(old)Puppy Linux Discussion Forum

READ-ONLY Archive
https://oldforum.puppylinux.com/

Securing your /boot partition

https://oldforum.puppylinux.com/viewtopic.php?t=76768

Page 1 of 1

Securing your /boot partition

Posted: Wed 14 Mar 2012, 18:36
by PaulBx1
I've been playing with other distros, for full disk encryption among other things. The one hole in the arrangement is that /boot cannot be encrypted so you can't be sure of it (I think we were talking about this in one of the threads here). There was some idea of checking the contents of /boot after booting to make sure it wasn't meddled with. Well, someone has done that:

https://wiki.archlinux.org/index.php/Sy ... _partition

I haven't tried it yet with Fedora (the distro I'm playing with at the moment), but I am about to. Thought others might be interested. This might be adapted to Puppy, checking the stuff in /initrd/mnt/dev_save instead...

Posted: Fri 13 Apr 2012, 01:41
by musher0
Hello, PaulBx1.

Security of Puppies have been discussed multiple times. Try a search on any serious meta-engine with "puppylinux security", you'll find lots of reference material, including some on this forum, and also some of BK's explanations.

To my knowledge, the most secure Puppy arrangement is: boot from and save to DVD. The second most secure Puppy arrangement is boot from CD, save to encrypted pup_save file.

I don't think that you need to go beyond that on a Puppy, and encrypt the /boot directory per se. Now of course, some malicious elf could try and do it for sport, but that's paranoia...

My 2 cents. BFN.

Posted: Thu 19 Apr 2012, 17:33
by PaulBx1
I have installed arch linux and tried this method. It works very well, and is not very complicated. I assume it would work with any OS that is fully encrypted except for the /boot partition.

Posted: Thu 19 Apr 2012, 20:30
by Flash
You could also run Puppy from a multisession CD or DVD and save your non-OS-related files on an encrypted flash drive. By running from a multisession CD or DVD, you provide the opportunity to check if the OS files have been compromised (by booting with the puppy pfix=ram boot option, then mounting the multisession DVD and looking at the files that have been changed in previous sessions. Since the original Puppy files are still on the DVD, it's easy to see not only if they've been changed but how they've been changed.)

Running Puppy from a multisession CD or DVD is inherently more secure than running Puppy from a hard disk drive, whose files can be erased or overwritten without leaving a trace.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited