[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recovering from compromised keys

(Context: a private mail to which I'm replying suggested that full-disk
encryption should be used to make it harder to subvert our infrastructure,
and worried about the use of an unencrypted /boot, since "they" could
insert a keylogger or trojan into the initrd.)

By policy, we use full-disk encryption at my workplace (where full-disk
really means "except the bootloader and /boot"). For a 2-year-old recipe for
it, which I believe still mostly works with grub2, see

Needing an unencrypted /boot just means you have to distrust /boot after you
lose and then regain control of your laptop. The secrets in the encrypted part
are still inaccessible, until or unless you enter your passphrase into the
compromised /boot.

If you assume that "they" haven't tampered with your BIOS or hardware and
put a keylogger *there*, you can fix this situation with full tin-foil-hat
compliance, if you've taken then precaution of having an always-up-to-date
copy of /boot in the encrypted area. To do so, boot from removable media,
access the encrypted area, overwrite the possibly-compromised /boot with the
backup, and reinstall the bootloader and MBR.


Attachment: signature.asc
Description: Digital signature

Reply to: