[dm-crypt] LiveUSB encrypted.

Marcos Barbosa marcosestevesbarbosa at gmail.com
Wed Nov 9 22:26:26 CET 2011


Hello Arno,

I can survive if kernel and initrd stay in a separated partition. May be i
create a script to generate hash and sign them. If I use a separated
partition, what is the next logical step?

2011/11/9 Arno Wagner <arno at wagner.name>

> You don't. What you do instead is use an encrypted
> data partition, which may be supported by some
> Ubuntu tool.
>
> The problem is that the kernel and an initrd have to
> reside outside of the encrypted space. There is no
> way around that. As a consequence, an attacker can
> already modify those two and get complete control.
>
> If you are worried about this, use some form of
> physical protection. Weak protection comes from using
> write-once media like a CD-R. Stronger comes from
> using an encrypted memory-stick with keypad. (Beware,
> there are secure and insecure ones on the market.)
> You can also ware the stick around your neck.
>
> Arno
>
> On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote:
> > How i create a Ubuntu liveUSB inside a USB stick?
> > The trick: The casper files is inside a encrypted partition with LUKS.
> >
> > any ideas?
> >
> > --
> > Marcos Barbosa <marcosestevesbarbosa at gmail.com>
>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
> --
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
> arno at wagner.name
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25
> 338F
> ----
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
>
> If it's in the news, don't worry about it.  The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>



-- 
Marcos Barbosa <marcosestevesbarbosa at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20111109/602e21e6/attachment.html>


More information about the dm-crypt mailing list