[BBLISA] unattended boot of systems with FDE (was Re: Looking for FDE single system windows 8)
Edward Ned Harvey (bblisa4)
bblisa4 at nedharvey.com
Tue Jan 27 18:57:20 EST 2015
> From: bblisa [mailto:bblisa-bounces at bblisa.org] On Behalf Of John P.
> Rouillard
>
> Mandos also seems to be an approach to solving this issue.
>
> https://www.openhub.net/p/mandos
My reaction to this is the same as to Rich's post - It's not technically unattended... At least not securely.
If an attacker gets their hands on the system, they can pull out the ssh key or the pgp key that the system uses to authenticate itself on the key server. So if the key server is up, the attacker can get the decryption key. The only two things that keep the client systems secure are: Physical security of the client device, and shut off the key server when it's not needed.
If the good admin is required to login to some key server and then disable the key server in order for the clients to securely boot, it's an automated secure boot process - which is cool - but not unattended. Suppose a server crashes and is configured to automatically reboot after power loss or whatever. It will fail to come back up. Admin must intervene.
Not everybody *wants* a truly unattended boot. But there are some circumstances where it's a requirement. For example, if your business sells appliances to your customers, but even your customers are not permitted to access your appliance's guts... Then you need the ability to truly perform unattended boot and retain security. Google Search Appliance, Verizon/Comcast DVR, etc. I cannot say they use something like this - I can say there are lots of potential use cases for something like it.
More information about the bblisa
mailing list