Linux boot protection?

I

iandriyanov2014-09-18 13:24:18

linux

iandriyanov, 2014-09-18 13:24:18

Good afternoon.
I will briefly describe the situation, if some points are unclear, I will try to describe in more detail, because I don't fully understand this possibility.
- Is it possible to rebuild the initrd (initramfs) with the ability to mount / (root) as an ENCRYPTED device (partition or directory).
- Is it possible in principle to mount an encrypted root in the initram?
- What are the boot protection solutions?
-- ps: BIOS password, grub password - not suitable.
- Does anyone know the options for solving this, by ensuring that at the time of installing the OS, a unique key is generated, with the help of which, even if you transfer the system disks to another machine, the download would fail.
PS: All this is necessary in order to protect yourself from LIVE-cd and a possible chroot.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey Petrikov, 2014-09-18
@RicoX

Catch the example
wiki.enchtex.info/howto/ubuntu/ubuntu_dmcrypt_root

J

jcmvbkbc, 2014-09-18
@jcmvbkbc

- Is it possible to rebuild the initrd (initramfs) with the ability to mount / (root) as an ENCRYPTED device (partition or directory).
- Is it possible in principle to mount an encrypted root in the initram?

- Yes Yes. But why? Anyway, in this case, the initrd image will lie in open form on the boot partition, and the key must be inside it if you are not going to enter a password. To gut it from livecd is a matter of 2 minutes.

P

Puma Thailand, 2014-09-18
@opium

if you have a certificate in an open form, I just sit it live and turf it and mount the disks,
entering a passphrase is necessary