←back to thread

Bypassing disk encryption on systems with automatic TPM2 unlock

(oddlama.org)
189 points arjvik | 1 comments | 17 Jan 25 03:00 UTC | HN request time: 0.214s | source
Show context
shitter ◴[17 Jan 25 14:25 UTC] No.42737790[source]
This is mitigated if your initramfs + kernel are measured into the TPM, right?

Edit: never mind, I think it's still vulnerable.

replies(1): >>42739736 #
1. jakogut ◴[17 Jan 25 16:28 UTC] No.42739736[source]
Your edit is correct. The kernel and initramfs are exploited unmodified to boot a tampered root filesystem, which allows userspace tools to extract data from the TPM, as the PCRs used to protect data like the LUKS passphrase have not changed.