LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

My scheme does not seem to be vulnerable

My scheme does not seem to be vulnerable

Posted Oct 29, 2009 16:00 UTC (Thu) by giggls (subscriber, #48434)
Parent article: "Evil Maid" attack against disk encryption

All the Linux based laptops on my workplace which I am responsible for use an encryption scheme with a trusted kernel/initrd/key+password combination on personal USB flash drives. People usually carry them seperated from their laptops as keyring or such.

The system itselfs consists of a LUKS encrypted harddrive without any bootloader installed. To get them running the flash drives are used (I offer booting from our cooperate LAN as an additional feature).

The only thing I would like to get worked out is to add kexec. This way I would be able to make this stuff independent of distributions and kernels of the running system.

(Log in to post comments)

My scheme does not seem to be vulnerable

Posted Oct 29, 2009 18:59 UTC (Thu) by bronson (subscriber, #4806) [Link]

This sounds really interesting and useful. Do you have an articles or blog posts that describe your setup?

My scheme does not seem to be vulnerable

Posted Oct 30, 2009 17:02 UTC (Fri) by NAR (subscriber, #1313) [Link]

The Evil (and Determined) Maid then installs a logger on the BIOS which captures the key from the USB flash drive and from the keyboard...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds