Apple → [Security] [bootable external drive OS] How to start the MBPr?

If I have a MBPr, can it be started by booting from an external OS, say on a thumb-drive or a Thunderbolt drive? Perhaps Knoppix?

In other words, if physical access is allowed, can someone access the users' data as if it were just that, only data?

This scenario has pluses and minuses.

plus: If the machine does not boot on its own, a way to offboard the data and preserve it.
minus: A way to access data that means it is not secure when unmonitored physical access is allowed to/by non-users. A big problem!

Yes it can be booted from an external and if the person is knowledgeable enough could conceivably access your data. If this is a concern I would suggest enabling FileVault to encrypt your data.

FileVault is a partof/comes with ML or McCain/Palin. Yes, that makes sense.

Next question. If the data is encrypted within FileVault, one then only needs Knoppix and the user password to access the data, right?

To be clear, my machine, at home, as a recovery plan in case of hw failure.

If they had the user password, why bother restarting to a separate OS? No level of encryption/data protection (excluding biometrics or removable security hardware) can help if the attacker already has your password.

A fair question, yes. I'm considering a MBPr. My last Apple was a little MacBook that I got in 2006. Then it was stolen when my apartment was burglarized in 2009. See it here. »coresimplicity.com/wiki/ ··· ma700lla

So if it gets stolen again, I'm thinking about that.

Then there is security issue when dealing with government agents. That was recently in the news.

The good thing is that a thief is not likely to even know how to boot it with Knoppix. And FileVault makes that good enough for my level of concern.

However, the government is a more skilled snooper. When crossing any US national border, in either direction, the courts have ruled that Customs Agents may inspect (read: search) electronic devices. If one's computer does not boot, then it is taken as a suspected improvised weapon. If it does boot, then they ask for the password. If one refuses, they take the machine. I understand that the government has strong tools that can break most encryptions available to civilians.

Hence, the only way to retain one's 4th Amendment liberty-interest is to offload the data and place a functioning "as new" data-free image on the laptop. [This is likely quite similar to the OEM "restore" image that is provided on hidden partitions to resurrect Windows PCs when their OS is beyond repair.]

Then one must store the current image (with data) safely on an external drive.

Finally, one restores the current image after the security risk of illegal search is passed.

So one also needs an imaging software that can run under Knoppix and a storage drive large enough to hold both the "as new" image and the current image.

It's a lot of work to live as a "Born Free American" these days.

Hopefully, I will succeed and not brick the MBPr in the process.

Does that context help? More ideas and questions to follow if 'yes.'

The MBP will come with a restore partition on the SSD. You can boot to the restore partition and completely wipe the OS/data partition + install a fresh copy of the OS at any time. You can also use this partition to restore from an external Time Machine backup.

You can also get a small, external USB/Thunderbolt hard drive. Use Time Machine to back up to it (I believe TM not supports encrypted backups. You could also manually encrypt the entire drive using Disk Utility). The only problem then is making sure the laptop and the drive stay separate while traveling, if you're worried about people accessing the data.

I'm no security expert, but I don't think the encryption Apple uses has been cracked yet. There are attack vectors (such as the encryption key being stored in memory while the computer is booted), but no offline crack.

If you're interested, there's a full write-up of the encryption used in FileVault at the link below. They were unable to find a vulnerability to decrypt the drive (from a cold boot).
»www.lightbluetouchpaper. ··· ryption/

So the time machine is where one keeps the backup. OK, cool. This sounds pretty good.

If one restores from TM, do all the customizations, installed programs, user accounts, and data get restored completely with no further effort required?

Have I got this right?

Yes. Just to clarify, Time Machine is the program/utility built into the OS. You can use it with any third-party hard drive, an Apple Time Capsule (wireless router + networked hard drive), or a network drive (with some work).

It makes a copy of every file on your computer and keeps old versions as you modify files, too.

If you don't need that level of access and retention (every version of every file from the last month or so), then you can use a program like Carbon Copy Cloner or SuperDuper to make a direct, 1:1 copy of the internal to an external (and back). It's still pretty simple - just not as simple as Time Machine.

IIRC, you can set an openfirmware/EFI password that prevents someone from changing the boot device without entering it. (»www.macinstruct.com/node/507). That will slow a thief down, though they can apparently go to an apple store and have it unlocked via a master password. You'd hope apple would require some sort of proof of ownership to do that, but who knows.

If you are concerned about government agents seeing your data, put two bootable partitions on the same drive, one with no data and one encrypted with your data. Then, prior to a checkpoint, set the default boot to the empty partition. Customs agents will see it boot and let you pass.

There are more elaborate ways of hiding data on disk, but it's not worth the effort unless you are also not using a cell phone, credit card, etc. They'll track your movements before breaking into your computer.

This may be the best combination of safety and convenience I've read so far. Thank you!

It is very difficult to get this done and it's actually not the Genii that produce the special code. They have to contact another group at Apple corporate and provide justification for removing the firmware password.