From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <htd@fancy-poultry.org>
Received: from localhost (localhost [127.0.0.1])
	by mail.saout.de (Postfix) with ESMTP id 7423E9487
	for <dm-crypt@saout.de>; Sat,  8 Aug 2009 15:23:19 +0200 (CEST)
Received: from mail.saout.de ([127.0.0.1])
	by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id LEX5lgYjJHSj for <dm-crypt@saout.de>;
	Sat,  8 Aug 2009 15:23:14 +0200 (CEST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.187]) by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Sat,  8 Aug 2009 15:23:14 +0200 (CEST)
Date: Sat, 8 Aug 2009 15:26:14 +0200
From: Heinz Diehl <htd@fancy-poultry.org>
Message-ID: <20090808132614.GA29656@fancy-poultry.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [dm-crypt] LUKS/dm-crypt vulnerable?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hi,

did just read this article on a vulnerability of the Windows programm
"Truecrypt":

http://www.h-online.com/security/Bootkit-bypasses-hard-disk-encryption--/news/113884

It doesn't affect me, since I'm not using Windows at all, but would such
also be possible on a LUKS/dmcrypt encrypted Linux machine? E.g. GRUB in
the MBR, /boot unencrypted, the rest encrypted and decrypting via
a specially crafted initrd which ask for the passphrase at bootup time?

Could also somebody steal my encrypted Laptop, install such a programm into the
MBR, boot the machine and read my data (when the Laptop is not powered on)?