3

I have been assured that this is possible, but have so far not found any reference that will clue me as to how to do it. I need to deploy an "appliance" with software and data that the user is permitted to use, but which I would prefer to keep them from poking around inside. The user will not have root access, so the running system should be protected. I want to stop the HDD being pulled and mounted elsewhere.

So far I have installed all but /boot into an Encrypted file system, and I am challenged for a password very early in the boot process. One of my colleagues heard from "somewhere" that TPM would be the solution to protecting the password challenge, which would allow the system to boot and unencrypt the root partition without root user presence. How do I get this working, been googling for various combinations a words, to no avail. I also installed a TPM-aware version of GRUB, but have no idea how/if this actually helps me.

Improve this question
3
  • Do you actually have a TPM in that computer? Is it enabled in the BIOS? Commented Apr 3, 2013 at 23:10
  • Yes, the TPM is installed in the unit and enabled in the BIOS. I have been able to communicate with it using the TPM-utils (tpm_takeownership, tpm_version, and so on). We were originally attempting to do a whole encrypted drive (only /boot not encrypted), but have now settled for a single encrypted partition for our application to reside in. Commented Apr 14, 2013 at 14:03
  • What is preventing the user from pooling the drive out, changing the root password to access root and the keyfile? If they have physical access, they can always find a way. Commented May 9, 2013 at 16:58

1 Answer 1

Reset to default
0

If you're using LUKS/dm-crypt, this tutorial may provide the answer. It describes how you can automatically unlock an encrypted partition during boot-up using a special, root-only keyfile.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.