[dm-crypt] encrypted root: prevent / detect tampering with kernel / initrd
[lesh] Ivan Nikolic
lesh at sysphere.org
Tue Dec 29 11:23:10 CET 2009
you can set bios password for every boot (if you trust your bios, this would mean that for any
software tampering your machine has to be taken appart, disk unplugged, etc. but most bioses had a lot of backdoor
passwords few years back, don't know how it is now, but not very nice I suppose)
so, to be extra sure, somekind of sum of unencrypted files is nice, yes.
that would mean that person would have to get past bios, boot another system, modify your kernel to make your hashing
program lie to you (know in advance that you use one, and which) and that is hard enough for me:)
(and is the most feaseable software hack idea those "if there is phisical access game over" people are talking about)
if you are that paranoid, you cary your initrd/kernel on usb with you.
those problems can be addressed with an evil child of drm, chain of trust.
I'm gonna setup the hash thing right now :)
* Heinz Diehl (htd at fancy-poultry.org) wrote:
> On 28.12.2009, Olivier Sessink wrote:
> > yes you are 100% right from a perfect security viewpoint. However,
> > we're looking at a "regular user" deployment, and we know that our
> > regular users are not going to look after their devices as good as
> > most IT security professionals will do (they might even carry their
> > password in their wallet, or tell the password over the phone). So
> > our aim is not 100% perfect security, but just "make it (a lot)
> > harder" to get to the data.
> Anybody who has the skills and the motivation to modify your kernel/initrd
> is far from being your "regular user", and is most likely able and has the
> expertise to do other things to your machine as well.
> "Please repeat with me: there is no way to avoid or detect backdoors if
> physical access to the machine has ever been granted." (Werner Koch on
> gnupg-users 19.02.2009 on exactly the same topic).
> dm-crypt mailing list
> dm-crypt at saout.de
PGP 0x96085C00 http://lesh.sysphere.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: not available
More information about the dm-crypt