Linux security tip: moving your /boot partition to removable media

Posted on Monday, June 30th, 2014 in how-to, Linux, security, USB by the machinegeek

Today threats to your data can come from many quadrants. It’s not enough to protect against malicious online attacks; there’s the very real threat of government confiscating and examining the electronic devices carried by international travelers, and even planting spyware. In this post from “The Doctor”, we’re shown one way to mitigate this threat, which involves the use of a USB key that you work to keep out of the clutches of others at all times. He notes, “When you’re trying to fly into or out of an airport en route to someplace else, it is entirely possible that the airport’s security staff will take you aside for a more thorough search and questioning while your stuff is taken someplace out of your control and analyzed. We know that there are malware packages available today that boobytrap the boot device of laptop computers to install various forms of surveillance malware which run the next time you start your machine up and compromise the OS even though you may have locked it down to prevent live attacks. That the malware may capture the passphrase used to unlock an encrypted hard drives in the computer is an additional kick in the pants that one must be prepared to dodge.”

This entry was posted on Monday, June 30th, 2014 at 12:37 am and is filed under how-to, Linux, security, USB. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

2 Responses to “Linux security tip: moving your /boot partition to removable media”

  1. Max says:

    The original page does not seem to accept comments, so I’ll just put it here instead:

    This just screams for the obligatory xkcd reality check: https%:// – unless of course you’re going for the “sumtin’ happ’ned to that darn thingie mid-flight sah, it just won’t boot” defence, which will stand for exactly 0.1 second once their resident IT guy takes a look at the laptop and realizes it never had any bootable partition at all.

    • Stefan says:

      Well, as I see it, its not whether it boots so they can search it with(or without) your consent.
      But them booting it and planting malicious software on it without your awareness while they search you with rubber gloves and cameras on sticks…

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Daniel: Do I comment here or on FB?
  • Craig B: Shouldn't the default be 00xxx010? Note that bit 0 appears out of order in the documentation. In that case I think the initial value is...
  • JJM: From the datasheet extract you are showing, the power up status should be 00xxx010, not 000xxx01. Bit numbering is misleading since 'measurement resolution' is apparently...
  • Jan Ciger (@janoc200): Hmm, that could actually explain why the three sensor IMU breakout I have bought a few years ago had all sorts of issues - I...
  • Travis: Is it preset to the windows 3 fingered salute?