At cebit I talked to some company doing that for windows: they encrypt the filesystem and use an aladdin etoken as key storage. They use the binary win32 dll / windows driver and jump into the code at some specified place to access it. argh. I don't think it can be worse.
I have heard of several boot protection solutions for windows: e.g.: Compusec's eIdentity ( works with a repacked eToken Pro ) or SafeBoot from Controlbreak. But I could not find anything for linux. Somewhere on Aladdins website I have found a document that says that there exists a SDK for boot protection for eTokens. That might be the reason why all companies that offer boot protection use the eTokens.
for linux: why not encrypt all partitions, and use opensc to decrypt? I haven't done it myself, but it shouldn't be too difficult to do. use loop device with crypto option. store the key in the token. use an init ramdisk with opensc/openct to load the key from initial stage.
We also have thought of encrypting all partitions. But boot protection and file encryption are just not the same things. What we want is boot protection.
I don't know how to access usb devices from boot code. But if that is possible, it should be easy to reimplement the necessary parts. All you need is to read the serial number of the usb token and compare it to a list.
I know that it is possible to access usb devices from boot code ( some companies do just that ), but I could not find any documentation for that on the net. Once I have heard that IBM has a kind of api for there BIOSES that can do that. But I could never verify this rumour. Maybe someone here on this list knows more ?
Cheers,
Arno
-- Mr Arno Wilhelm phion Information Technologies GmbH System Engineer Eduard-Bodem-Gasse 1 A-6020 Innsbruck www.phion.com tel: +43 512 39 45 45 fax: +43 512 39 45 45 20
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
