'[gentoo-hardened] Re: Hardened Laptops / Talk is cheap'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    [gentoo-hardened] Re: Hardened Laptops / Talk is cheap
From:       Boyd Waters <bwaters+moz () nrao ! edu>
Date:       2003-08-25 17:54:27
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ned Ludd wrote:

| *) Needs to work for 2.4.x & 2.6.x
| *) We would like them to have is an automated method of doing this from
| the live-cd
| *) Need Gentoo HOWTO / instructions written.
| *) The storage medium should be abstracted.
| usb, stick memory, floppy, cd, etc.. any of those should be able to
| store the keys
| *) Solution must pass public critique process. eg: win the approval of
| this list.
| *) Talk is cheap so show us the code.


I agree that any solution that individuals have come up with is not very
interesting until it is pacakged and tested so that many people can use it.

Perhaps we need to re-set expectations a bit: although many have met
with success with loop-AES, for example, the encrypted-root procedure
that is automated by loop-AES has NEVER worked for me.

~From the encrypted-disk thread on forums.gentoo.org, it is clear that
many users are all too ready to trust any sort of documented procedure
and are quite willing to Cuisinart their data without getting into
encruypted-root in an incremental way.

The reason you haven't seen more writted stuff from me on this is
because I am trying to TEST this stuff before sharing it with others.
Particularly for an ecrypted root system, this takes a bit of time.

Mike has an initrd system that seems to work. I tried to test this last
week but did not have spare time. I have to have about three hours of
quiet time to test something like this in a useful (i.e. reproducable) way.

So my talk will be cheap for quite some time, I expect.

- - boyd

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/Sk1T0is8k1r0QeURAsh1AJ9Y8ABsTxbIyEKVDdKYbtV0xWAYggCfZoaX
vhtvfGya3m63vS9UajMUbEA=
=Zbon
-----END PGP SIGNATURE-----


--
gentoo-hardened@gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic