[dm-crypt] linux luks automatic boot with keyfile (INSECURE)

David Christensen dpchrist at holgerdanske.com
Fri May 25 08:20:18 CEST 2012


On 05/24/2012 07:29 PM, Nuno Reis wrote:
> I would like to ask you about the best choice to have one or two luks
> encrypted partitions to boot automatically between reboots without me to
> enter a pass-phrase.
> I've made this already, but the way i'm doing it seems to be not very
> secure since the keyfile is referenced in /etc/crypttab and the keyfile and
> /etc/crypttab both reside on an unencrypted partition. If someone clones my
> HDD and connect it to some other system will easily be able to mount the
> unencrypted partitions and find the keyfile reference on /etc/crypttab to
> get the keyfile and unencrypt the protected partitions right?
> So basically my problem is that i want to sell a linux server with some
> software i've developed to a datacenter (as an appliance), but i don't want
> them to get to my software easily and i can't have a password prompt
> between reboots also.
> Can you point me out what you think would be the best solution for me?

If you want to protect software, perhaps you should consider a software 
protection dongle:

     http://en.wikipedia.org/wiki/Software_protection_dongle


HTH,

David


More information about the dm-crypt mailing list