[dm-crypt] encrypted root: prevent / detect tampering with kernel / initrd

Arno Wagner arno at wagner.name
Tue Dec 29 21:24:29 CET 2009

On Tue, Dec 29, 2009 at 12:11:58AM +0100, Heinz Diehl wrote:
> On 28.12.2009, Olivier Sessink wrote: 
> > yes you are 100% right from a perfect security viewpoint. However,
> > we're looking at a "regular user" deployment, and we know that our
> > regular users are not going to look after their devices as good as
> > most IT security professionals will do (they might even carry their
> > password in their wallet, or tell the password over the phone). So
> > our aim is not 100% perfect security, but just "make it (a lot)
> > harder" to get to the data.
> Anybody who has the skills and the motivation to modify your kernel/initrd
> is far from being your "regular user", and is most likely able and has the
> expertise to do other things to your machine as well.
> "Please repeat with me: there is no way to avoid or detect backdoors if
> physical access to the machine has ever been granted." (Werner Koch on
> gnupg-users 19.02.2009 on exactly the same topic).

I don't agree. But you have to think outside of the box and use a
separate, uncompromised boot medium that the attacker did not have
access to. With only the potentially modified system, you would
have to reverse-engineer all software on it, which is infeasible
in practice, even more so without an additional external system 
to do the analysis on. 

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list