Cov txheej txheem saum toj no ib nrab daws cov teeb meem ntawm "qhov chaw taws teeb khau raj rau lub flash drive", tso cai rau koj txaus siab rau encrypted OS Windows / Linux thiab pauv cov ntaub ntawv ntawm "encrypted channel" los ntawm ib qho OS mus rau lwm qhov.
PC khau raj xaj (ib qho ntawm cov kev xaiv):
tig lub tshuab;
loading lub VeraCrypt bootloader (Kev nkag mus rau tus password kom raug yuav txuas ntxiv rau khau raj Windows 7);
GRUB2 khau raj loader (xaiv kev faib khoom / GNU / Linux / CLI), yuav xav tau authentication ntawm GRUB2 superuser <login/password>;
Tom qab ua tiav kev lees paub thiab xaiv qhov kev faib tawm, koj yuav tsum nkag mus rau tus lej lej txhawm rau qhib “/boot/initrd.img”;
Tom qab nkag mus rau qhov yuam kev-dawb passwords, GRUB2 yuav "yuav tsum tau" tus password nkag (thib peb, BIOS lo lus zais lossis GNU / Linux tus neeg siv tus lej password - tsis xav txog) txhawm rau qhib thiab khau raj GNU / Linux OS, lossis hloov pauv tsis siv neeg ntawm tus yuam sij zais cia (ob tus password + tus yuam sij, lossis tus password + tus yuam sij);
Kev nkag mus sab nraud rau hauv GRUB2 kev teeb tsa yuav ua rau GNU / Linux khau raj txheej txheem.
Teeb meem? Ok, cia peb mus automate cov txheej txheem.
Thaum partitioning lub hard drive (MBR rooj) Ib lub PC tuaj yeem muaj tsis pub ntau tshaj 4 qhov tseem ceeb, lossis 3 lub ntsiab thiab ib qho txuas ntxiv, nrog rau thaj chaw uas tsis tau faib. Ib ntu txuas ntxiv, tsis zoo li qhov tseem ceeb, tuaj yeem muaj cov ntu ntu (logical drives = txuas ntxiv muab faib). Hauv lwm lo lus, "kev faib tawm txuas ntxiv" ntawm HDD hloov LVM rau txoj haujlwm ntawm tes: tag nrho cov txheej txheem encryption. Yog tias koj lub disk muab faib ua 4 qhov tseem ceeb, koj yuav tsum siv lvm, lossis hloov pauv (nrog formatting) ntu los ntawm lub ntsiab mus rau qib siab, lossis ntse siv tag nrho plaub ntu thiab tawm txhua yam raws li, tau txais qhov xav tau. Txawm hais tias koj muaj ib qho kev faib tawm ntawm koj lub disk, Gparted yuav pab koj faib koj HDD (rau seem ntxiv) tsis muaj cov ntaub ntawv poob, tab sis tseem muaj lub txim me me rau cov kev ua no.
Lub tswv yim ntawm lub hard drive layout, nyob rau hauv kev sib raug zoo rau tag nrho cov kab lus yuav hais lus, yog nthuav tawm nyob rau hauv cov lus hauv qab no.
Table (No. 1) ntawm 1TB partitions.
Koj yuav tsum muaj ib yam dab tsi zoo sib xws thiab.
sda1 - lub ntsiab muab faib No. 1 NTFS (encrypted);
sda2 - txuas ntxiv ntu cim;
sda6 - logical disk (nws muaj GRUB2 bootloader ntsia);
sda8 - swap (encrypted swap file / tsis tas li);
sda9 - xeem logical disk;
sda5 - logical disk rau cov xav paub;
sda7 - GNU/Linux OS (hloov OS mus rau encrypted logical disk);
sda3 - lub ntsiab muab faib No. 2 nrog Windows 7 OS (encrypted);
sda4 - ntu ntu 3 (nws muaj unencrypted GNU / Linux, siv rau thaub qab / tsis tas li).
[A] Windows 7 System Block Encryption
A1. VeraCrypt
Download tau los ntawm official site, los yog los ntawm daim iav Sourceforge installation version ntawm VeraCrypt cryptographic software (thaum lub sijhawm tshaj tawm ntawm tsab xov xwm v1.24-Hloov tshiab3, lub portable version ntawm VeraCrypt tsis haum rau qhov system encryption). Xyuas cov checksum ntawm lub downloaded software
Tom qab ua tiav ntawm kev teeb tsa / tsim "cov metadata tshwj xeeb" ntawm qhov muab faib ua ke encrypted, VeraCrypt yuav muab rov pib lub PC thiab sim ua haujlwm ntawm nws lub bootloader. Tom qab rebooting / pib Windows, VeraCrypt yuav thauj khoom hauv hom standby, txhua yam uas tseem tshuav yog kom paub meej tias cov txheej txheem encryption - Y.
Ntawm cov kauj ruam kawg ntawm kev encryption system, VeraCrypt yuav muab los tsim ib daim ntawv luam theej ntawm lub hauv paus ntawm kev ua haujlwm encrypted muab faib nyob rau hauv daim ntawv ntawm "veracrypt cawm disk.iso" - qhov no yuav tsum tau ua - nyob rau hauv no software xws li ib tug kev khiav hauj lwm yog ib tug yuav tsum tau (hauv LUKS, raws li qhov yuav tsum tau muaj - qhov no yog hmoov tsis raug tshem tawm, tab sis tseem ceeb hauv cov ntaub ntawv). Kev cawm disk yuav tuaj yeem ua ke rau txhua tus, thiab rau qee qhov ntau dua ib zaug. Poob (header/MBR rov sau dua) ib daim ntawv luam theej ntawm lub header yuav mus tas li tsis kam nkag mus rau qhov muab faib decrypted nrog OS Windows.
Tsim ib tug cawm disk nyob rau hauv lub qhov rais ib puag ncig yog txawv. Tus tsim tawm ntawm VeraCrypt tsis suav nrog kev daws teeb meem rau qhov teeb meem no hauv kev ua haujlwm cov ntaub ntawv los ntawm "rescue disk", tab sis tau thov ib qho kev daws teeb meem nyob rau hauv ib txoj kev sib txawv: nws tshaj tawm software ntxiv rau kev tsim "usb cawm disk" rau kev nkag dawb ntawm nws lub rooj sib tham VeraCrypt. Tus archivist ntawm no software rau Windows yog "tsim usb veracrypt cawm disk". Tom qab txuag cawm disk.iso, cov txheej txheem ntawm thaiv qhov system encryption ntawm cov kev faib ua haujlwm yuav pib. Thaum lub sij hawm encryption, lub lag luam ntawm lub OS tsis nres; lub PC restart tsis tas yuav tsum tau. Tom qab ua tiav ntawm kev ua haujlwm encryption, cov kev faib ua haujlwm tau ua tiav encrypted thiab tuaj yeem siv tau. Yog hais tias lub VeraCrypt khau raj loader tsis tshwm sim thaum koj pib lub PC, thiab lub header rov qab ua hauj lwm tsis pab, ces kos lub "boot" chij, nws yuav tsum tau teem rau lub partition qhov twg Windows yog tam sim no. (tsis hais txog kev encryption thiab lwm yam OS, saib cov lus No. 1). Qhov no ua tiav cov lus piav qhia ntawm thaiv qhov system encryption nrog Windows OS.
Kev xaiv:
* luksFormat - pib ntawm LUKS header;
* /dev/sda7 yog koj lub neej yav tom ntej encrypted logical disk;
* -v lus;
* -y passphrase;
* -c xaiv cov ntaub ntawv encryption algorithm;
* -s encryption tus yuam sij loj;
* -h hashing algorithm/crypto muaj nuj nqi, RNG siv (--siv-urandom) los tsim kom muaj qhov tshwj xeeb encryption / decryption tus yuam sij rau lub logical disk header, tus yuam sij thib ob (XTS); tus yuam sij tus tswv tshwj xeeb khaws cia hauv qhov encrypted disk header, tus yuam sij XTS thib ob, tag nrho cov metadata thiab cov txheej txheem encryption uas, siv tus yuam sij tus tswv thiab tus yuam sij thib ob XTS, encrypts / decrypts cov ntaub ntawv ntawm qhov muab faib. (tsuas yog lub npe ntu) khaws cia rau hauv ~ 3MB ntawm qhov xaiv hard disk muab faib.
* -i iterations hauv milliseconds, es tsis txhob "nqi" (lub sijhawm ncua sijhawm thaum ua cov lus hla cuam tshuam rau kev thauj khoom ntawm OS thiab lub zog cryptographic ntawm cov yuam sij). Txhawm rau tswj hwm qhov sib npaug ntawm lub zog cryptographic, nrog tus password yooj yim xws li "Lavxias teb sab" koj yuav tsum tau nce tus nqi -(i); nrog rau lo lus zais nyuaj xws li "?8dƱob/øfh" tus nqi tuaj yeem txo qis.
* -siv-urandom random tooj generator, tsim cov yuam sij thiab ntsev.
Tom qab daim ntawv qhia txog ntu sda7> sda7_crypt (kev khiav hauj lwm yog ceev, txij li thaum ib tug encrypted header yog tsim nrog ~ 3 MB ntawm metadata thiab tag nrho cov), koj yuav tsum format thiab mount lub sda7_crypt cov ntaub ntawv system.
B2.3. Kev sib piv
cryptsetup open /dev/sda7 sda7_crypt
#выполнение данной команды запрашивает ввод секретной парольной фразы.
kev xaiv:
* qhib - phim rau ntu "nrog lub npe";
* /dev/sda7 -logical disk;
* sda7_crypt - lub npe daim ntawv qhia uas yog siv los mount lub encrypted muab faib los yog pib thaum lub OS khau raj.
B2.4. Formatting sda7_crypt cov ntaub ntawv system rau ext4. Mounting lub disk hauv OS(Ceeb Toom: koj yuav tsis tuaj yeem ua haujlwm nrog qhov muab faib encrypted hauv Gparted)
#форматирование блочного шифрованного устройства
mkfs.ext4 -v -L DebSHIFR /dev/mapper/sda7_crypt
kev xaiv:
* -v - hais lus;
* -L - disk daim ntawv lo (uas tshwm sim hauv Explorer ntawm lwm cov disks).
Tom ntej no, koj yuav tsum mount lub virtual-encrypted thaiv ntaus ntawv /dev/sda7_crypt rau lub system
mount /dev/mapper/sda7_crypt /mnt
Ua hauj lwm nrog cov ntaub ntawv nyob rau hauv lub / mnt nplaub tshev yuav cia li encrypt / decrypt cov ntaub ntawv nyob rau hauv sda7.
Nws yooj yim dua rau daim ntawv qhia thiab mount qhov muab faib hauv Explorer (nautilus/caja GUI), qhov muab faib yuav twb nyob rau hauv daim ntawv xaiv disk, tag nrho cov uas tseem tshuav yog nkag mus rau tus password rau qhib / decrypt lub disk. Lub npe sib phim yuav raug xaiv tau thiab tsis yog "sda7_crypt", tab sis qee yam xws li /dev/mapper/Luks-xx-xx...
Tsim ib daim nplaub tshev /mnt2 (Ceeb toom - peb tseem ua haujlwm nrog usb nyob, sda7_crypt yog mounted ntawm /mnt), thiab mount peb GNU / Linux hauv / mnt2, uas yuav tsum tau encrypted.
mkdir /mnt2
mount /dev/sda4 /mnt2
Peb ua qhov tseeb OS hloov pauv siv Rsync software
rsync -avlxhHX --progress /mnt2/ /mnt
Cov kev xaiv Rsync tau piav qhia hauv kab lus E1.
Tsis tas li ntawd, yog tsim nyog defragment lub logical disk muab faib
e4defrag -c /mnt/ #после проверки, e4defrag выдаст, что степень дефрагментации раздела~"0", это заблуждение, которое может вам стоить существенной потери производительности!
e4defrag /mnt/ #проводим дефрагментацию шифрованной GNU/Linux
Ua nws txoj cai: ua e4defrag ntawm encrypted GNU / LInux ib ntus yog tias koj muaj HDD. Kev hloov pauv thiab synchronization [GNU/Linux> GNU/Linux-encrypted] ua tiav ntawm cov kauj ruam no.
AT 4. Teeb tsa GNU/Linux ntawm qhov muab faib sda7 encrypted
Tom qab ua tiav kev xa cov OS / dev / sda4 > / dev / sda7, koj yuav tsum nkag mus rau GNU / Linux ntawm qhov muab faib encrypted thiab ua tiav kev teeb tsa ntxiv. (tsis muaj rebooting PC) txheeb ze rau qhov system encrypted. Ntawd yog, yuav tsum nyob hauv usb, tab sis ua kom tiav cov lus txib "txog rau hauv paus ntawm lub encrypted OS." "chroot" yuav simulate qhov xwm txheej zoo sib xws. Txhawm rau kom tau txais cov ntaub ntawv sai sai ntawm OS uas koj tab tom ua haujlwm tam sim no (encrypted lossis tsis, vim cov ntaub ntawv hauv sda4 thiab sda7 yog synchronized), desynchronize OS. Tsim hauv paus directory (sda4/sda7_crypt) cov ntaub ntawv khoob khoob, piv txwv li, /mnt/encryptedOS thiab /mnt2/decryptedOS. Ceev nrooj xyuas seb koj nyob OS dab tsi (nrog rau yav tom ntej):
Xaiv
* swap - mapped lub npe thaum encrypting /dev/mapper/swap.
* /dev/sda8 - siv koj qhov kev muab faib rau kev sib pauv.
* / dev / urandom - generator ntawm random encryption yuam sij rau kev sib pauv (nrog txhua OS khau raj tshiab, cov yuam sij tshiab raug tsim). Lub /dev/urandom generator yog tsawg random tshaj /dev/random, tom qab tag nrho /dev/random yog siv thaum ua hauj lwm nyob rau hauv tej yam txaus ntshai paranoid. Thaum loading OS, /dev/random slows down loading rau ob peb ± feeb (saib systemd-analyze).
* swap,cipher=twofish-xts-plain64, loj=512,hash=sha512: -qhov muab faib paub tias nws yog swap thiab yog formatted "raws li"; encryption algorithm.
#Открываем и правим fstab
nano /etc/fstab
peb kho
# sib pauv tau rau / dev / sda8 thaum lub sijhawm nruab
/dev/mapper/swap none swap sw 0 0
/dev/mapper/swap yog lub npe uas tau teem rau hauv crypttab.
Alternative encrypted swap
Yog tias vim qee yam koj tsis xav muab tag nrho cov muab faib rau cov ntaub ntawv sib pauv, ces koj tuaj yeem mus rau lwm txoj hauv kev zoo dua: tsim cov ntaub ntawv sib pauv hauv cov ntaub ntawv ntawm qhov muab faib ua ke nrog OS.
fallocate -l 3G /swap #создание файла размером 3Гб (почти мгновенная операция)
chmod 600 /swap #настройка прав
mkswap /swap #из файла создаём файл подкачки
swapon /swap #включаем наш swap
free -m #проверяем, что файл подкачки активирован и работает
printf "/swap none swap sw 0 0" >> /etc/fstab #при необходимости после перезагрузки swap будет постоянный
Kev teeb tsa swap muab faib ua tiav.
B4.4. Teeb tsa encrypted GNU/Linux (hloov crypttab/fstab cov ntaub ntawv)Cov ntaub ntawv /etc/crypttab, raws li sau los saum toj no, piav qhia txog cov khoom siv thaiv thaiv encrypted uas tau teeb tsa thaum lub kaw lus kaw.
#правим /etc/crypttab
nano /etc/crypttab
yog tias koj phim sda7>sda7_crypt seem raws li hauv kab lus B2.1
Yog tias koj phim sda7> sda7_crypt seem raws li hauv kab lus B2.1 lossis B2.2, tab sis tsis xav rov nkag tus password kom qhib thiab khau raj OS, tom qab ntawd hloov tus password koj tuaj yeem hloov pauv tus yuam sij zais cia / random ntaub ntawv
B4.5.3. Kho qhov /etc/default/grub config (qhov kev teeb tsa no yog lub luag haujlwm rau lub peev xwm los tsim grub.cfg thaum ua haujlwm nrog encrypted / khau raj)
Qhov no yuav ntim cov yuam sij zais cia "skey" rau hauv initrd.img, tus yuam sij yog xav tau los qhib lub hauv paus thaum OS khau raj (yog tias koj tsis xav nkag mus rau tus password dua, tus yuam sij "skey" hloov pauv rau lub tsheb).
C2. Mount /dev/sda6 rau /mntYog li peb ua haujlwm hauv chroot, ces yuav tsis muaj / mnt2 directory hauv paus, thiab / mnt nplaub tshev yuav khoob.
mount GRUB2 muab faib
mount /dev/sda6 /mnt
Yog hais tias koj muaj ib tug laus version ntawm GRUB2 ntsia, nyob rau hauv lub /mnt/boot/grub/i-386-pc directory (lwm lub platform yog ua tau, piv txwv li, tsis yog "i386-pc") tsis muaj crypto modules (hauv luv luv, daim nplaub tshev yuav tsum muaj cov qauv, suav nrog cov .mod: cryptodisk; luks; gcry_twofish; gcry_sha512; signature_test.mod), Hauv qhov no, GRUB2 yuav tsum tau shaken.
apt-get update
apt-get install grub2
Tseem ceeb! Thaum hloov kho GRUB2 pob los ntawm lub chaw cia khoom, thaum nug "txog xaiv" qhov twg rau nruab lub bootloader, koj yuav tsum tsis kam lees lub installation. (yog vim li cas - sim rau nruab GRUB2 - hauv "MBR" lossis ntawm usb nyob). Txwv tsis pub koj yuav ua rau VeraCrypt header/loader puas. Tom qab hloov kho GRUB2 tej pob khoom thiab tshem tawm lub installation, khau raj loader yuav tsum tau ntsia manually ntawm lub logic disk, thiab tsis nyob rau hauv lub MBR. Yog tias koj qhov chaw khaws cia muaj qhov tsis tu ncua ntawm GRUB2, sim hloov tshiab nws yog los ntawm lub vev xaib official - tsis tau kuaj xyuas nws (ua haujlwm nrog qhov tseeb GRUB 2.02 ~ BetaX bootloaders).
C4. Tsim cov ntaub ntawv teeb tsa [grub.cfg]Tsis nco qab txog "hloov-grub2" hais kom ua, thiab siv tag nrho cov ntaub ntawv tsim tawm cov lus txib
grub-mkconfig -o /mnt/boot/grub/grub.cfg
Tom qab ua tiav cov tiam / hloov tshiab ntawm cov ntaub ntawv grub.cfg, cov khoom siv hluav taws xob yuav tsum muaj kab (s) nrog OS pom ntawm lub disk ("grub-mkconfig" tej zaum yuav pom thiab khaws OS los ntawm lub neej nyob usb, yog tias koj muaj multiboot flash drive nrog Windows 10 thiab ib pawg ntawm cov khoom siv nyob - qhov no yog qhov qub). Yog hais tias lub davhlau ya nyob twg yog "tsis muaj" thiab cov ntaub ntawv "grub.cfg" tsis tsim, ces qhov no yog tib yam thaum muaj GRUB kab nyob rau hauv lub system. (thiab feem ntau yuav yog lub loader los ntawm lub xeem ceg ntawm lub repository), rov nruab GRUB2 los ntawm qhov chaw ntseeg siab. Kev teeb tsa "kev teeb tsa yooj yim" thiab GRUB2 teeb tsa tiav.
C5. Cov ntaub ntawv pov thawj ntawm encrypted GNU/Linux OSPeb ua tiav lub hom phiaj crypto kom raug. Ua tib zoo tso GNU/Linux encrypted (exit chroot ib puag ncig).
umount -a #размонтирование всех смонтированных разделов шифрованной GNU/Linux
Ctrl+d #выход из среды chroot
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount -a #размонтирование всех смонтированных разделов на live usb
reboot
Tom qab rebooting lub PC, VeraCrypt bootloader yuav tsum thauj khoom.
* Nkag mus rau tus password rau qhov kev faib ua haujlwm yuav pib thauj khoom Windows.
* Nias tus yuam sij "Esc" yuav hloov kev tswj rau GRUB2, yog tias koj xaiv encrypted GNU/Linux - tus password (sda7_crypt) yuav tsum tau qhib /boot/initrd.img (yog tias grub2 sau uuid "tsis pom" - qhov no yog ib qho teeb meem nrog lub grub2 bootloader, nws yuav tsum tau reinstalled, piv txwv li, los ntawm kuaj ceg / ruaj khov thiab lwm yam).
* Nyob ntawm seb koj teeb tsa lub kaw lus li cas (saib kab lus B4.4/4.5), tom qab nkag mus rau qhov tseeb lo lus zais kom qhib lub /boot/initrd.img duab, koj yuav xav tau tus password kom thauj khoom OS kernel/root, lossis zais cia tus yuam sij yuav tau txais kev hloov pauv "skey", tshem tawm qhov xav tau rov nkag mus rau lo lus zais.
(screen "automatic hloov pauv ntawm tus yuam sij zais cia").
* Tom qab ntawd cov txheej txheem paub txog kev thauj khoom GNU / Linux nrog cov neeg siv kev lees paub tus lej yuav ua raws.
* Tom qab tus neeg siv tso cai thiab nkag mus rau OS, koj yuav tsum hloov kho /boot/initrd.img dua (saib B4.6).
mount /dev/sda6 /mnt
grub-mkconfig -o /mnt/boot/grub/grub.cfg
Cov ntsiab lus ceev ceev ntawm GNU / Linux system encryption:
GNU/Linuxinux yog encrypted tag nrho, suav nrog /boot/kernel thiab initrd;
tus yuam sij zais cia tau ntim rau hauv initrd.img;
txoj kev tso cai tam sim no ( nkag mus rau tus password kom qhib lub initrd; lo lus zais / tus yuam sij rau khau raj OS; lo lus zais rau kev tso cai rau Linux account).
"Yooj Yim GRUB2 Configuration" system encryption ntawm qhov thaiv kev faib ua tiav.
C6. Advanced GRUB2 configuration. Kev tiv thaiv Bootloader nrog digital kos npe + kev tiv thaiv kev lees paubGNU / Linux yog encrypted kiag li, tab sis lub bootloader tsis tuaj yeem encrypted - qhov xwm txheej no tau hais los ntawm BIOS. Vim li no, chained encrypted khau raj ntawm GRUB2 yog tsis tau, tab sis ib tug yooj yim chained khau raj yog ua tau / muaj, tab sis los ntawm ib tug kev ruaj ntseg taw tes ntawm view nws tsis tsim nyog [saib P. F].
Rau "qhov tsis yooj yim" GRUB2, cov neeg tsim khoom siv "kos npe / lees paub" bootloader tiv thaiv algorithm.
Thaum lub bootloader tiv thaiv los ntawm "nws tus kheej kos npe digital," kev hloov kho sab nraud ntawm cov ntaub ntawv, lossis kev sim thauj cov modules ntxiv hauv qhov bootloader no, yuav ua rau cov txheej txheem khau raj raug thaiv.
Thaum tiv thaiv lub bootloader nrog authentication, txhawm rau xaiv cov khoom xa tawm, lossis nkag mus rau cov lus txib ntxiv hauv CLI, koj yuav tsum nkag mus rau tus ID nkag mus thiab lo lus zais ntawm superuser-GRUB2.
C6.1. Bootloader authentication tiv thaivTxheeb xyuas tias koj ua haujlwm hauv lub davhlau ya nyob twg ntawm qhov encrypted OS
ls /<Tab-Tab> #обнаружить файл-маркер
tsim tus superuser password rau kev tso cai hauv GRUB2
xaiv
* --force - nruab lub bootloader, hla tag nrho cov lus ceeb toom uas ib txwm muaj (yuav tsum tau chij).
* —modules="gcry_sha256 gcry_sha512 signature_test gcry_dsa gcry_rsa" - qhia GRUB2 kom preload cov tsim nyog modules thaum lub PC pib.
* -k ~ / perkey -path rau "PGP yuam sij" (tom qab ntim tus yuam sij rau hauv daim duab, nws tuaj yeem raug tshem tawm).
* --root-directory - teem caij khau raj rau hauv paus ntawm sda6
/dev/sda6 - koj sdaX muab faib.
Generating/updating grub.cfg
grub-mkconfig -o /mnt/boot/grub/grub.cfg
Ntxiv cov kab "trust /boot/grub/perskey" mus rau qhov kawg ntawm cov ntaub ntawv "grub.cfg" (yuav tsum siv pgp key.) Txij li thaum peb tau teeb tsa GRUB2 nrog cov txheej txheem, suav nrog cov ntawv kos npe "signature_test.mod", qhov no tshem tawm qhov xav tau ntxiv cov lus txib xws li "set check_signatures = enforce" rau qhov teeb tsa.
Nws yuav tsum zoo li no (kawg kab hauv grub.cfg file)
### BEGIN /etc/grub.d/41_custom ###
yog [-f ${config_directory}/custom.cfg]; ces
qhov chaw ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; ces
qhov chaw $prefix/custom.cfg;
fi
ntseeg /boot/grub/perskey
teem superusers = "root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
### END /etc/grub.d/41_custom ###
#
Txoj kev mus rau "/boot/grub/perskey" tsis tas yuav tsum tau taw qhia rau ib qho kev faib disk tshwj xeeb, piv txwv li hd0,6; rau lub bootloader nws tus kheej, "hauv paus" yog txoj hauv kev ntawm qhov muab faib uas GRUB2 tau teeb tsa. (saib set rot=..).
Kos npe GRUB2 (tag nrho cov ntaub ntawv nyob rau hauv tag nrho / GRUB directory) nrog koj tus yuam sij "perskey".
Ib qho kev daws teeb meem yooj yim ntawm kev kos npe (rau nautilus/caja explorer): nruab qhov "seahorse" txuas ntxiv rau Explorer los ntawm qhov chaw cia khoom. Koj tus yuam sij yuav tsum tau muab ntxiv rau hauv ib puag ncig su.
Qhib Explorer nrog sudo "/ mnt / boot" - RMB - kos npe. Ntawm qhov screen nws zoo li no
Tus yuam sij nws tus kheej yog "/ mnt/boot/grub/perskey" (copy rau grub directory) yuav tsum tau kos npe nrog koj tus kheej kos npe. Xyuas tias [*.sig] cov ntaub ntawv kos npe tshwm nyob rau hauv cov npe / subdirectories.
Siv cov kev piav qhia saum toj no, kos npe "/ khau raj" (peb cov kernel, initrd). Yog tias koj lub sijhawm muaj nqis dab tsi, ces txoj kev no tshem tawm qhov xav tau sau ntawv bash kos npe rau "ntau cov ntaub ntawv."
1) Peb tsim ib tsab ntawv uas tsis muaj qhov txuas ntxiv hauv lub hauv paus ntawm lub encrypted OS ~ / podpis, siv qhov tsim nyog 744 kev ruaj ntseg txoj cai thiab kev tiv thaiv tsis zoo rau nws.
Sau nws cov ntsiab lus
#!/bin/bash
#Проверка всего раздела выделенного под загрузчик GRUB2 на неизменность.
#Ведется лог "о вторжении/успешной проверке каталога", короче говоря ведется полный лог с тройной вербализацией. Внимание! обратить взор на пути: хранить ЦП GRUB2 только на зашифрованном разделе OS GNU/Linux.
echo -e "******************************************************************n" >> '/var/log/podpis.txt' && date >> '/var/log/podpis.txt' && hashdeep -vvv -a -k '/podpis.txt' -r '/media/username/GRUB' >> '/var/log/podpis.txt'
a=`tail '/var/log/podpis.txt' | grep failed` #не использовать "cat"!!
b="hashdeep: Audit failed"
#Условие: в случае любых каких-либо изменений в разделе выделенном под GRUB2 к полному логу пишется второй отдельный краткий лог "только о вторжении" и выводится на монитор мигание gif-ки "warning".
if [[ "$a" = "$b" ]]
then
echo -e "****n" >> '/var/log/vtorjenie.txt' && echo "vtorjenie" >> '/var/log/vtorjenie.txt' && date >> '/var/log/vtorjenie.txt' & sudo -u username DISPLAY=:0 eom '/warning.gif'
fi
Khiav tsab ntawv los ntawm su, qhov hashing ntawm GRUB muab faib thiab nws cov bootloader yuav raug kuaj xyuas, txuag lub cav.
Tom qab hloov kho OS -$ apt-get upgrade rov kos npe rau peb GRUB muab faib -$ подпись_GRUB Lub sijhawm no, hashing tiv thaiv ntawm GRUB muab faib ua tiav.
[D] So - kev puas tsuaj ntawm cov ntaub ntawv tsis tau encrypted
Rho tawm koj cov ntaub ntawv ntiag tug kom tiav "tsis yog Vajtswv tuaj yeem nyeem tau," raws li South Carolina tus kws tshaj lij Trey Gowdy.
Raws li ib txwm muaj, muaj ntau yam "myths thiab dab neeg", hais txog kev rov kho cov ntaub ntawv tom qab nws tau raug tshem tawm ntawm lub hard drive. Yog tias koj ntseeg hauv cyberwitchcraft, lossis yog tus tswv cuab ntawm Dr web zej zog thiab tsis tau sim cov ntaub ntawv rov qab tom qab nws raug tshem tawm / sau dua. (piv txwv li, rov qab siv R-studio), tom qab ntawd txoj kev npaj yuav tsis zoo li haum rau koj, siv qhov ze tshaj plaws rau koj.
Tom qab ua tiav kev hloov GNU/Linux rau qhov muab faib encrypted, cov ntawv qub yuav tsum raug muab tshem tawm yam tsis muaj peev xwm rov qab tau cov ntaub ntawv. Universal tu txoj kev: software rau Windows / Linux dawb GUI software BleachBit.
Ceev ceev format lub seem, cov ntaub ntawv uas yuav tsum tau muab pov tseg (ntawm Gparted) tso BleachBit, xaiv "Xaiv qhov chaw dawb" - xaiv qhov muab faib (koj sdaX nrog ib daim qauv dhau los ntawm GNU / Linux), cov txheej txheem stripping yuav pib. BleachBit - so lub disk hauv ib qho dhau los - qhov no yog qhov "peb xav tau", Tab sis! Qhov no tsuas yog ua haujlwm hauv kev xav yog tias koj formatted disk thiab ntxuav nws hauv BB v2.0 software.
Nco ntsoov! BB so lub disk, tawm hauv metadata; cov ntaub ntawv npe raug khaws cia thaum cov ntaub ntawv raug tshem tawm (Ccleaner - tsis tawm metadata).
Thiab cov lus dab neeg hais txog qhov ua tau ntawm cov ntaub ntawv rov qab tsis yog ib qho lus dab neeg nkaus xwb.Bleachbit V2.0-2 yav dhau los tsis ruaj khov OS Debian pob (thiab lwm yam software zoo sib xws: sfill; so-Nautilus - kuj tau pom hauv kev lag luam qias neeg no) tiag tiag muaj kab mob tseem ceeb: qhov "free space clearing" function nws ua haujlwm tsis raug ntawm HDD/Flash drives (ntfs/ext4). Software ntawm hom no, thaum tshem qhov chaw dawb, tsis sau tag nrho disk, raws li ntau tus neeg siv xav. Thiab ib txhia (ntau heev) deleted cov ntaub ntawv OS/software txiav txim siab cov ntaub ntawv no yog tsis-deleted/neeg siv cov ntaub ntawv thiab thaum tu "OSP" nws hla cov ntaub ntawv no. Qhov teeb meem yog tias tom qab lub sijhawm ntev, tu lub disk "Deleted ntaub ntawv" yuav zoo tu qab tso txawm tias tom qab 3+ dhau ntawm so lub disc.
Ntawm GNU/Linux ntawm Bleachbit 2.0-2 Cov haujlwm ntawm kev tshem tawm cov ntaub ntawv mus tas li thiab cov npe ua haujlwm tau ntseeg tau, tab sis tsis tshem qhov chaw dawb. Rau kev sib piv: ntawm Windows hauv CCleaner qhov "OSP rau ntfs" ua haujlwm tau zoo, thiab Vajtswv yeej yuav tsis tuaj yeem nyeem cov ntaub ntawv tshem tawm.
Thiab yog li ntawd, kom huv si tshem tawm "kev sib haum xeeb" qub unencrypted cov ntaub ntawv, Bleachbit xav tau kev nkag ncaj qha rau cov ntaub ntawv no, tom qab ntawd, siv qhov "nrawm rho tawm cov ntaub ntawv / directory" ua haujlwm.
Txhawm rau tshem tawm "cov ntaub ntawv tshem tawm siv cov cuab yeej OS" hauv Windows, siv CCleaner / BB nrog "OSP" ua haujlwm. Hauv GNU/Linux dhau qhov teeb meem no (Deleted ntaub ntawv) koj yuav tsum tau txais kev xyaum ntawm koj tus kheej (rho tawm cov ntaub ntawv + kev ywj pheej sim rov qab los thiab koj yuav tsum tsis txhob cia siab rau software version (yog tias tsis yog bookmark, ces kab laum)), tsuas yog nyob rau hauv cov ntaub ntawv no koj yuav to taub lub mechanism ntawm qhov teeb meem no thiab tshem tawm cov deleted cov ntaub ntawv kiag li.
Kuv tsis tau sim Bleachbit v3.0, qhov teeb meem tej zaum twb tau kho lawm.
Bleachbit v2.0 ua haujlwm ncaj ncees.
Ntawm cov kauj ruam no, disk wiping tiav.
[E] Universal thaub qab ntawm encrypted OS
Txhua tus neeg siv muaj lawv tus kheej txoj kev thaub qab cov ntaub ntawv, tab sis encrypted System OS cov ntaub ntawv yuav tsum muaj ib tug sib txawv me ntsis rau txoj hauj lwm. Unified software, xws li Clonezilla thiab cov software zoo sib xws, tsis tuaj yeem ua haujlwm ncaj qha nrog cov ntaub ntawv encrypted.
Nqe lus hais txog qhov teeb meem ntawm thaub qab encrypted thaiv cov cuab yeej:
universality - tib thaub qab algorithm / software rau Windows / Linux;
muaj peev xwm ua hauj lwm hauv lub console nrog ib qho chaw nyob usb GNU / Linux yam tsis tas yuav rub tawm software ntxiv (tab sis tseem pom zoo GUI);
kev ruaj ntseg ntawm cov ntaub ntawv thaub qab - khaws "duab" yuav tsum tau encrypted/password-tiv thaiv;
yog tias tsim nyog, upload lub ntim VeraCrypt rau www.
Tsim ib lub thawv encrypted VeraCrypt muaj nws tus yam ntxwv:
tsim kom muaj dynamic ntim (tsim DT tsuas yog muaj nyob hauv Windows, kuj tuaj yeem siv hauv GNU / Linux);
tsim ib lub ntim tsis tu ncua, tab sis muaj qhov yuav tsum tau ntawm "tus cwj pwm tsis txaus ntseeg" (raws li tus tsim tawm) - thawv formatting.
Lub ntim ntim tau tsim yuav luag tam sim hauv Windows, tab sis thaum luam cov ntaub ntawv los ntawm GNU / Linux> VeraCrypt DT, tag nrho cov kev ua haujlwm ntawm kev ua haujlwm thaub qab poob qis heev.
Ib txwm 70 GB Twofish ntim yog tsim (cia li hais, ntawm nruab nrab lub zog PC) rau HDD ~ hauv ib nrab teev (overwriting lub qub thawv cov ntaub ntawv nyob rau hauv ib tug pass yog vim kev ruaj ntseg yuav tsum). Kev ua haujlwm ntawm kev hloov pauv sai sai ntawm lub ntim thaum tsim nws tau raug tshem tawm ntawm VeraCrypt Windows / Linux, yog li tsim lub thawv tsuas yog ua tau los ntawm "ib-pass rewriting" lossis tsim kom muaj qhov ua haujlwm qis qis.
Tsim ib lub ntim VeraCrypt li niaj zaus (tsis yog dynamic/ntfs), yuav tsum tsis muaj teeb meem.
Configure / tsim / qhib lub thawv hauv VeraCrypt GUI> GNU / Linux nyob usb (lub ntim yuav automounted rau /media/veracrypt2, lub qhov rais OS ntim yuav mounted rau /media/veracrypt1). Tsim ib qho encrypted thaub qab ntawm Windows OS siv GUI rsync (grsync)los ntawm kev txheeb xyuas lub thawv.
Tos kom tiav cov txheej txheem. Thaum cov thaub qab tiav lawm, peb yuav muaj ib cov ntaub ntawv encrypted.
Ib yam li ntawd, tsim cov ntawv thaub qab ntawm GNU / Linux OS los ntawm kev tshem tawm "Windows compatibility" checkbox hauv rsync GUI.
Nco ntsoov! tsim ib lub thawv Veracrypt rau "GNU/Linux thaub qab" hauv cov ntaub ntawv kaw lus ext4. Yog tias koj ua ib qho thaub qab rau lub thawv ntfs, tom qab ntawd thaum koj rov qab zoo li no, koj yuav poob tag nrho cov cai / pawg rau tag nrho koj cov ntaub ntawv.
Koj tuaj yeem ua txhua yam haujlwm hauv lub davhlau ya nyob twg. Cov kev xaiv yooj yim rau rsync:
* -g -txuag pab pawg;
* -P - kev vam meej - xwm txheej ntawm lub sijhawm siv ua haujlwm ntawm cov ntaub ntawv;
* -H - luam hardlinks raws li yog;
* -a -archive hom (ntau tus rlptgoD chij);
* -v - lus.
Yog tias koj xav mount lub "Windows VeraCrypt ntim" ntawm lub console hauv cryptsetup software, koj tuaj yeem tsim ib qho alias (su)
echo "alias veramount='cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sdaX Windows_crypt && mount /dev/mapper/ Windows_crypt /media/veracrypt1'" >> .bashrc && bash
Tam sim no cov lus txib "veramount pictures" yuav hais kom koj nkag mus rau ib lo lus zais, thiab qhov encrypted Windows system ntim yuav raug teeb tsa hauv OS.
Daim ntawv qhia / Mount VeraCrypt system ntim hauv cryptsetup hais kom ua
cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sdaX Windows_crypt
mount /dev/mapper/Windows_crypt /mnt
Daim ntawv qhia / Mount VeraCrypt muab faib / ntim hauv cryptsetup hais kom ua
cryptsetup open --veracrypt --type tcrypt /dev/sdaY test_crypt
mount /dev/mapper/test_crypt /mnt
Es tsis txhob alias, peb yuav ntxiv (ib tsab ntawv rau kev pib) lub kaw lus ntim nrog Windows OS thiab cov laj thawj encrypted ntfs disk rau GNU / Linux startup
printf 'Ym9i' | base64 -d | cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sda3 Windows_crypt && mount /dev/mapper/Windows_crypt /media/Winda7 #декодируем пароль из base64 (bob) и отправляем его на запрос ввода пароля при монтировании системного диска ОС Windows.
printf 'Ym9i' | base64 -d | cryptsetup open --veracrypt --type tcrypt /dev/sda1 ntfscrypt && mount /dev/mapper/ntfscrypt /media/КонтейнерНтфс #аналогично, но монтируем логический диск ntfs.
Peb faib cov cai "yog":
sudo chmod 100 /VeraOpen.sh
Tsim ob cov ntaub ntawv zoo ib yam (tib lub npe!) hauv /etc/rc.local thiab ~/etc/init.d/rc.local
Sau cov ntaub ntawv
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will «exit 0» on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
sh -c "sleep 1 && '/VeraOpen.sh'" #после загрузки ОС, ждём ~ 1с и только потом монтируем диски.
exit 0
Ntawd yog nws, tam sim no thaum thauj GNU / Linux peb tsis tas yuav nkag mus rau lo lus zais rau mount encrypted ntfs disks, cov disks tau teeb tsa tau.
Ib daim ntawv luv luv txog qhov tau piav qhia saum toj no hauv kab lus E1 kauj ruam yog kauj ruam (tab sis tam sim no rau OS GNU / Linux)
1) Tsim ib lub ntim hauv fs ext4 > 4gb (rau cov ntaub ntawv) Linux hauv Veracrypt [Cryptbox].
2) Reboot rau nyob usb.
3) ~$ cryptsetup qhib /dev/sda7 Lunux #mapping encrypted muab faib.
4) ~$ mount /dev/mapper/Linux /mnt #mount lub encrypted muab faib rau /mnt.
5) ~ $ mkdir mnt2 #tsim cov npe rau yav tom ntej thaub qab.
6) ~ $ cryptsetup qhib —veracrypt — hom tcrypt ~/CryptoBox CryptoBox && mount /dev/mapper/CryptoBox /mnt2 #Map ib Veracrypt ntim npe hu ua "CryptoBox" thiab mount CryptoBox rau /mnt2.
7) ~ $ rsync -avlxhHX —kev vam meej / mnt / mnt2 / # thaub qab ua haujlwm ntawm qhov muab faib encrypted rau qhov ntim Veracrypted.
(p/s/ Nco ntsoov! Yog tias koj tab tom hloov encrypted GNU/Linux los ntawm ib lub tuam tsev / lub tshuab mus rau lwm qhov, piv txwv li, Intel> AMD (uas yog, xa cov thaub qab los ntawm ib qho kev faib tawm mus rau lwm qhov encrypted Intel> AMD muab faib), Tsis txhob hnov qab Tom qab hloov lub encrypted OS, kho qhov zais zais hloov yuam sij es tsis txhob lo lus zais, tej zaum. tus yuam sij yav dhau los ~/etc/skey - yuav tsis haum rau lwm qhov kev muab faib encrypted lawm, thiab nws tsis pom zoo los tsim tus yuam sij tshiab "cryptsetup luksAddKey" los ntawm hauv qab chroot - glitch yog ua tau, tsuas yog nyob rau hauv ~ / etc / crypttab qhia es tsis txhob "/etc/skey" ib ntus "tsis muaj" ", tom qab rebot thiab nkag mus rau hauv OS, rov tsim koj tus lej zais zais zais dua).
Raws li IT qub tub rog, nco ntsoov cais ua cov thaub qab ntawm cov headers ntawm encrypted Windows/Linux OS partitions, lossis cov encryption yuav tig tawm tsam koj. Hauv cov kauj ruam no, qhov thaub qab ntawm lub encrypted OS tiav.
[F] Tawm tsam ntawm GRUB2 bootloader
Saib cov ntsiab lusYog tias koj tau tiv thaiv koj lub bootloader nrog kos npe digital thiab / lossis authentication (saib point C6.), ces qhov no yuav tsis tiv thaiv kev nkag mus rau lub cev. Cov ntaub ntawv encrypted tseem yuav siv tsis tau, tab sis kev tiv thaiv yuav hla dhau (rov pib dua kev tiv thaiv kos npe digital) GRUB2 tso cai rau cyber-villain txhaj nws cov cai rau hauv bootloader yam tsis muaj kev xav tsis thoob (tshwj tsis yog tus neeg siv manually saib xyuas lub xeev bootloader, los yog tuaj nrog lawv tus kheej arbitrary-script code rau grub.cfg).
Attack algorithm. Intruder
* khau raj PC los ntawm usb nyob. Txhua yam kev hloov (tus ua txhaum) cov ntaub ntawv yuav ceeb toom rau tus tswv tiag tiag ntawm PC txog kev nkag mus rau hauv bootloader. Tab sis ib qho yooj yim reinstallation ntawm GRUB2 khaws grub.cfg (thiab lub peev xwm tom qab los kho nws) yuav tso cai rau tus neeg tawm tsam los kho cov ntaub ntawv (hauv qhov xwm txheej no, thaum thauj GRUB2, tus neeg siv tiag tiag yuav tsis raug ceeb toom. Cov xwm txheej yog tib yam <0>)
* Mounts qhov kev faib tsis pub nkag, khw muag khoom "/ mnt/boot/grub/grub.cfg".
* Reinstalls lub bootloader (tshem tawm "perskey" los ntawm core.img duab)
Raws li tau sau tseg saum toj no, qhov no yuav tsis pab tiv thaiv kev rub tawm cov teeb meem tsis zoo yog tias cov qauv no xaus rau hauv koj lub PC. Piv txwv li, tus keylogger uas yuav txuag tau keystrokes rau ib cov ntaub ntawv thiab sib tov nrog lwm cov ntaub ntawv nyob rau hauv "~/i386" kom txog rau thaum nws yog downloaded los ntawm ib tug attacker nrog lub cev nkag mus rau lub PC.
Qhov yooj yim tshaj plaws los xyuas kom meej tias kev tiv thaiv kev kos npe digital yog ua haujlwm zoo (tsis rov pib dua), thiab tsis muaj leej twg tau txeeb lub bootloader, nkag mus rau cov lus txib hauv CLI
list_trusted
Hauv kev teb peb tau txais ib daim qauv ntawm peb "perskey", lossis peb tsis tau txais dab tsi yog tias peb raug tawm tsam (koj kuj yuav tsum tau xyuas "set check_signatures = enforce").
Ib qho tsis zoo ntawm cov kauj ruam no yog nkag mus rau cov lus txib manually. Yog tias koj ntxiv cov lus txib no rau "grub.cfg" thiab tiv thaiv lub config nrog tus lej kos npe, tom qab ntawd qhov kev tso tawm ua ntej ntawm qhov tseem ceeb snapshot ntawm lub vijtsam yog luv luv rau lub sijhawm, thiab koj yuav tsis muaj sijhawm pom cov zis tom qab thauj khoom GRUB2. .
Tsis muaj leej twg tshwj xeeb los thov rau: tus tsim tawm hauv nws cov ntaub ntawv clause 18.2 officially tshaj tawm
"Nco ntsoov tias txawm tias muaj kev tiv thaiv GRUB lo lus zais, GRUB nws tus kheej tsis tuaj yeem tiv thaiv ib tus neeg uas muaj lub cev nkag mus rau lub tshuab los ntawm kev hloov kho lub tshuab lub firmware (xws li Coreboot lossis BIOS) kev teeb tsa ua rau lub tshuab khau raj los ntawm qhov sib txawv (tus neeg tua neeg tswj hwm) ntaus ntawv. GRUB yog qhov zoo tshaj plaws tsuas yog ib qhov txuas hauv kev ruaj ntseg khau raj. "
GRUB2 yog overloaded nrog kev ua haujlwm uas tuaj yeem muab qhov kev nkag siab ntawm kev ruaj ntseg tsis tseeb, thiab nws txoj kev loj hlob twb dhau los ntawm MS-DOS ntawm kev ua haujlwm, tab sis nws tsuas yog bootloader xwb. Nws yog funny tias GRUB2 - "tag kis" tuaj yeem dhau los ua OS, thiab bootable GNU / Linux virtual tshuab rau nws.
Daim vis dis aus luv luv hais txog yuav ua li cas kuv rov pib dua GRUB2 digital kos npe tiv thaiv thiab tshaj tawm tias kuv nkag mus rau tus neeg siv tiag (Kuv ntshai koj, tab sis es tsis txhob ntawm qhov uas tau pom hauv video, koj tuaj yeem sau tsis muaj teeb meem arbitrary code / .mod).
Cov lus xaus:
1) Block system encryption rau Windows yooj yim dua rau kev siv, thiab kev tiv thaiv nrog ib lo lus zais yooj yim dua li kev tiv thaiv nrog ob peb lo lus zais nrog GNU / Linux thaiv qhov system encryption, kom ncaj ncees: tom kawg yog automated.
2) Kuv tau sau tsab xov xwm raws li qhov cuam tshuam thiab nthuav dav yooj yim daim ntawv qhia rau tag nrho-disk encryption VeraCrypt/LUKS ntawm ib lub tsev lub tshuab, uas yog nyob deb ntawm qhov zoo tshaj plaws hauv RuNet (IMHO). Cov lus qhia yog> 50k cov cim ntev, yog li nws tsis npog qee tshooj nthuav dav: cryptographers uas ploj lawm / khaws cia hauv qhov ntxoov ntxoo; hais txog qhov tseeb tias nyob rau hauv ntau yam GNU / Linux cov phau ntawv lawv sau me ntsis / tsis txhob sau txog cryptography; hais txog Tshooj 51 ntawm tsab cai lij choj ntawm Lavxias Federation; O kev tso cai/ban encryption nyob rau hauv Russia, txog vim li cas koj yuav tsum tau encrypt "hauv paus / khau raj". Cov lus qhia tau muab nthuav dav heev, tab sis nthuav dav. (pib piav txawm tias cov kauj ruam yooj yim), nyob rau hauv lem, qhov no yuav txuag koj ntau lub sij hawm thaum koj mus rau "tiag tiag encryption".
3) Tag nrho disk encryption tau ua tiav ntawm Windows 7 64; GNU/Linux Parrot 4x; GNU/Debian 9.0/9.5.
4) Ua tiav kev tawm tsam rau koj GRUB2 bootloader.
5) Kev cob qhia tau tsim los pab txhua tus neeg tsis txaus siab hauv CIS, qhov chaw ua haujlwm nrog kev nkag mus tau tso cai nyob rau theem kev cai lij choj. Thiab feem ntau yog rau cov neeg uas xav dov tawm tag nrho-disk encryption yam tsis muaj demolishing lawv configured systems.
6) Rov ua dua thiab hloov kho kuv phau ntawv qhia, uas cuam tshuam rau xyoo 2020.