Bind ubuntu to hard drive.
Matthew Flaschen
matthew.flaschen at gatech.edu
Sun Mar 25 11:29:11 UTC 2007
Carsten Aulbert wrote:
> TwinZ Ubuntu Mailing List wrote:
>> Step two: binding the installation to the hard drive serial. Even if one
>> made a bit-by-bit copy the new drive would have a different serial and -in
>> theory- would not boot. Right? Haven't figured out how to exactly implement
>> this one, here are a few thoughts.
>
>> - I need a similar command like the " label " or " vol " used in dos to
>> extract the drive's serial somehow. I could start from there.
>
> smartctl (package smartmontools) will tell you the serial (if linux can
> speak directly to the disk. Not possible through a hardware RAID
> controller except some 3ware controllers.
>
>> - Is there a way (startup script maybe) to have the OS loader check the
>> drive's serial and prevent startup in case of a mismatch? Since the drive
>> would be encrypted it would be hard for someone to mess with this startup
>> script by having physical access to the hard drive (well, unless they find a
>> way to get around LUK encryption first somehow).
>
> I see. I guess this is not something fetched from too far away. (Note to
> Matthew: What happens if someone steals the hard disk and is able to
> boot the system and break in via an open, vulnerable service - I guess
> this is the intention of checking the serial).
Assuming the encryption is secure, how can an attacker boot the system?
If the encryption /isn't secure/ whatever startup scripts you use can
simply be removed, or the drive can be mounted (but not booted), and the
scripts are irrelevant.
Matthew Flaschen
More information about the ubuntu-users
mailing list