[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != ro
Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)
Sun, 3 Aug 2008 14:23:11 +0200
On Sun, Aug 03, 2008 at 02:08:33PM +0200, Robert Millan wrote:
> This line of thinking is what is commonly used to justify draconian measures
> (i.e. Treacherous Computing) but it doesn't make any sense. If your security
> policy is such that you don't trust users with physical access, try any of
> the following:
> - Crypt your whole disk. Have your /boot in a usb drive you carry with you.
> - Remove your CD drive and unexpose USB slots (use locks or if really
> sink your board in concrete).
Or use a crypto module where you load a key from a secure environment and use
that to implement measurement during boot. The TPM could have become such
module, but they decided to cripple it by:
a) Loading the key themselves.
b) Not giving you a copy of the key.
I still hope sooner or later a sane company (that is, one that understands
basic rights like ownership) will manufacture modules for this purpose.
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."