How to verify /boot partition on encrypted LVM setup

Posted by ml43 on Super User See other posts from Super User or by ml43
Published on 2013-11-02T07:04:27Z Indexed on 2013/11/02 9:58 UTC
Read the original article Hit count: 183

Filed under:

disk-encryption

|

lvm

Isn't unencrypted /boot partition a weakness for encrypted LVM setup? Attacker may install a malware to /boot partition so that it may sniff encryption password next time system boots. It may also be done by a malware installed to Windows on dual-boot system without any physical access.

Am I missing some protection scheme or at least I may verify that /boot contents didn't change since last system shutdown?

© Super User or respective owner

Related posts about disk-encryption

Full Disk Encryption for Mac (Not PGP)

as seen on Super User - Search for 'Super User'
I purchased PGP Whole Disk Encryption for my Macbook Pro, and it's exactly what I need. After the Symantec acquisition, PGP no longer sells single licenses of the software so I can't purchase a second copy for my iMac. Since I can no longer buy PGP Whole Disk Encryption, can anyone suggest an alternative… >>> More
What options are available to perform whole disk encryption with Snow Leopard

as seen on Server Fault - Search for 'Server Fault'
We would like to encrypt the entire disk of a Snow Leopard workstation running some sensitive file, database and web services. PGP does not yet work for 10.6, and we cannot use FileVault as it is not compliant with FIPS and would require non-standard installation of services. What whole-disk options… >>> More
Free Mac whole disk encryption

as seen on Super User - Search for 'Super User'
Are there any free solutions for encrypting the entire boot disk on a Mac? I'm aware of PGP's Whole Disk Encryption, but it's a bit steep at $149. TrueCrypt's System Encryption seems to only work with Windows. >>> More
Speed of TrueCrypt whole disk encryption

as seen on Super User - Search for 'Super User'
I'm getting a new development laptop soon, and I'm thinking of using TrueCrypt to encrypt the whole disk. What kind of performance drop can I expect? 10%? 30%? more? Also, assuming the workload has an effect, would compiling/using Visual Studio be affected much? I cannot seem to find anything like… >>> More
Full disk encryption on dual boot system using TrueCrypt

as seen on Super User - Search for 'Super User'
I'm thinking about encrypting my whole harddrive for example using TrueCrypt, which I've used for encrypting file containers for a while. It is possible to encrypt the whole harddisk through the program and then add a password secured bootloader before the actual bootloader. Is it possible to do… >>> More

Related posts about lvm

Unix LVM: how to resize root lvm

as seen on Server Fault - Search for 'Server Fault'
I took over a virtual server at work after a co-worker left. He, however, setup the server incorrectly at multiple stages and im cleaning them up as I run into them... Currently I realized that the file system is broken in half onto 2 logical volumes both at 50gb. One is mounted as the root directory… >>> More
RAID5 over LVM on Ubuntu Server 12.04.3

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I'm trying to create a RAID5 software array using LVM. I use VirtualBox as I'm only learning how LVM works. So I've created 4 virtual SCSI drives and then did the following: pvcreate /dev/sd[b-e] vgcreate /dev/sd[b-e] raid5_vg lvcreate --type raid5 -i 3 -L 1G -n raid_lv raid5_vg However, I get… >>> More
Preseeding Ubuntu partman recipe using LVM and RAID

as seen on Server Fault - Search for 'Server Fault'
I'm trying to preseed Ubuntu 12.04 server installation and created a recipe that would create RAID 1 on 2 drives and then partition that using LVM. Unfortunately partman complains when creating LVM volumes saying there no partitions in recipe that could be used with LVM (in console it complains about… >>> More
Restore data from overwritten LVM

as seen on Server Fault - Search for 'Server Fault'
I lost all of my data (8 TB) which I collected over the past few years yesterday because I made some seriuos mistakes during the remounting of my LVM. I run a XenServer5.6 installation with additional 4 harddisks for data storage. An LVM over those 4 HDDs was used to store all of my data. Yesterday… >>> More
how to multi-boot/upgrade linux from LVM-based partition

as seen on Super User - Search for 'Super User'
i currently have FC3 linux which installed itself on the hard disk using LVM partitioning, so it is basically all one big partition. i would like to try some other distributions and upgrade to something newer, but don't want to lose my current capabilities and data files, and i know nothing or less… >>> More