View Single Post
  #5   (View Single Post)  
Old 28th September 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223

Software security cannot possibly protect you from physical security risks.. if this system is in an area that's not safe, relocate it to a safer area.

There are a few things you can do:
  • Set a BIOS password.. most support that.
  • Set the boot priority to boot from the hard drive only.
  • Remove any bsd.rd off the root partition...
  • Remove the 'secure' setting from ttyC* devices in /etc/ttys.
None of this will prevent someone from stealing the physical hard drive and mounting it in another system, physical security is *your* responsibility.

An encrypted root file system sounds nice, but it's simply unfeasible.. the 3rd level boot program, i.e: /boot is on the root partition.. the loader before that is primitive, it has the blocks hard coded into it, and due to architectural constraints.. i.e: a 512 byte PBR, a suitable decryption routine would be insanely hard to write.


Last edited by BSDfan666; 28th September 2008 at 04:33 PM.
Reply With Quote