Bind ubuntu to hard drive.
Carsten Aulbert
carsten at welcomes-you.com
Sun Mar 25 11:20:15 UTC 2007
TwinZ Ubuntu Mailing List wrote:
> Step two: binding the installation to the hard drive serial. Even if one
> made a bit-by-bit copy the new drive would have a different serial and -in
> theory- would not boot. Right? Haven't figured out how to exactly implement
> this one, here are a few thoughts.
> - I need a similar command like the " label " or " vol " used in dos to
> extract the drive's serial somehow. I could start from there.
smartctl (package smartmontools) will tell you the serial (if linux can
speak directly to the disk. Not possible through a hardware RAID
controller except some 3ware controllers.
> - Is there a way (startup script maybe) to have the OS loader check the
> drive's serial and prevent startup in case of a mismatch? Since the drive
> would be encrypted it would be hard for someone to mess with this startup
> script by having physical access to the hard drive (well, unless they find a
> way to get around LUK encryption first somehow).
I see. I guess this is not something fetched from too far away. (Note to
Matthew: What happens if someone steals the hard disk and is able to
boot the system and break in via an open, vulnerable service - I guess
this is the intention of checking the serial).
What I would do about this is simply set-up a start-up script reading
the serial and comparing with the saved one. However, I don't exactly
know how your set-up is supposed to work. If there is an unexpected
reboot, do you have to go to the server and physically type in the
encryption pass phrase? Or how do you make sure, no one can actually
decrypt your file systems?
Cheers
Carsten
More information about the ubuntu-users
mailing list