hi Olaf!
Am Sonntag, 18. November 2018 schrieb Olaf Meeuwissen:
> > Just for the fun of applied paranoia: How do you ensure that nobody
> > tempered with your eeprom? Did you seal it propperly after you made
> > the chip readonly? If not, then you still have the same problem, just
> > a level higher.
>
> If someone tampered with the eeprom I guess I'd have a problem and
> someone might be eavesdropping on my disk I/O but my disks would still
> be fully encrypted as in I could give you one of the disks from my RAID1
> setup and you wouldn't be able to find out what's on it.
Or inject a keylogger into your grub payload - which is quite easy. Sniffed keystrokes could be stored in the very same eeprom (or cmos ram or ...). Or intercept the grub boot command, as at that point the kernel + initrd are already loaded from the decrypted boot partition, but kernel has not taken over control now. Modifying initrd on the fly would be quite nice ...
> Hope this helps,
> --
> Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27
> GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9
> Support Free Software https://my.fsf.org/donate
> Join the Free Software Foundation https://my.fsf.org/join
>
--
Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...