Bind ubuntu to hard drive.

TwinZ Ubuntu Mailing List ubuntu at twinz.gr
Sun Mar 25 17:52:32 UTC 2007 

You are partly right, partly wrong. I do not (and there wouldn't be any
sense to it) want to protect the OS itself. But, correct me if I am wrong,
configuration files say for networking, postfix, apache and mysql do reside
in the system. So, yes, I do need to encrypt the system as well.

Thanx for your thoughts though ;)

-----Original Message-----
From: ubuntu-users-bounces at lists.ubuntu.com
[mailto:ubuntu-users-bounces at lists.ubuntu.com] On Behalf Of Harijs Buss
Sent: Κυριακή, 25 Μαρτίου 2007 04:10 μμ
To: Ubuntu user technical support,not for general discussions
Subject: Re: Bind ubuntu to hard drive.

On Sunday 25 March 2007 14:02, TwinZ Ubuntu Mailing List rakstija:
> Step one: by using a completely encrypted file system (root as well).

Look at this from the right point: what do you need to protect?  Is it Open 
Source Linux you want to hide? :)  Nope, probably not.  It's rather only
some 
information (not belonging to system) that you want to keep secret.  So it
is 
not at all worthwile to keep system itself encrypted.  Set the partition 
encrypted where your data will reside.  During boot process, when mounting 
this partition, system will ask you for passphrase. This passphrase is not 
kept anywhere on the disk, it is used only to decrypt/encrypt files from
this 
partition.  If passphrase is right, you will get files. If not, you will get

garbage.  That's so simple :)

> Surely, dd would be able to do a bit-by-bit copy, but they'd end up with a
> hard drive with encrypted files in it and could not just read them by
> mounting the drive to another system. Right?

Yes.  Without passphrase nobody will be able to use the disk even on the
same 
machine. 

> Step two: binding the installation to the hard drive serial. 

Why?  Without the right passphrase "bad guy" will not get the contents, be
it 
on original machine or on another. 

> Even if one made a bit-by-bit copy the new drive would have 
> a different serial and -in theory- would not boot. Right? 

I see no sense in that... Besides, Linux is not able to boot from 
software-encrypted file systems, you would need hardware encrypting 
controller for that.  But why?  To keep Linux secret? :))

Harijs

-- 
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

More information about the ubuntu-users mailing list