You are viewing airlied

airlied
airlied
:.:..:.

May 2014
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

airlied [userpic]
encrypted rootfs vs suspend/resume

RANT MODE ON

So one of the things people have been wanting for a while is an encryted root filesystem.

Now this isn't some sort of security saviour and I was just chatting to a few people on irc and realised the pain we need to go through to actually make it secure and useable in the face of other things.

Scenario: You have a laptop, you want to "secure", you use an encrypted rootfs because the forums told you to. Now Linux suspend/resume support gets good enough that you don't ever reboot. So when the laptop is suspended where are they encryption keys?
oh they are in the RAM? oh thats nice. Even when the laptop is resumed, where are they? oh look a screensaver is stopping me from logging in.

Solution: remove enc keys on suspend - ask the user for them again on resume. - sounds easy.

How do we ask for the keys then?

Currently in Fedora we plan to ask for the keys in the initrd. This works fine if you are using an English based language and keyboard. What happens if you want to use some of your own language like Chinese. Oh you want input methods so you can type that in do you? Oh we need X. Oh lets put X in the initrd. Oh lets migrate lots of the supporting bits into the initrd. Hey wait a minute half my encrypted root is now in an unencrypted initrd. WELCOME TO DRINKIN' ISLAND!.

So maybe some sort of encrypted overlay on top of an unencrypted rootfs that can bring up enough X to type the password in might be a better plan in sane universe where different parts of the OS talk to each other.

RANT ENDS.

Comments
Re: Do you have encrypted swap?

Do you honestly think no one will figure out how to fake such a scanner? If not "gummies", something else will inevitably do it.

Anyway this is all overlooking the fundamental misconception about biometrics:

"Biometrics are unique identifiers, but they are not secrets." -- Bruce Schneier

Or in simpler terms, biometrics can serve as a replacement for typing your username but are not a replacement for your password.

"Once someone steals your biometric, it remains stolen for life; there's no getting back to a secure situation."