Hi,
I recently installed debian etch with the full-drive encryption option the
installer offers.
Now everything but the boot partition is encrypted.
I was concerned about the fact, that there is one simple way to circumvent the
hole encryption system if someone has physical access to the pc:
* Michael Heide:
It simply checks the md5sum of all files in /boot and if there are new
or vanished files. It has to be run after every kernel update,
needless to say.
This doesn't help much against manipulation of /boot. You need some
kind of trusted boot environment, as provided by one of
On Thu, Oct 18, 2007 at 09:51:45PM +0200, Michael Heide wrote:
I was concerned about the fact, that there is one simple way to circumvent
the hole encryption system if someone has physical access to the pc: to
simply replace the kernel or initrd at the boot partition to include some
trojan
3 matches
Mail list logo