hard drive/file system encryption.

dos2unix

Active Member
We are mostly a redhat/Oracle Linux shop. I have encrypted hard drives and file systems several times.
Usually this requires a "pass phrase" in order for the system to start booting up.

I am not given a requirement, to keep the drives encrypted, but by-pass the pass phrase.
I am aware this effectively short-circuits encryption, and makes the drive wide open once the OS comes up.

However they are less concerned about this, and more concerned about someone removing a drive
and mounting it from another Linux system. (hence encryption)

So the question is... is there a way to have the system boot up. without asking for a pass phrase.
These units are rebooted frequently, remotely. But obviously they wont boot up, if no one is there to type
in a pass phrase.
 


JulienCC

Active Member
Hello there,

Are you concerned about people being able to access data by mounting the drives or are you also concerned about people tampering the system and the puting it back in place ?

If you want to prevent people from tampering the system you will need to use technologies such as secure boot. Otherwise you could just mount encrypted data partition at boot. Which solution are you using to encrypt and that requires a passphrase at boot ? Maybe you can just pass the passphrase through a script ? You could store the passphrase in efivarfs for example, so the key wont be embeded in the drive.
 


Members online



Top