Blog

FDE/LUKS: Insecure usage of TPM 🔐

Introduction Encrypting the root partition is one way to protect user data if the computer is lost/stolen. To allow the system to boot, a decryption passphrase must be provided by the user but it comes with these two drawbacks: In the case of a multi-user machine, the passphrase must be shared with all its users. However, the knowledge of the passphrase is sufficient to see any file or alter the system without booting this system. If evil maid attacks are part of the threat model, the trustworthiness of the boot environment must be attested before the user is prompted for the decryption passphrase. To solve these issues, the TPM chip can be used to automatically but conditionally unlock the drive at boot only if the trustworthiness of the boot environment is attested. In this condition, there is no need to prompt the user for a passphrase. This is achieved in combination with Secure Boot:

Read more →

July 30, 2024