Techly NewsGet the app

Get the latest tech news

Bypassing disk encryption on systems with automatic TPM2 unlock


oddlama's personal web page and blog

Since the initrd must reside in an unencrypted boot partition, an attacker can inspect it to learn how it decrypts the disk and also what type of filesystem it expects to find inside. Some distributions instead ship EFI executables that are pre-signed with the Microsoft keys, which allows them to enable secure boot by default without requiring the user to generate and enroll anything on their own. Then, initramfs will attempt to mount the rogue partition as the root filesystem (decryption failure will fall back to password entry), leaving pre-boot PCRs unchanged.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of systems

systems

Photo of disk encryption

disk encryption

Related news:

News photo

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

News photo

Meta scrapped factcheckers because systems were 'too complex'

News photo

Loongson Introducing An EDAC Driver For LoongArch + ECC Memory Systems

« Sony cancels an unannounced live service God of War game
'Everything We Were Taught About Success Is Wrong' »