0
These are my notes on how to set up a system securely, in a way that
would prevent attackers from being capable of performing an “evil
maid attack”.
The threat model
You have a Linux server that you want to protect against data theft
and other backdoors. The attacker can get physical access to your
hardware, for example by having access to the server room that houses
your rack.
Your attacker is funded, but not super well funded. This will not
protect you against intelligence agencies.
The attacker can buy a new server that looks just like the one you
have. You will not be able to tell the difference from physical
inspection.
You want to know that it’s safe to log in to your server after a
suspicious power outage or reboot.
This solution assumes that once the system is booted and you log in,
you have access to the secret data. In other words, this is not a
protection for gaming consoles or kiosks.
Overview of the solution
First of all, full disk encryption using dm-crypt. Obviously. (other
FDE also acceptable, of course)
Walking up to the server and typing the passphrase every reboot is not
only tedious Continue reading