(oddlama.org)

211 points arjvik | 2 comments | 17 Jan 25 03:00 UTC | HN request time: 0.406s | source

1. shitter ◴[17 Jan 25 14:25 UTC] No.42737790[source]▶

This is mitigated if your initramfs + kernel are measured into the TPM, right?

Edit: never mind, I think it's still vulnerable.

2. jakogut ◴[17 Jan 25 16:28 UTC] No.42739736[source]▶

Your edit is correct. The kernel and initramfs are exploited unmodified to boot a tampered root filesystem, which allows userspace tools to extract data from the TPM, as the PCRs used to protect data like the LUKS passphrase have not changed.

↑

Bypassing disk encryption on systems with automatic TPM2 unlock