(oddlama.org)

189 points arjvik | 1 comments | 17 Jan 25 03:00 UTC | HN request time: 0.213s | source

Show context

ARob109 ◴[17 Jan 25 05:24 UTC] No.42734364[source]▶

Seems like this could be easily mitigated with a read only root filesystem using dm verity

Store the root hash of the dm verity formatted rootfs in the PCR. If a malicious partition is presented to initrd, its root hash will not match the trusted one stored in the TPM.

Or if you need a writeable rootfs, use fs verity and store the signature of init into the PCR. The trusted init signature won’t match signature of malicious init.

LUKS for encryption and verity for integrity/verification.

replies(4): >>42734409 #>>42736375 #>>42737186 #>>42737763 #

1. highwaylights ◴[17 Jan 25 11:18 UTC] No.42736375[source]▶

>>42734364 #

I’m not sure if this is the exact process for openSUSE Aeon, but it’s very close philosophically so I image the rest is a question of hardening this over time.

↑

Bypassing disk encryption on systems with automatic TPM2 unlock