Categories

Linux security tip: moving your /boot partition to removable media

Posted on Monday, June 30th, 2014 in how-to, Linux, security, USB by the machinegeek

tux
Today threats to your data can come from many quadrants. It’s not enough to protect against malicious online attacks; there’s the very real threat of government confiscating and examining the electronic devices carried by international travelers, and even planting spyware. In this post from “The Doctor”, we’re shown one way to mitigate this threat, which involves the use of a USB key that you work to keep out of the clutches of others at all times. He notes, “When you’re trying to fly into or out of an airport en route to someplace else, it is entirely possible that the airport’s security staff will take you aside for a more thorough search and questioning while your stuff is taken someplace out of your control and analyzed. We know that there are malware packages available today that boobytrap the boot device of laptop computers to install various forms of surveillance malware which run the next time you start your machine up and compromise the OS even though you may have locked it down to prevent live attacks. That the malware may capture the passphrase used to unlock an encrypted hard drives in the computer is an additional kick in the pants that one must be prepared to dodge.”

This entry was posted on Monday, June 30th, 2014 at 12:37 am and is filed under how-to, Linux, security, USB. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

2 Responses to “Linux security tip: moving your /boot partition to removable media”

  1. Max says:

    The original page does not seem to accept comments, so I’ll just put it here instead:

    This just screams for the obligatory xkcd reality check: https%://xkcd.com/538/ – unless of course you’re going for the “sumtin’ happ’ned to that darn thingie mid-flight sah, it just won’t boot” defence, which will stand for exactly 0.1 second once their resident IT guy takes a look at the laptop and realizes it never had any bootable partition at all.

    • Stefan says:

      Well, as I see it, its not whether it boots so they can search it with(or without) your consent.
      But them booting it and planting malicious software on it without your awareness while they search you with rubber gloves and cameras on sticks…

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • ian: No, that's exactly how it should be :) Sorry about missing names on comments, the theme is being reworked as we speak.
  • J. Peterson: Nice writeup. It looks like some of the formatting for your command examples needs some missing newlines?
  • Geert Jordaens: I'm not sure what kind of licensing I have to add since it is a fairly straight forward implementation of the adaptive Huffman Decoding. For...
  • erich: For anyone interested, I've added some c++ code for adaptive huffman decoding in the git repository.
  • Sjaak: I would add some more protection in the used trigger file (on the serverpilot site) then not using a standard name :) hopefully they use...