[ltp] Lock HDD on reboot
Peter G.
linux-thinkpad@linux-thinkpad.org
Mon, 23 Jan 2012 12:11:15 +0100 (CET)
On 2012-01-23 11:57, Marius Gedminas wrote:
> On Wed, Jan 18, 2012 at 01:23:26PM +0100, Ole Langbehn wrote:
>> On 17.01.2012 00:07, Johannes Bittner wrote:
>>> I have a Thinkpad X220 with an Intel 320 SSD (which has hardware
>>> acceleration). When I power on the notebook, it asks me for the
>>> password. When rebooting however, the disk remains unlocked.
>>>
>>> Is there some setting to lock the disk automatically when the system
>>> is rebooted? Otherwise, one could simply reboot with Ctrl+Alt+Del and
>>> access my data.
>> Thinking out of the box:
>>
>> You could disable the three-finger-salute completely [1]. That way a
>> reboot is not possible, the attacker could only power down the machine
>> via the power button, and you're all set again.
>>
>> [1]
>> http://www.cyberciti.biz/tips/linux-disable-the-ctrl-alt-del-shutdown.html
> Don't forget Alt+SysRq+S,U,B.
>
> Marius Gedminas
Add kexec to the list, it will load a new kernel and do a warm reboot.
OTOH if the attacker can load a new kernel and execute kexec are rather
badly compromised anyway.
Greets,
Peter G.