Well TPM is a closed hardware-bound system that does this before boot (as far as I know). I was asking more for an open (software) system for doing so post-boot.
On 21 June 2016 at 10:23, Peter Hessler <phess...@theapt.org> wrote: > fwiw, this is literately the point of TPM. > > > On 2016 Jun 21 (Tue) at 10:19:21 +0300 (+0300), Theodoros wrote: > :Could someone trust a bootloader by e.g. having an aide-like system on > :boot, confirming its' authenticity as part of the boot process? > : > :Please share your thoughts. > : > : > : > :On 20 June 2016 at 14:36, Ivan Markin <t...@riseup.net> wrote: > :> Bodie: > :>> What is that security reason worth of not using default full disk > :>> encryption? > :> > :> Have a look at e.g. Evil Maid Attack [1]. One may want to bear a trusted > :> bootloader with themselves and leave raw full-encrypted drive in some > :> 'hostile' environment. > :> > :> [1] https://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html > :> > :> -- > :> Ivan Markin > : > > -- > The only really decent thing to do behind a person's back is pat it.
