Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 21 Oct 2014, 14:32
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Securing your /boot partition
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Wed 14 Mar 2012, 14:36    Post_subject:  Securing your /boot partition  

I've been playing with other distros, for full disk encryption among other things. The one hole in the arrangement is that /boot cannot be encrypted so you can't be sure of it (I think we were talking about this in one of the threads here). There was some idea of checking the contents of /boot after booting to make sure it wasn't meddled with. Well, someone has done that:

https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#Securing_the_unencrypted_boot_partition

I haven't tried it yet with Fedora (the distro I'm playing with at the moment), but I am about to. Thought others might be interested. This might be adapted to Puppy, checking the stuff in /initrd/mnt/dev_save instead...
Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4254
Location: Gatineau (Qc), Canada

PostPosted: Thu 12 Apr 2012, 21:41    Post_subject:  

Hello, PaulBx1.

Security of Puppies have been discussed multiple times. Try a search on any serious meta-engine with "puppylinux security", you'll find lots of reference material, including some on this forum, and also some of BK's explanations.

To my knowledge, the most secure Puppy arrangement is: boot from and save to DVD. The second most secure Puppy arrangement is boot from CD, save to encrypted pup_save file.

I don't think that you need to go beyond that on a Puppy, and encrypt the /boot directory per se. Now of course, some malicious elf could try and do it for sport, but that's paranoia...

My 2 cents. BFN.

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Thu 19 Apr 2012, 13:33    Post_subject:  

I have installed arch linux and tried this method. It works very well, and is not very complicated. I assume it would work with any OS that is fully encrypted except for the /boot partition.
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11118
Location: Arizona USA

PostPosted: Thu 19 Apr 2012, 16:30    Post_subject:  

You could also run Puppy from a multisession CD or DVD and save your non-OS-related files on an encrypted flash drive. By running from a multisession CD or DVD, you provide the opportunity to check if the OS files have been compromised (by booting with the puppy pfix=ram boot option, then mounting the multisession DVD and looking at the files that have been changed in previous sessions. Since the original Puppy files are still on the DVD, it's easy to see not only if they've been changed but how they've been changed.)

Running Puppy from a multisession CD or DVD is inherently more secure than running Puppy from a hard disk drive, whose files can be erased or overwritten without leaving a trace.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0517s ][ Queries: 11 (0.0073s) ][ GZIP on ]