Re: [dm-crypt] encrypted root: prevent / detect tampering with kernel / initrd

From: "[lesh] Ivan Nikolic" <lesh@sysphere.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] encrypted root: prevent / detect tampering with kernel / initrd
Date: Tue, 29 Dec 2009 11:23:10 +0100	[thread overview]
Message-ID: <20091229102310.GI24454@sysphere.members.linode.com> (raw)
In-Reply-To: <20091228231158.GB16466@fancy-poultry.org>

[-- Attachment #1: Type: text/plain, Size: 2196 bytes --]

you can set bios password for every boot (if you trust your bios, this would mean that for any 
software tampering your machine has to be taken appart, disk unplugged, etc. but most bioses had a lot of backdoor
passwords few years back, don't know how it is now, but not very nice I suppose)

so, to be extra sure, somekind of sum of unencrypted files is nice, yes.
that would mean that person would have to get past bios, boot another system, modify your kernel to make your hashing 
program lie to you (know in advance that you use one, and which) and that is hard enough for me:)
(and is the most feaseable software hack idea those "if there is phisical access game over" people are talking about)

if you are that paranoid, you cary your initrd/kernel on usb with you.

btw,
those problems can be addressed with an evil child of drm, chain of trust.
http://theinvisiblethings.blogspot.com/2009/01/why-do-i-miss-microsoft-bitlocker.html

I'm gonna setup the hash thing right now :)

* Heinz Diehl (htd@fancy-poultry.org) wrote:
> On 28.12.2009, Olivier Sessink wrote: 
> 
> > yes you are 100% right from a perfect security viewpoint. However,
> > we're looking at a "regular user" deployment, and we know that our
> > regular users are not going to look after their devices as good as
> > most IT security professionals will do (they might even carry their
> > password in their wallet, or tell the password over the phone). So
> > our aim is not 100% perfect security, but just "make it (a lot)
> > harder" to get to the data.
> 
> Anybody who has the skills and the motivation to modify your kernel/initrd
> is far from being your "regular user", and is most likely able and has the
> expertise to do other things to your machine as well.
> 
> "Please repeat with me: there is no way to avoid or detect backdoors if
> physical access to the machine has ever been granted." (Werner Koch on
> gnupg-users 19.02.2009 on exactly the same topic).
> 
> 			     
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
PGP 0x96085C00 http://lesh.sysphere.org

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]