On Do, 05.12.19 15:23, Kevin Kofler (kevin.kofler@xxxxxxxxx) wrote: > Lennart Poettering wrote: > > Uh, first of all plain full disk encryption like we set it up > > typically on Fedora provides confidentiality, not integrity. > > Well, it does protect against offline modification (i.e., "borrow" the > computer or the storage devices, put the storage devices into another > computer, trojan the OS, and return the "borrowed" device without getting > caught; or even just boot the computer from a malicious boot device and > trojan the OS from there, if the boot order is not locked). It does not > protect against online modification (i.e., attack the system while it is > running and the disk is decrypted). No it does not protect against offline modification. That's why dm-integrity exists after all. If you use LUKS/dm-crypt without dm-integrity and you have a clue where things are located then you can change files without anything being able to detect that. (On btrfs you might have some luck, since it has data checksumming, but ext4 and other traditional file systems do not). And it's easier to figure out where stuff is located then you might think since we live in a world where people use SSDs and mount file systems with "discard", so that what are used blocks and what are free blocks is propagated to the underlying device. Moreover file systems write in certain patterns, i.e. try to keep large files in one stream together, put files in the same directories adjacent to each other and so on, and are usually roughly reproducible. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
