[dm-crypt] LiveUSB encrypted.
marcosestevesbarbosa at gmail.com
Wed Nov 9 22:26:26 CET 2011
I can survive if kernel and initrd stay in a separated partition. May be i
create a script to generate hash and sign them. If I use a separated
partition, what is the next logical step?
2011/11/9 Arno Wagner <arno at wagner.name>
> You don't. What you do instead is use an encrypted
> data partition, which may be supported by some
> Ubuntu tool.
> The problem is that the kernel and an initrd have to
> reside outside of the encrypted space. There is no
> way around that. As a consequence, an attacker can
> already modify those two and get complete control.
> If you are worried about this, use some form of
> physical protection. Weak protection comes from using
> write-once media like a CD-R. Stronger comes from
> using an encrypted memory-stick with keypad. (Beware,
> there are secure and insecure ones on the market.)
> You can also ware the stick around your neck.
> On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote:
> > How i create a Ubuntu liveUSB inside a USB stick?
> > The trick: The casper files is inside a encrypted partition with LUKS.
> > any ideas?
> > --
> > Marcos Barbosa <marcosestevesbarbosa at gmail.com>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
> arno at wagner.name
> GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
> If it's in the news, don't worry about it. The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> dm-crypt mailing list
> dm-crypt at saout.de
Marcos Barbosa <marcosestevesbarbosa at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dm-crypt