On Sat, 29 Dec 2012 22:43:29 +0100 Martin Laabs wrote: > Hi, > > >> Are there any plans or is there already support for full > >> disk encryption without the need for a boot partition? > > Well - what would be your benefit? OK - you might not create another > partition but I think this is not the problem. > From the point of security you would not get any improvement because > some > type of software has to be unencrypted. And this software could be > manipulated to do things like e.g. send the encryption key to > <attacker>. So from this point of view there is no difference whether > the kernel is unencrypted or any other type of software (that runs > before the kernel) is unencrypted.
And the advantage of putting the boot partition on a memory stick is that it's much easier to keep such a device physically secure. Bootstrapping code on the main hard drive is easier to attack. IIRC someone demonstrated such an attack against one of the commercial encryption packages. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
