Solved

Preboot Authentication for Linux

Posted on 2009-07-06
7
1,001 Views
Last Modified: 2013-12-15
Is there any generic open source project for providing preboot authentication on Linux for all distributions
0
Comment
Question by:tittu
7 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 24786923
Pre-boot? You mean bios should do that? Or boot-loader? Or initrd script?
And You want to authenticate against?

Since You are asking about linux, I'm assuming grub bootloader or initrd.
I haven't heard about any initrd auth related customization.
You could probably force grub to ask for password.
You also could run the linux on LUKS encrypted root device, one have to unlock the root device first to get to real OS.
0
 

Author Comment

by:tittu
ID: 24791918
I have a driver module and source code which authenticates biometric thumb impression.
I coud able to place this authentication module before the login screen.
The requirement is to place the authetication module before uncompressing the kernel or at grub stage ?
Is it possible to access driver modules in grub ?.

How do i protect the root file system theft/copying using a rescue CD with this approach ?.

0
 
LVL 7

Accepted Solution

by:
diepes earned 500 total points
ID: 24792053
Hi,
1. You will have to encrypt the HD, to protect against some one steeling the HD or using a rescue CD
     * There is a lot of howto's basic you have a small un-encrypted /boot  and all the rest (LVM) encrypted.
2. When the kernel and initrd.img load from the un-encrypted /boot they will ask for the encryption key, this can also be on a usb device.

0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 43

Expert Comment

by:ravenpl
ID: 24792065
No, grub isn't smart enough to run kernel modules. Sorry,it's merely boot loader.
What You probably could (but would have to build custom solution) is
- include the authentication into initrd script (after kernel is booted, before root filesystem unlocked/mounted)
- include the authentication into /sbin/init or upstart (after initrd is ready and root filesystem up).
0
 
LVL 1

Expert Comment

by:dontdig
ID: 24792610
use trucypt
http://www.truecrypt.org/downloads

but firstly try on demo machine i.e virtual machine
0
 

Author Comment

by:tittu
ID: 25366341
comment is not helpful
0
 

Author Closing Comment

by:tittu
ID: 31600181
partially ok
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to get maximum transfer speed over LAN 4 104
How to update  and reset admin password for Linux 5 65
LogmeIn using Linux Ubuntu 16.04 6 63
Moving from Mcrypt to OpenSSL 18 45
This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question