More restrictive TPM2 checks #14
SharkPlush
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I'll provide a scenario for this.
Let's say I have a laptop with secure boot enabled, if I disable the secure boot Aeon will then ask me for my LUKS2 PIN. If I then go back to enable secure boot because everything looks fine to Aeon it will auto unlock my SSD.
The same can be applied for the kernel parameters, ect.
So if any attacker has my laptop and sees an attack doesn't work they can put the laptop back into it's original state and Aeon will unlock without the PIN, this allows them to keep trying attacks till they might find a potential one that works correct?
I believe that in this case if Aeon sees it has been booted in an altered state then suddenly that state changes back to the normal one on next boot it should still keep the drive locked.
Beta Was this translation helpful? Give feedback.
All reactions