On Mon, 10 Feb 2003, Dave Howe wrote:

...

no, lilo is. if you you can mount a pgpdisk (say) without software, then you are obviously much more talented than I am :) Bullshit. lilo isn't doing -anything- at that point without somebody or something (eg dongle) being present that has the -plaintext- key. Without the key the disk isn't doing anything. So no, lilo isn't mounting the partition. It -is- a tool to do the mount. I don't understand why this concept is so difficult for you - software *must* perform the mount; there is absolutely no way you could

at Monday, February 10, 2003 3:09 AM, Jim Choate <ravage@einstein.ssz.com> was seen to say: personally inspect every byte from the disk and pass decrypted data to the os at line speed yourself. lilo is the actor here. If you gave a program spec to a programmer and said "write this" you wouldn't be able to claim you wrote the code yourself, no matter how good or essential the program spec was.

As to mounting the disk without software, not a problem it could be done all in hardware. Though you'd still need the passphrase/dongle. you couldn't *mount* a disk in hardware; you *could* decrypt on-the-fly and make the physical disk look like a unencrypted one, but you would still need non-crypto software to mount it.

...

for virtual drives, the real question is at what point in the boot process you can mount a drive - if it is not until the os is fully functional, then you are unable to protect the os itself. if the bootstrap process can mount the drive before the os is functional, then you *can* protect the os. No you can't. If the drive is mounted before the OS is loaded you can put the system into a DMA state and read the disk (screw the OS) since it's contents are now in plaintext. no, you can't. data from the hardware is *still* encrypted; only the output of the driver is decrypted, and a machine no longer running bootstrap or os is also incapable of decryption. you *could*, if good enough, place the processor in a halt state and use DMA to modify the code to reveal the plaintext, but it would be a major pain to do so and would require both physical access to the machine *while powered up and without triggering any anti-tamper switches* after the password has been supplied. This is actually a weakness in firmware cryptodrives (as I have seen advertised recently) - once the drive is "unlocked" it can usually be swapped over to another machine and the plaintext read.

You can also prevent the default OS from being loaded as well. Indeed so, yes. however, usually that decision has to be made before the password would be entered - so making more awkward. you *could* finangle the bootstrap though; there must *always* be part of the code outside the crypto envelope (but of course this can be removable media such as the usb drive mentioned, and stored securely when not in use)

Clue: If you own the hardware, you own the software. indeed so. however, if that applied to machines not already running, the police wouldn't be so upset when they find encrypted files on seized hardware.