search

dnschneid / crouton

Chromium OS Universal Chroot Environment
https://goo.gl/fd3zc?si=1
BSD 3-Clause "New" or "Revised" License
8.57k stars 1.24k forks source link

is encryption still necessary? #745

Closed sunaku closed 10 years ago

sunaku commented 10 years ago

Hello,

I followed the Shell Access With Verified Boot And Auto Updates guide where chromeos-setdevpasswd is run to password-protect the sudo command that can be run from the crosh shell. Afterwards, I ran chmod o= /usr/local/chroots to prevent non-root users from directly accessing Crouton chroots from the crosh shell.

Considering this setup (you can only access Crouton's chroots if you become root using the password-protected sudo), is Crouton's chroot encryption still necessary? :neckbeard:

Thanks for your consideration.

dnschneid commented 10 years ago

Depends on your level of paranoia. Assuming you also did the crossystem boot config, with an unencrypted chroot someone could still get at your data by (of the top of my head):

Other than the first item (which occasionally happens but gets quickly patched; see the latest pwnium), most of these hacks require physically disassembling the device. Whether you deem these a valid risk that needs to be mitigated or not is up to you; the Chromium OS project considers it enough to warrant encrypting your user profile on the device, so crouton attempts to enable a similar level of data safety.

All it really comes down to is the class of attacker you're trying to protect yourself from:

  1. Hackers on teh internets: browse using the Chromium OS browser, not one inside your chroot.
  2. Hackers in teh coffi shopz: set a root password, disable unverified/USB boot, lock your screen and your chroot when you're away from it, don't leave VT2 logged in.
  3. Hackers in teh govurnmints: encrypt your chroot, cross your fingers that there aren't any backdoors in the implementation or exploitable side-channels, and forget your password.
sunaku commented 10 years ago

Brilliant answer! :bow: Thanks.