[sf-lug] Full Disk Encryption options?
tom at greenleaftech.net
Mon Mar 24 00:19:48 PDT 2008
On Mon, 2008-03-24 at 00:11 -0700, Kristian Erik Hermansen wrote:
> On Sun, Mar 23, 2008 at 11:53 PM, Tom Haddon <tom at greenleaftech.net> wrote:
> > Interesting, hadn't thought of that as a possibility before. On the
> > other hand, you could just set your BIOS to have a boot option password
> > so that someone can't boot from a different device than the one intended
> > without a password.
> :-) BIOS settings are rendered ineffective if you pull the CMOS
> battery for a minute or so. Thus, it appears the only way to thwart
> physical access is with full disk encryption. I'm still taking
> suggestions for alternatives other than dm-crypt...
Well if you have a BIOS bootup password and then suddenly this no longer
exists because someone's pulled the CMOS battery for a minute or so,
that'd suggest someone's been monkeying with your machine... Time to
take stock a little :) In any case, good luck in the FDE hunt.
More information about the sf-lug