On 2020-08-05 20:30:59 +0100 (+0100), Nikolaus Rath wrote: > On Aug 04 2020, Jeremy Stanley <fungi@yuggoth.org> wrote: > > Okay, so for systems to which a malicious party may gain physical > > access (or remote console access) there's sort of a third risk this > > addresses. A special case of the second risk really. *If* you're > > also encrypting the filesystem on which that signing key resides > > (via LUKS or similar) then this might keep you safe from someone > > with access to replace the kernel or initrd on the unencrypted boot > > partition... but only if they can't unlock the decryption key for > > the FS which holds the signing key of course. > > Wouldn't such an attacker simply modify the (necessarily unencrypted) > initrd such that it stores the decryption key for the attacker the next > time you enter it? How would this attacker generate the new initrd signature so that it still validates correctly? -- Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature