maemo.org - Talk - View Single Post

CrashandDie	2009-10-23 , 09:23
Posts: 336 \| Thanked: 610 times \| Joined on Apr 2008 @ France	#21

Originally Posted by pinsh

Does maemo 5 support encrypted partitions using LUKS? I would like to have an AES encrypted partition for my home directory. This way if I loose the device (assuming the session is locked) the finder wont have access to my personal data on the device*. Has someone tried this? I'm wondering how the performance is.

*I assume the finder will reboot the device when trying to use/unlock it. I know that the encryption keys are in RAM when the partitions are mounted.. but I'm not paranoid enough to assume that the finder is sophisticated enough to somehow access them (i.e. gaining root access without rebooting or reading out the RAM via some kind of hardware adapter).

That's a lot of assumptions if you really care about security.

Other than that, no, the N900 doesn't support encrypted partitions (from what I can tell, correct me if I'm wrong, I haven't seen anything in the kernel that would do something like this). Also, at the moment there is no "session locking". This is not a full blown Gnome desktop.

Also, I have not tested this personally (and maybe the DSP could be used as a crypto processor?), but the performance would be absolutely horrible. Even on desktop computers, having software-encrypted partitions means you get a performance loss of around 30%. I always recommend my customers to go with hardware encryption where possible, as the extra load on the CPU and extra sluggishness of data access quickly becomes a drag for users.

I can only imagine that the CPU load on the N900 would make this solution highly unlikeable very, very quickly.

Edit: Full disclosure: I'm a security consultant and deal with these kind of implementations on a daily basis, well, not mobile.

Quote & Reply |

The Following User Says Thank You to CrashandDie For This Useful Post:
allnameswereout