0
1
Is it somehow possible to boot a Linux operating system from an encrypted filesystem/disk without having user interaction?
Background: I am preparing a VmWare Image for shipment to a customer. This image contains sensible data. The only access granted shall be via an apache server running from inside in the image.
Vokuhila-Oliba
Posted 2010-03-24T22:39:05.277
Reputation: 3 547
3
(more a comment than an answer, but too long to add as comment)
Probably yes, but it probably won't solve the problem you are trying to solve.
At some stage a decryption key has to be supplied to access the encrypted file system. Often this is done through a user entering a password. I expect standard encryption tools also offer functionality to read the key from USB sticks, smart-cards, some other hardware ... thus not requiring user interaction (I think TrueCrypt does this for windows, not sure about Linux).
However, in the end, if the VM runs on your client machine, the decryption key will end up on that machine as it has to do the decrypting. Thus, eventually, giving a tehcnically skilled enough person full access to your data.
You can try hiding the encryption key in hardware as DVD players do, or many game consoles, or newer iPods, but this would require your cutomer to use such cutom hardware in (or as) their computer; and keep in mind this is also only obscuring, not securing.
How about not giving the data to the customer at all, but having the application querying the data as a webservice from your own server?
user12889
Posted 2010-03-24T22:39:05.277
Reputation: 1 743
3What value would you get from the encryption if you could boot without providing key? Are you willing to accept that an advanced user will be able to bypass the encryption and read the files? Are you only aiming at deterring an typical person or do you actually strong protection? – Zoredache – 2010-03-24T22:56:03.100