Thorsten Leemhuis (acct. 1/4) on Nostr: Bypassing disk encryption on systems with automatic TPM2 unlock – ...
Bypassing disk encryption on systems with automatic TPM2 unlock – https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock/
oddlama writes: '"Most TPM2 unlock setups fail to verify the LUKS identity of the decrypted partition. Since the initrd must reside in an unencrypted boot partition, an attacker can inspect it to learn how it decrypts the disk and also what type of filesystem it expects to find inside. By recreating the LUKS partition with a known key, we can confuse the initrd […]"' #tpm #linux #Encryption
oddlama writes: '"Most TPM2 unlock setups fail to verify the LUKS identity of the decrypted partition. Since the initrd must reside in an unencrypted boot partition, an attacker can inspect it to learn how it decrypts the disk and also what type of filesystem it expects to find inside. By recreating the LUKS partition with a known key, we can confuse the initrd […]"' #tpm #linux #Encryption