Re: [Libreboot] Password protected Grub entries

[Robert Alessi]

On Wed, May 20, 2015 at 12:34:34PM +0100, The Gluglug wrote:
> > In my opinion the danger of hard drive replacement is the same as 
> > re-flashing the rom.
> > 
> 
> Exactly. That is why I recommended against using --unrestricted. They
> can replace your HDD, but the chances of them being able to replicate
> a correct GPG signature is very hard.
Very interesting and important thread.  I would like to explain the
rationale which is behind the scenario I chose.  Any thoughts or
feedback would be much appreciated.

So basically I am never without my X60s wherever I go: for example, I
may use it in the train, in classrooms or in conference rooms, namely
in various crowded places, not to mention airports or railway
stations where footages of everything you do are taken all the time.
Hence the idea that one should never enter any kind of login or
password in such places.

As I have only one fully encrypted partition on my hard drive, here is
how I achieved this:
- grub.cfg:
  - password protected
  - the first two entries have the --unrestricted option, but every
    filesystem in them is identified by its UUID.  Since it is
    impossible to edit such an entry without having to enter the
    password, I assume that an attacker is unlikely to boot another OS
    after having replaced the hard drive.  I may be wrong though.
  - the first entry boots from a USB key where I have put the
    kernel, and the initramfs which also contains the keyfile which
    unlocks the encrypted partition.
    This way, to boot my system without having to enter any password,
    I just have to keep my USB key plugged.  Of course, I am never
    ever without this USB key; if for some reason I must leave it
    somewhere, I always shred -z -u the initramfs file in it.
  - the second entry accomplishes virtually the same scenario, but
    from the internal drive: this way, I can boot my system by
    entering a passphrase after I snuck in some hiding place.
- login: for the same rationale as above, I chose to use the fingerprint
  reader device.  I know that this is unsecure, but can't we say that
  typing passwords into our computers is also insecure?  And what about
  typing passwords in open spaces with many people all around?  To be
  more specific, I only enable fprint authentication when I know that
  I would otherwise have to enter my password under the eyes of other
  people.

With many thanks in anticipation for your feedback!

Robert

pgpkiF8hLBtfg.pgp
Description: PGP signature