Navigation
Recherche
|
Poettering: Authenticated Boot and Disk Encryption on Linux
jeudi 23 septembre 2021, 17:35 , par LWN.net
Here's a
lengthy missive from Lennart Poettering taking Linux distributors to task for inadequately protecting systems from physical attacks. So, does the scheme so far implemented by generic Linux distributions protect us against the latter two scenarios? Unfortunately not at all. Because distributions set up disk encryption the way they do, and only bind it to a user password, an attacker can easily duplicate the disk, and then attempt to brute force your password. What's worse: since code authentication ends at the kernel — and the initrd is not authenticated anymore —, backdooring is trivially easy: an attacker can change the initrd any way they want, without having to fight any kind of protections. The article contains a lot of suggestions for how to do things better.
https://lwn.net/Articles/870194/rss
|
56 sources (32 en français)
Date Actuelle
jeu. 18 avril - 20:31 CEST
|