[sf-lug] Full Disk Encryption options?

Tom Haddon tom at greenleaftech.net
Mon Mar 24 00:19:48 PDT 2008


On Mon, 2008-03-24 at 00:11 -0700, Kristian Erik Hermansen wrote:
> On Sun, Mar 23, 2008 at 11:53 PM, Tom Haddon <tom at greenleaftech.net> wrote:
> >  Interesting, hadn't thought of that as a possibility before. On the
> >  other hand, you could just set your BIOS to have a boot option password
> >  so that someone can't boot from a different device than the one intended
> >  without a password.
> 
> :-)  BIOS settings are rendered ineffective if you pull the CMOS
> battery for a minute or so.  Thus, it appears the only way to thwart
> physical access is with full disk encryption.  I'm still taking
> suggestions for alternatives other than dm-crypt...

Well if you have a BIOS bootup password and then suddenly this no longer
exists because someone's pulled the CMOS battery for a minute or so,
that'd suggest someone's been monkeying with your machine... Time to
take stock a little :) In any case, good luck in the FDE hunt.

Cheers, Tom






More information about the sf-lug mailing list