On 6/3/20 12:06 PM, Simo Sorce wrote:
On Tue, 2020-06-02 at 21:58 -0700, John M. Harris Jr wrote:
Why?
Evil maid attacks.
Because without a signature you could replace the whole image with a
completely functional one that you fully control.
Boot the system with a hybernation image generated on identical
hardware but with your own data, give your own decryption key, presto,
as soon as the hybernation image is restored the system is running your
image. From there you could be able to use, for example, keys stored in
the TPM or simply you capture the real password for the real image as
soon as the user returns to the machine to unlock it and transmit it,
and now you have access to the original disk image and all its
contents...
Again, possibilities abound.
Thank you, that is a very clear explanation.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx