Solved

Preboot Authentication for Linux

Posted on 2009-07-06
7
972 Views
Last Modified: 2013-12-15
Is there any generic open source project for providing preboot authentication on Linux for all distributions
0
Comment
Question by:tittu
7 Comments
 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
Pre-boot? You mean bios should do that? Or boot-loader? Or initrd script?
And You want to authenticate against?

Since You are asking about linux, I'm assuming grub bootloader or initrd.
I haven't heard about any initrd auth related customization.
You could probably force grub to ask for password.
You also could run the linux on LUKS encrypted root device, one have to unlock the root device first to get to real OS.
0
 

Author Comment

by:tittu
Comment Utility
I have a driver module and source code which authenticates biometric thumb impression.
I coud able to place this authentication module before the login screen.
The requirement is to place the authetication module before uncompressing the kernel or at grub stage ?
Is it possible to access driver modules in grub ?.

How do i protect the root file system theft/copying using a rescue CD with this approach ?.

0
 
LVL 7

Accepted Solution

by:
diepes earned 500 total points
Comment Utility
Hi,
1. You will have to encrypt the HD, to protect against some one steeling the HD or using a rescue CD
     * There is a lot of howto's basic you have a small un-encrypted /boot  and all the rest (LVM) encrypted.
2. When the kernel and initrd.img load from the un-encrypted /boot they will ask for the encryption key, this can also be on a usb device.

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
No, grub isn't smart enough to run kernel modules. Sorry,it's merely boot loader.
What You probably could (but would have to build custom solution) is
- include the authentication into initrd script (after kernel is booted, before root filesystem unlocked/mounted)
- include the authentication into /sbin/init or upstart (after initrd is ready and root filesystem up).
0
 
LVL 1

Expert Comment

by:dontdig
Comment Utility
use trucypt
http://www.truecrypt.org/downloads

but firstly try on demo machine i.e virtual machine
0
 

Author Comment

by:tittu
Comment Utility
comment is not helpful
0
 

Author Closing Comment

by:tittu
Comment Utility
partially ok
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now