I have been using the Debian netinst cyptsetup+LVM (also available on Ububtu) on my machines for a while.
But after a forray into bootloader security on Motorola's Android phones, it occurs to me that the way Debian/Ubuntu installs this is inherently insecure. The kernel and grub are all unauthenticated during boot so how can you "trust" the prompt that's asking for your cryptsetup passphrase isn't a keylogger or worse?
I'm not having much luck with Google on this. I'm guessing the best bet is to rely on read-only boot media that you can authenticate independently? Say a boot write-once CD or USB stick with a read-only switch?
Is there some sort of linux boot CD that will load the kernel from inside the cryptsetup?
Basically how do you deal with the evil maid attack?
[link][13 comments]