On 20.06.2016 13:39, bootcr...@openmailbox.org wrote:
On 20.06.2016 13:00, bootcr...@openmailbox.org wrote:
Hello!
I have recently decided to use full disk encryption on my openbsd
boxes.
I've managed to do so and it's working, however for security
reasons
I want to boot them from
another drive.
What is that security reason worth of not using default full disk
encryption?
In my threat model, I consider that adversary with physical access
can change bootloader on wd0 drive to store passphrases(or do
anything else).
After booting from USB I remove it and hold it in safe place.
I don't consider adversary to be able to change BIOS code or
something like that.
Ivan provided some nice post, which is however not an answer. IF
attacker
is able to get physical access to your computer then you missed
something
important in preparations - physical protection. Once attacker has
physical
access then you are screwed. It is just matter of your importance to
attacker
if it will be sooner or later.
Attacks on CEO level mentioned in post....they have already laptop made
in China
and there is plenty of examples how HW is screwed up these days by
firmware and
other code doing all the crazy stuff where even best OS can not help to
protect
against (can remember some of the developers pointing that out as
well). So why
to bother and risk personal involvement when you can remotely activate
such
a code (IME, firmware in peripherals, BIOS and so on). And yet except
of Theo
and couple of others you can be very surprised by the state of laptop
on CEOs
level where situation you describe is last problem to overall security
of
particular company.
Not that you are prohibited to try and as pointed out already boot can
handle
it just fine.
Industry as such has problem and you can do all the crazy tricks, but
once
your data must leave your computer and your network to travel over
other networks
and reach other computers to be able to use online banking, order
stuff, use of
multimedia, handle personnal data with gov agencies, do taxes, provide
medical
data about you and many other things. That is a place where it gets
really
bad as they do not have security approach like OpenBSD has and they are
not
even interested in that, because it blocks cloud, containers,
serverless, IoT,
.....whatever. Like those new cars full of electronics, where you will
have
your nearly perfect secure laptop on next seat, but you will still
crash
after someone play with your car electronics remotely just because nuts
in car
industry are saving cents and know s... about security and so use open
connections
between components which can be accessed remotely eg. via SMS without
any
authentication.
This is where we are heading http://www.openbsd.org/lyrics.html#46 so
far however.