this post was submitted on 29 Feb 2024
23 points (92.6% liked)

Linux

48224 readers
111 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I'm setting up FDE and wonders which one is better. "LVM over LUKS" or "LUKS over LVM"? Or something else? Does one is definitely better then the other? What are your preference?

Thanks.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 8 months ago (1 children)

I though FDE is to thwart physical access to exfiltrate and or recover data. Making the root partition unencrypted surely will boost performance but I feel like this opens up an additional avenue for an attacker to exploit and defeat the purpose of doing FDE? It isn't just making "installed apps private" but literally replace some binaries with a backdoored version of it with then enables access to decrypted data.

[–] TMP_NKcYUEoM7kXg4qYe 0 points 8 months ago* (last edited 8 months ago) (2 children)

If an attacker has physical access to your device, you should not use the device afterwards, ever. There are some mitigations like Secure Boot and Heads OS, but they only slow down the attacker. Given enough time, you cannot stop him. Heads OS is pretty much for giving your laptop to airport security temporary and Secure Boot has been hacked in a minute. Although that was using TMP outside of the CPU, I would not trust Secure Boot with TMP 2.0 for anything other than a quick customs check either.

Using FDE as a protection against physical attacks is just a false sense of security. Veracrypt for example go as far as to say that secure boot is false sense of security.

For maximum paranoia there is a use for FDE, though. If you install a crappy app that saves data outside of RAM, /home, /var and /tmp, the data won't get leaked. Though that would be a massive security issue because most linux computers are servers which cannot use FDE.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

The most common physical attacks will be you misplacing your device or some friend/burglar/cop taking it. FDE works great in those scenarios.

[–] TMP_NKcYUEoM7kXg4qYe 1 points 8 months ago

Not really, rewriting the boot sector with your malware can be scripted so even the average burglar could use it. Using a previously stolen laptop without reflashing the firmware or something similar isn't worth the risk imo.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (3 children)

For secure boot bypasses I could only find BlackLotus is the only one capable to do this. I would like to have more details to support the claim "Secure Boot has been hacked in a minute." Also, I would like the explanation on secure boot is a false sense of security and points to suport such claim as BlackLotus is the only publicly known malware to bypass secure boot.

However, I do firmly believe that there ia no reason that servers can't use FDE as they are no differ than other typical computer.

EDIT: forgot the "boot" for secure boot

[–] TMP_NKcYUEoM7kXg4qYe 1 points 8 months ago

The secure boot vulnerability was shown on a lenovo laptop. I've found https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/, but I'm not sure whether it's the same thing I was talking about. The attack abused the fact that the TPM chip was outside the CPU so it was possible to read the keys in plain text by just putting a clip on the chip. The laptops in the ESET article seem fairly new so I would expect them to have TPM inside the CPU.

I recommend reading "threat model" page on Heads OS' website. Secure boot can be disabled in the UEFI settings which can be accessed by unplugging the CMOS battery to reset the UEFI password. Undoing a few screws takes a few seconds so the bottleneck would be how fast you can upload your fake login screen onto the drive.

Servers can use FDE obviously but using them becomes highly inconvenient if you enable that. In order to boot you need to decrypt the drive but how are going to connect to the server if it hasn't booted yet? One solution is to only boot the server when you have local access. The issue rises when your server crashes. Alternatively you can either start sshd early in the boot process at which point it isn't really FDE or have some kind of KVM which just shifts the issue to a different device.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

I think people tend to get hung up on where you store the key material for a server. Hardware token and TPM being two options that are less secure, but network bound disk encryption is supported as well as a combination. So you could have it require the network key as well as the matching PCRs from the TPM for the proper software load before it will unseal.

[–] [email protected] 1 points 8 months ago (1 children)

Hardware token being less secure?

[–] [email protected] 1 points 8 months ago

If I steal the server I have the token, unless someone is physically going to unlock the server every time you reboot which is not realistic.

[–] [email protected] 1 points 8 months ago

TPM has been bypassed. Researches found a lot of laptops where you can just attach wires to the TPM communication lines and you can just listen and wait for the TPM to spit out the key.

It's a hardware attack so game over. But still worth doing especially on servers and desktops because then it's still much more of a skilled attack than someone just stealing the drives. Especially servers with their front drive bays you can literally just pop the drive. And if the drive dies and you can't erase it, it's fine, you can throw it away and not care because it's FDE so you can just throw away the keys.