On 31/03/15 21:14, Robert wrote:
On Tue, Mar 31, 2015 at 10:10:31AM -0500, Joe Crivello wrote:
I can't think of any other scenarios right now, but I'd be interested to
hear if there is something I'm not thinking of...
Let's cut this short:
To prevent (in theory) various attack vectors (e.g., physical access to the
disk while offline), you need to have the system in a trusted state.
Somebody has already thought this through, here is the result:
http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot
Such a fully trusted, BSD-licensed OpenBSD boot chain, where I can put my own
keys into the BIOS, would be nice to have. Good luck writing it ;)
kind regards,
Robert
how about disk encryption?
this is just for physics access while disk is offline.
G
