This become a real concern now since system is more and more used.
Here is a proposal, based on schema already used by well known system (eg: iOS).
The idea is to use two key: one for disk encryption and one for keychain encryption.
In practice, we should have a partition encrypted with a user-key, let's call that partition keychain. This partition will contains all sensitive data (can be keys, seed, ...).
Each disk present on the system will be encrypted with a generated key, on the first run. Theses keys are stored on the keychain partition.
This have couple advantages:
Encryption are based on the user-key
You can change the user-key without re-encrypt all disks
You can quickly « erase » disk by just deleting the keychain, full disk write is not needed
In a first step, the user-key will be hardcoded, just to have system in place quickly. In a second phase, this user-key will be fetched via a secure way we can discuss later, but at least half of the security schema will be already in place.
This become a real concern now since system is more and more used.
Here is a proposal, based on schema already used by well known system (eg: iOS).
The idea is to use two key: one for disk encryption and one for keychain encryption.
In practice, we should have a partition encrypted with a user-key, let's call that partition
keychain
. This partition will contains all sensitive data (can be keys, seed, ...).Each disk present on the system will be encrypted with a generated key, on the first run. Theses keys are stored on the
keychain
partition.This have couple advantages:
keychain
, full disk write is not neededIn a first step, the user-key will be hardcoded, just to have system in place quickly. In a second phase, this user-key will be fetched via a secure way we can discuss later, but at least half of the security schema will be already in place.