AEM, no stick ... no boot
25 views
Skip to first unread message
James Bisno
Oct 23, 2016, 9:50:04 AM10/23/16
to qubes-users
Is there a way to forbid or obstruct grub from booting up a disk encrypted Qubes when grub is loaded from the harddrive, so that a removable AEM device is required to load Qubes?
James Bisno
Oct 23, 2016, 11:58:18 PM10/23/16
to qubes-users
On Sunday, October 23, 2016 at 9:50:04 AM UTC-4, James Bisno wrote:
> Is there a way to forbid or obstruct grub from booting up a disk encrypted Qubes when grub is loaded from the harddrive, so that a removable AEM device is required to load Qubes?
> Is there a way to forbid or obstruct grub from booting up a disk encrypted Qubes when grub is loaded from the harddrive, so that a removable AEM device is required to load Qubes?
I have a feeling the informed users/developers may easily overcome such an obstacle (way beyond me) but stopping a sophisticated attacker seems like an exercise in futility (camera on the keyboard and foobar router). Now if some clueless thug starts poking around, armed with a flashdrive from hackers.com, and he cant figure out how to turn the damn thing on, thats a total win in my book.
Marek Marczykowski-Górecki
Oct 24, 2016, 5:04:02 AM10/24/16
to James Bisno, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, Oct 23, 2016 at 06:50:04AM -0700, James Bisno wrote:
> Is there a way to forbid or obstruct grub from booting up a disk encrypted Qubes when grub is loaded from the harddrive, so that a removable AEM device is required to load Qubes?
You can keep /boot on external device (AEM). Simply - after AEM
installation, wipe /boot from internal hard drive.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYDc59AAoJENuP0xzK19cswV8IAJH+OyVdCitxvAI3uYqbTPV2
b7IUA6yMZZcHCGNutmAsoQ0IP8bEw6QbgVGwHF54sHhxL0/SDAyUmsjjwxdewIkV
tCHVs6DShMedVb7WQeuwrUt5RYcJud/+OzyubasB9ieosEZHC374Stwhi9oJ2Sqv
NBimcSqbAl74lWLaHSzoMHyemkDJ+unVEQUpXKOxxeStRJQVjTQ9zauwmTYQaVwA
3iASueULKbY2i7sWHrpfj4I9k+hL3NCuClvFZsFMFs/EH9PmbU1312IFOXBz7grK
82UiYLytEirmnCeIGVSXCwMEwx75ZUQk1v1wrrcc+Y+GWzIbac8zNML52Z4jJqI=
=7dFo
-----END PGP SIGNATURE-----
Hash: SHA256
On Sun, Oct 23, 2016 at 06:50:04AM -0700, James Bisno wrote:
> Is there a way to forbid or obstruct grub from booting up a disk encrypted Qubes when grub is loaded from the harddrive, so that a removable AEM device is required to load Qubes?
installation, wipe /boot from internal hard drive.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYDc59AAoJENuP0xzK19cswV8IAJH+OyVdCitxvAI3uYqbTPV2
b7IUA6yMZZcHCGNutmAsoQ0IP8bEw6QbgVGwHF54sHhxL0/SDAyUmsjjwxdewIkV
tCHVs6DShMedVb7WQeuwrUt5RYcJud/+OzyubasB9ieosEZHC374Stwhi9oJ2Sqv
NBimcSqbAl74lWLaHSzoMHyemkDJ+unVEQUpXKOxxeStRJQVjTQ9zauwmTYQaVwA
3iASueULKbY2i7sWHrpfj4I9k+hL3NCuClvFZsFMFs/EH9PmbU1312IFOXBz7grK
82UiYLytEirmnCeIGVSXCwMEwx75ZUQk1v1wrrcc+Y+GWzIbac8zNML52Z4jJqI=
=7dFo
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages