[dm-crypt] encrypted root: prevent / detect tampering with kernel / initrd

Arno Wagner arno at wagner.name
Tue Dec 29 21:24:29 CET 2009


On Tue, Dec 29, 2009 at 12:11:58AM +0100, Heinz Diehl wrote:
> On 28.12.2009, Olivier Sessink wrote: 
> 
> > yes you are 100% right from a perfect security viewpoint. However,
> > we're looking at a "regular user" deployment, and we know that our
> > regular users are not going to look after their devices as good as
> > most IT security professionals will do (they might even carry their
> > password in their wallet, or tell the password over the phone). So
> > our aim is not 100% perfect security, but just "make it (a lot)
> > harder" to get to the data.
> 
> Anybody who has the skills and the motivation to modify your kernel/initrd
> is far from being your "regular user", and is most likely able and has the
> expertise to do other things to your machine as well.
> 
> "Please repeat with me: there is no way to avoid or detect backdoors if
> physical access to the machine has ever been granted." (Werner Koch on
> gnupg-users 19.02.2009 on exactly the same topic).

I don't agree. But you have to think outside of the box and use a
separate, uncompromised boot medium that the attacker did not have
access to. With only the potentially modified system, you would
have to reverse-engineer all software on it, which is infeasible
in practice, even more so without an additional external system 
to do the analysis on. 

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list