If you have physical access to a machine you can do such things provided you are given sufficient time.
You can easily unscrew a hard drive with Windows for example, mount it as a secondary drive on a Linux machine and remove any local login password.
(I don’t know if having AD helps here.)
Or you can change BIOS settings, boot with a Linux Usb and mount the Windows drive.
So basic security imho means “Prevent a stranger sitting on front of your pc without touching your disk or using a usb or another disk from accessing your files”
Is it possible to show it at boot time? Or trigger manually with some shortcut? Does it protect against killing it with Team Monitor?
1 Like
You could make it start at boot with UserBootscript, or creating a boot task. I think the Team Monitor cannot be prevented from being called with the key combination, but the password-locked screensaver appears above any other window, including Team Monitor, so TM cannot be accessed directly.
2 Likes
Any real security depends on disk encryption, but security is aprocess, every little bit helps a little bit.
For me the most important features for making haiku a daily driver os are:
Critical Features:
- Full Disk encryption, ideally compatible with LUKS from Linux, without Disk Encryption it would be criminal having customer Data on my Haiku Machine
- Multi Monitor Support, for convenience and screen real estate
- Webcam Support (not that often, i could use my phone)
Nice to have:
- Sleep Mode
- 3D HW Accelleration
- Securing the system
- Multi User
1 Like
Drive encryption has existed since 2012 (from @axeld) but:
- Is not merged, may now have conflicts I guess
- Doesn’t support the boot partition yet
It has been mentioned in this topic before too - in 2021! Would be nice to see it available for users some time.
1 Like
This is not changes to Haiku to be merged, it is a 3rd party component that you can package and install. The changes on Haiku side have already been merged a very long time ago (problems integrating drive encryption with a packaged filesystem led to the introduction of the launch daemon).
There is a recipe at haikuports for it but currently marked as untested: haikuports/haiku-apps/drive_encryption/drive_encryption-1.0.recipe at 26fc0e6c0cdb1dd68347b095a617e2edaddc9e79 · haikuports/haikuports · GitHub
So all that’s needed is checking if that recipe is working and can build a package. Then we can enable it.
1 Like
I suppose it need to add some password input field in Haiku Loader to support encrypted boot partition?
That’s great that required changes have been made. To my mind though it would ideally be integrated so that it’s possible to use it with the boot partition and configure it during haiku installation.
Last time I looked into it I was adviced to not anable it, granted, that has been a long time and I haven’t checked sinse. 
1 Like
The Swiss cheese model of security is the key. There are abundant situations where one very visible and slightly sticky slice would make a world of difference.