[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Unencrypted boot with encrypted root
|
From: |
Alex Griffin |
|
Subject: |
Re: Unencrypted boot with encrypted root |
|
Date: |
Wed, 08 Apr 2020 15:07:35 +0000 |
|
User-agent: |
Cyrus-JMAP/3.1.7-1104-g203475c-fmstable-20200408v2 |
On Wed, Apr 8, 2020, at 12:25 PM, Ellen Papsch wrote:
> These may be dangerous waters. The key file in initrd is like a house
> key under the mattress. A malicious process could look in the well
> defined place and exfiltrate the key. Think state trojan horses. A
> random name would not suffice, because other characteristics may help
> identifying the file (i.e. size).
What's the threat model here? For me, an encrypted disk is only meant to
protect my data at rest. If a malicious process is already running on my system
as root, then I don't care if they can exfiltrate the key.
--
Alex Griffin
- Re: Unencrypted boot with encrypted root, (continued)
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/04
- Re: Unencrypted boot with encrypted root, pelzflorian (Florian Pelz), 2020/04/04
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/06
- Re: Unencrypted boot with encrypted root, Ludovic Courtès, 2020/04/07
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/07
- Re: Unencrypted boot with encrypted root, Ludovic Courtès, 2020/04/07
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/08
- Re: Unencrypted boot with encrypted root, Alex Griffin, 2020/04/07
- Re: Unencrypted boot with encrypted root, Vagrant Cascadian, 2020/04/07
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/08
- Re: Unencrypted boot with encrypted root,
Alex Griffin <=
- Re: Unencrypted boot with encrypted root, Vagrant Cascadian, 2020/04/08
- Re: Unencrypted boot with encrypted root, Pierre Neidhardt, 2020/04/08
- Re: Unencrypted boot with encrypted root, Alex Griffin, 2020/04/08