[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unencrypted boot with encrypted root

From: Alex Griffin
Subject: Re: Unencrypted boot with encrypted root
Date: Wed, 08 Apr 2020 15:07:35 +0000
User-agent: Cyrus-JMAP/3.1.7-1104-g203475c-fmstable-20200408v2

On Wed, Apr 8, 2020, at 12:25 PM, Ellen Papsch wrote:
> These may be dangerous waters. The key file in initrd is like a house
> key under the mattress. A malicious process could look in the well
> defined place and exfiltrate the key. Think state trojan horses. A
> random name would not suffice, because other characteristics may help
> identifying the file (i.e. size).

What's the threat model here? For me, an encrypted disk is only meant to 
protect my data at rest. If a malicious process is already running on my system 
as root, then I don't care if they can exfiltrate the key.

Alex Griffin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]