Re: Full disk encryption options

["Robin Wood" <dninja () gmail com>]

2009/1/9  <aragonx () dcsnow com>:
> Hello all,
>
> I have seen this topic on the list before I think but I want to go over it
> again if you don't mind.
>
> I have two volumes of business data that is sensitive.  I have a Fedora 9
> Linux server that these disks are in.  I would like to have these disks
> encrypted.  This is the easy part.
>
> Now for the hard part.  I would like to have the volumes mounted
> automatically at boot.  So the security issue comes here.  I would like to
> make it so that if the server is not shut down properly (normal init 0)
> then on the next boot it requires a pass phrase plus a pass key to access
> these volumes.  So the stored pass phrase can not be access able under any
> circumstances if the system is not shut down normally.
>
> Somehow I think I would also need to disable the power button on the
> machine to prevent someone from starting a shutdown without the root
> password.
>
> Any ideas on this topic?

If you use a keyfile rather than a password, on shutdown you could
copy that keyfile from the encrypted (but now open because it is in
use) disk to somewhere on the unencrypted disk, on the next boot the
system uses that keyfile to open the encrypted disks. The keyfile is
then deleted/wiped.

If the machine isn't shutdown correctly then the keyfile isn't copied
so the only copy is on the encrypted disk which doesn't help an
attacker. If you use lucs you can have multiple keys, one of which
would be a password which you could then use to access the system
again.

The downside is that they keyfile sits on an unencrypted disk every
time the machine is shutdown correctly.

Not sure if this exactly answers your scenario but it is a start.

Robin