You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2011-08-09 14:50:51
- archlinux2011
- Member
- Registered: 2011-07-16
- Posts: 38
secure boot question and user question
would it be safe and possible to say install just the boot partition to a 32mb sd card keeping everything else on the main hard drive? maybe having the /root on a USB drive to avoid anyone using su to get to it and making it accessible for emergency purposes. i would also encrypt my home folder.
does the above sound like a viable idea? and i am assuming so long as i install the card reader drivers during the initial setup i can just dd /boot/ over to the sd card.
also on my arch installs i installed sudo and added my username to wheel which i gave all permissions with password. this should be safe and i should never need to actually su to root correct? or are there some advantages to su to root?
Offline
#2 2011-08-09 14:55:53
- Mr.Elendig
- #archlinux@freenode channel op
- From: The intertubes
- Registered: 2004-11-07
- Posts: 4,092
Re: secure boot question and user question
If you are going to encrypt anything, encrypt everything, else it will be trivial to get around it. And imo full root power trough sudo is less secure than using the root account, since it is one less barrier.
Evil #archlinux@libera.chat channel op and general support dude.
. files on github, Screenshots, Random pics and the rest
Offline
#3 2011-08-10 12:14:11
- archlinux2011
- Member
- Registered: 2011-07-16
- Posts: 38
Re: secure boot question and user question
any other thoughts?
Offline
#4 2011-08-10 14:27:04
- ANOKNUSA
- Member
- Registered: 2010-10-22
- Posts: 2,141
Re: secure boot question and user question
I'm guessing you might have seen something like this? I wanted to try that myself, but it apparently only works if your card can be picked up by the mobo as an internal drive. Supposedly there's a way to hack or flash certain brands and models to achieve this, but I haven't looked into it in a while. My card reader uses a USB internal connection, so it can't be used as-is: on boot, my BIOS searches only the selected source for the necessary files, so I can't have /boot on /dev/sdb grab the initramfs from /dev/sda1. It could be entirely dependent on you board and BIOS, or may require extra work, but it's possible. You'll just need to do some work to get the info for your machine.
Offline
#5 2011-08-10 16:08:20
- archlinux2011
- Member
- Registered: 2011-07-16
- Posts: 38
Re: secure boot question and user question
that seems more work than it is worth but what about the sudo vs su root question? i setup sudo on my vm but i am wondering what is the best practice for this?
Offline
Pages: 1