Diff for /wikisrc/security/cgdroot.mdwn between versions 1.9 and 1.10

version 1.9, 2017/02/10 10:54:56 version 1.10, 2017/02/10 10:55:36
Line 5  It is possible to run NetBSD with [compl Line 5  It is possible to run NetBSD with [compl
   
 The mechanism described here still requires one unencrypted partition to boot from (typically `wd0a`). Full disk encryption would make it more difficult for an attacker to modify the unencrypted part of the disk to plant a backdoor. With only partial encryption, the original [[!template id=man name="cgdconfig" section="8"]] binary may be modified to send the passphrase away, allowing an attacker with a disk dump to recover the data.  The mechanism described here still requires one unencrypted partition to boot from (typically `wd0a`). Full disk encryption would make it more difficult for an attacker to modify the unencrypted part of the disk to plant a backdoor. With only partial encryption, the original [[!template id=man name="cgdconfig" section="8"]] binary may be modified to send the passphrase away, allowing an attacker with a disk dump to recover the data.
   
   The NetBSD Guide contains [an entire section about CGD][2].
   
 The boot process  The boot process
 ----------------  ----------------
   
Line 76  References Line 78  References
 ----------  ----------
   
 * [Full Disk Encryption with cgd (well, almost)][1]  * [Full Disk Encryption with cgd (well, almost)][1]
   * [The cryptographic device driver (CGD)][2]
   
 [1]: https://mail-index.netbsd.org/current-users/2013/03/21/msg022311.html "Full Disk Encryption with cgd (well, almost)"  [1]: https://mail-index.netbsd.org/current-users/2013/03/21/msg022311.html "Full Disk Encryption with cgd (well, almost)"
   [2]: http://www.netbsd.org/docs/guide/en/chap-cgd.html "The cryptographic device driver (CGD)"

Removed from v.1.9  
changed lines
  Added in v.1.10


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb