User: Password:
Subscribe / Log in / New account

"Evil Maid" attack against disk encryption

"Evil Maid" attack against disk encryption

Posted Oct 29, 2009 20:31 UTC (Thu) by drag (guest, #31333)
In reply to: "Evil Maid" attack against disk encryption by Cyberax
Parent article: "Evil Maid" attack against disk encryption


Even if your using TPM the hardware can still be subverted if you allow
physical access to it. TPM does not solve any "evil maid" related issue
that putting the bootloader in removable media won't solve, except maybe
the BIOS thing.

TPM is useful for detection of problems with malicious software in your
bootloader and kernel. That way you can establish a chain of trust from
initial boot-up to running the OS. This allows you to hash every element
from the BIOS on upwards. This way you can reliably detect things like
rootkits by a simple reboot, which is impossible otherwise. Previously to
TPM you had to use a tool like tripwire or other host-based IDS while the
system was offline (like you were booted up in a live cd) and comparing
that result with last known good hash is the only reliable way to combat
rootkits. TPM can reduce the complexity, expense, and difficulty of that

It is not really designed to secure your machine from physical access.


Really the only solution using current technology is just not to leave your
stuff were other people have access to it when your not around.

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds