To boot a production computer system with an encrypted file system (booting, also: “booting process”), a so-called passphrase (also referred to as password, code word, key word, solution word or watch word) is required at the start of the booting process. The passphrase is a key used to encrypt or decrypt an encrypted file system in the production computer system so that the production computer system can perform a booting process by the decrypted file system.
To that end, in conventional solutions, the passphrase needs to be available in plaintext (e.g., be entered by an authorized user at the production computer system), but shall not be visible to a non-authorized third party or, possibly, for a system administrator of the production computer system. Just as well, the programs used for the booting process must not be manipulable by an administrator (or other non-authorized third parties).
Known solutions provide that a user directly enters the passphrase (e.g., on a console) prior to the actual booting process. In particular in servers it is common to start-up a so-called Secure Shell (SSH) Daemon on the encrypted file system, for example, prior to the actual booting process. An administrator logs into the daemon and enters the passphrase which is then used to decrypt the file system.
The disadvantage of known solutions is that a person is required to enter the passphrase. For example, the person may be an non-authorized third party or a criminal who uses the passphrase in an non-authorized manner to get access to the file system of the production computer system.
However, saving the passphrase with the system according to an alternative solution is an additional security gap and generally puts the sense of encryption into question, respectively.
Using a so-called “Trusted Platform Solution” (TPM) is not a further solution for a secure booting of a production computer system since TPM is supported by diverse computer systems only to a limited extent and there is a general distrust regarding the security of a solution of this type.
It could therefore be helpful to enable booting a production computer system without having to accept security-relevant limitations of the above type.