that are publicly
>>>  available and don't have any personal information in them. I don't
>>>  really see the point of encrypting /usr/bin, /usr/sbin, /usr/lib, /lib,
>>>  etc...
>>>
>>>  Why not just encrypt the stuff that's specific to you?
>>
>> That's a great question Tom.  There are a few reasons.  Let's just
>> assume for a moment that I only encrypt /home, so that all my user
>> data is protected.  I leave for lunch and some guy happens to snag my
>> laptop for the hour I am gone.  During this hour, he is able to boot
>> my machine with a LiveCD and plant a backdoor libc library that does
>> bad stuff.  I log into my computer after lunch.  Upon running some
>> applications, unbeknownst to me, data is being leaked out to the
>> attacker.
>
> Interesting, hadn't thought of that as a possibility before. On the
> other hand, you could just set your BIOS to have a boot option password
> so that someone can't boot from a different device than the one intended
> without a password.

Also, he could trojan the program that checks your password to:

(a) email him a copy of the hard disk passphrase,
(b) remove the encryption on the disk, rather than just decrypting to RAM,
(c) send all the photos in your $HOME to your mother, and
(d) patch the kernel so that it appears that your disk contains random
     data if accessed from userspace (thereby appearing to be encrypted),
     whereas kernel-space code like filesystem drivers read the real data
     so nothing appears amiss.

>> Who knows what an attacker might do...heh.

heh indeed.

>> This is why FDE is important.  Perhaps Ubuntu can work it into the next 
>> LTS release two years from now, whatever that solution might be :-)

Debian already includes full-disk encryption schemes.  I think dm-crypt is 
the best-maintained of your options.

-- Asheesh.

-- 
Fertility is hereditary.  If your parents didn't have any children,
neither will you.

More information about the sf-lug mailing list