On 09/09/2019 03.36, Lew Wolfgang wrote:
On 09/08/2019 12:32 PM, Carlos E. R. wrote:
A system with an encrypted disk, if it first prompted for a local password, then tried to download a key from a pre-selected location, would be great! I have no idea if it would be possible to do this kind of thing without BIOS modifications. What would be required, and would there be risks of leaking unencrypted bits? Not bios. initrd. Same as it is possible to download the boot image from a remote machine using tftp.
Good point, but it would have to be done with overall security in mind. After all, you went to the trouble of encrypting the disk, you don't want to waste the effort by compromising the decryption key.
Not a problem :-) If the key is false, the disk doesn't decrypt and the machine doesn't boot. At that point some emergency measures could trigger. Like an alarm, call for human assistance, I don't know. The disk can not be deciphered without the proper key, a wrong key does nothing bad. As for reading the key with a rogue machine installed in that LAN, that's a different problem. You could transmit the key with encryption with a pair of keys only known to the server and the machine that is booting, different for each machine. But having access to the client machine would give access to its key. So the countermeasure would be, if the client goes missing, then disable the corresponding key on the server. It is a game of measures and counter measures.
Obviously, something with PKI for authentication on both ends, with encrypted content would be needed. SCP with pre-placed public keys would be perfect. I wonder how much larger that would make initrd?
BTW, is it time for this to go to a more appropriate list? Your idea really has merit, Carlos, and would solve a number of difficult problems that Linux faces in the Information Assurance (IA) universe that large corporations and governments face. Has someone already solved this problem: remote reboot of a whole disk encrypted computer, while preserving authenticity and security?
But I don't work in that field, I just have ideas :-) -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)