Bug#1020713: initramfs-tools: RESUME=auto probably a security hole

To: Bastian Blank <waldi@debian.org>, 1020713@bugs.debian.org
Subject: Bug#1020713: initramfs-tools: RESUME=auto probably a security hole
From: Christoph Anton Mitterer <calestyo@scientia.org>
Date: Sun, 25 Sep 2022 20:25:01 +0200
Message-id: <[🔎] 4CC163FB-5A7A-48C6-85A8-E5A2A603D0A1@scientia.org>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.org>, 1020713@bugs.debian.org
In-reply-to: <[🔎] YzCaRnVSVW4ddp+8@shell.thinkmo.de>
References: <[🔎] 74b45c109f70f9c03a71649c307ca99ed10f2d6d.camel@scientia.org> <[🔎] YzCaRnVSVW4ddp+8@shell.thinkmo.de> <[🔎] 74b45c109f70f9c03a71649c307ca99ed10f2d6d.camel@scientia.org>

Am 25. September 2022 20:13:26 MESZ schrieb Bastian Blank <waldi@debian.org>:
>On Sun, Sep 25, 2022 at 08:05:29PM +0200, Christoph Anton Mitterer wrote:
>But an attacker can already modify the kernel command line.  Secure boot
>up until recently was completely incompatible with hibernation, so
>nothing here applies anyway.

As I've explained, not e.g. in a FDE scenario, where one boots from a secure USB stick (which is anyway the only sensible way to do it.

Neither in a scenario as that with the ATM where an attacker could *only* access sind service USB port, but not e.g. a keyboard or anything else. 

Cheers,
Chris.

Reply to:

References:
- Bug#1020713: initramfs-tools: RESUME=auto probably a security hole
  - From: Christoph Anton Mitterer <calestyo@scientia.org>
- Bug#1020713: initramfs-tools: RESUME=auto probably a security hole
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: linux-signed-arm64_5.19.11+1_source.changes ACCEPTED into unstable
Next by Date: Bug#1020718: should at least suggest the expected compressors
Previous by thread: Bug#1020713: initramfs-tools: RESUME=auto probably a security hole
Next by thread: linux-signed-arm64_5.19.11+1_source.changes ACCEPTED into unstable
Index(es):
- Date
- Thread