IMO the way they did verified boot is even better. TPM style hardware assisted boot chain verification all the way down to a rolling full root filesystem hash list.
Sounds like a smartphone sure, except that it doesn't prevent running unsigned code it just detects tampering with standard executables. And it'll let you tamper all you want, it just warns you that they failed and allow you to choose to reload from a known good if you'd like.
Not that disk encryption isn't important, just that I'd bet 99% of data theft isn't local to the machine.
Nice to see a security implementation that is dealing with the current threat level (ie, fucked) but not using it as an excuse to lock out modification
Yes, the "Managing encryption keys" section was the most interesting part. I was wondering how they were going to protect the disk encryption key.
I'm not positive that a pure memory based key strengthening is all the useful though. Depends on how much time they think is too much to login, but considering the class of machine, I'd be worried if they aimed lower than one second.
You're trusting a lot more than Google. You're trusting unknown parties from your future who will be able to get subpoenas against you if they wish, should you ever inadvertently get into certain types of relationships with such as yet unknown parties.
Google is not the average person's enemy. If you are cheating on your wife, you don't want her to be able to open up your netbook and read all your emails about it. But if Google knows, it really doesn't matter -- Google is not your wife. Google could care less who you are sleeping with.
We actually don't know what Google cares about, nor do we (including you) know what Future Google cares about.
But your point is moot, because whether Google cares or not is irrelevant, if someone else gets a subpoena and Google hands out the keys and the data, which is conveniently backed up in the cloud.
Privacy isn't about doing things wrong and getting away with them.
If that's your rhetoric, why should my wife not have every right to catch me cheating? Privacy must be a terrible thing only useful to terrorists and adulterers, right?
Just be careful when you are defending something like this. I like my private life to be private, even when I'm not at a strip club.
looks like it's basically the same setup as mac os' filevault where each user has an encrypted, auto-expanding disk image that sits atop a normal filesystem.
Except on mac your data can leak into tmp or swap.
I was going to go on a rant about how encrypting home directories is practically pointless, and you really need full disk encryption if you're worried about people snooping, but was glad to see that the developers know where your info can leak...
PGP's Full Disk Encryption for Mac is a no-brainer... on my admittedly brand-new i7 MBP I can't see any lag or slowness yet I know everything is encrypted.
I do wish it would encrypt RAM during sleep, however.
I would word that as "Only if you don't explicitly disable it". Not trying to be super-pedantic, but I think it's important to note that the default is unencrypted, since most people probably won't change that default, especially when the feature isn't mentioned on the FileVault doc page.
But yeah, flip that switch if you're running OSX.
EDIT: Acutally looks like that is the default on Snow Leopard. Disregard this comment.
kgo may have been referring to how the contents of /private/tmp, /private/var/log and /private/var/tmp are not encrypted and may contain private information, such as com.apple.QuickLook.thumbnailcache.
I've had some success using scripts on the following website to plug these holes, but recently, I have been more concerned with my data's survivability than my privacy. Once that grad degree is done, I hope to return to a more secure approach.
Sounds like a smartphone sure, except that it doesn't prevent running unsigned code it just detects tampering with standard executables. And it'll let you tamper all you want, it just warns you that they failed and allow you to choose to reload from a known good if you'd like.
Not that disk encryption isn't important, just that I'd bet 99% of data theft isn't local to the machine.
Nice to see a security implementation that is dealing with the current threat level (ie, fucked) but not using it as an excuse to lock out modification
http://www.chromium.org/chromium-os/chromiumos-design-docs/v...