Hi,
of course, this also affects dm-crypt - or any other encryption scheme
for that matter.
You need an unbroken chain of trust to achieve security. You must be
able to trust your hardware/firmware, your BIOS, the code in your MBR,
your boot loader, your kernel, your drivers, your system libraries, your
shell, your cryptsetup executable and so on.
If an attacker manages to replace or manipulate at least one piece of
that chain, he has broken your security.
Here is an example of a keylogger implemented in keyboard firmware:
http://www.blackhat.com/presentations/bh-usa-09/CHEN/BHUSA09-Chen-RevAppleFirm-SLIDES.pdf
(Yes, even keyboards might come with programmable flash nowadays ;-)
However, this is nothing new. If you assume that an attacker is
determined and able to get physical access to your computer - especially
without your knowledge - securing your system gets much, much harder.
In this case you need a method to verify the integrity of every compnent
of your system. The best bet would probably be something like TPM. This
should cover at least the BIOS and the rest of the software but
manipulated firmware might still slip through.
Marc
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
