I was alarmed to see this information and even more alarmed at what it would take to get around the encryption. Granted the attacker would need physical access to your computer, but depending on where you are, sometimes there isn't a way you can be near your at all times. In the article the author give this example of boarder checks, and that make me think and do a double take. I mean how often do you stop to think that if someone had their hands on your laptop recently during a border check or something else, that maybe you should check your boot image to make sure it is unmodded? I doubt anyone except those who are paranoid.

Anyway as you read this, it got me thinking if this can be done wouldn't it be best to then store your boot partition on a removable device such as a jumpdrive. Would it be worth it, thus if you ever became separated from your computer, you boot partition would remain safe and unmodified if you were separated.

Of course if at all possible, I would say that if I am going to travel, I might put a dummy drive in the laptop and that way I don't have to worry so much or I might just say, ship it to it's destination if I use public transportation. It might be a bit over paranoid but if this hack is possible wouldn't it pay to be over paranoid? But hey, it's not like your financial data is classified military defense plans or schematics for the latest TOP-SECRET weapon but you should at least treat it like it is.

Here is the site link Bandit Defense Blog

For those of you whom might not trust this site or that the site may not be work friendly here is the information below, with all credits going to it's author.

If that is the case, all bets are off. Nothing new here.

All bets may be off, but how can you watch your computer 24/7? It might only take a few minutes to implement this, but could be a specific target or a random one. Nonetheless, tell me there isn't a single moment when you are away from you computer that anyone could get physical access to it. Sure if the person wanted to, they could just steal it but if they are after your data, why steal it when it won't do them any good.

And it may not be your stuff they want but the data belonging to the company you work with. It also comes down to how much you implicitly trust those around you. Do you trust airport security with your machine? Do you trust border patrol?

I know it may be unrealistic and far-fetched but think about it, it could happen. Of course I guess once it does your screwed anyway unless you meticulously ponder through your boot image and init scripts after your computer being handed to you from unfamiliar hands.

Trust no one.

I don't think there's anything particularly new or insightful there. The fact that the initrd and kernel image are unencrypted and could be trojaned is nothing new and occured to me a while ago when I was first playing with tripwire and considering its implications and how it might be vulnerable.

I suppose you could mitigate the risk by taking checksums (md5/sha1 etc) or making gpg signatures of them (or even the whole /boot partition), but you'd need to boot from something you could trust like a live-cd in order to check them, as otherwise the trojaned kernel could potentially hide itself somehow. However, if you're going to boot from something else anyway, why not just have your /boot on a cd-r (not cd-rw which could be re-written) and boot from that.

The problem with using a USB thumb drive/stick or memory card is that unless you keep it locked away in a safe where no one can get at it, you've got the exact same issue.


Thankfully, most of us don't need to be this paranoid. My disk uses full disk encryption for the sole purpose of preventing any burglars that may break in and steal it from accessing my personal information (I had a PC stolen a few years back, so I'm extra careful about this sort of thing these days).

to the contrary. disk encryption is supposed to address the problem of physical access. when your computer is booted up, the fs and its data are unencrypted and accessible in all the conventional ways.

Not really. You don't have to put your house key in a safe deposit box to provide a reasonable level of security for your home. But keeping it under the door mat is foolish and somewhat useless. This is effectively what keeping the passwd in initrd is.

OP: grepmasterd: I don't think he's talking about keeping the password in the initrd. It doesn't matter if the password has to be typed everytime. It looks like he replaces your initrd cryptsetup to record the entered password to retrieve later. It wouldn't matter if you used a USB key in your safe either. Once he trojaned your initrd and YOU booted your machine afterwards, then he would have to reaccess the machine to get your password.

All in all, I got to agree with GazL. Having a BIOS password, making the first boot device NOT a floppy or CDROM and providing physical security is probably sufficient for normal home security when used with harddrive encyption. (and better than most businesses IMHO)

This issue is not really about the password. The underlying threat is that should you lose physical control of the device containing your boot partition, then it's possible for an attacker to compromise your kernel or initrd without you knowing and for whatever purpose they like, thus rendering your full-disk encryption moot. This is true if your /boot is on any sort of writable media that you lose physical control of including USB thumb drives.


One of the examples cited was airport security where your laptop may be taken into a back-office for 'examination'. It's also quite possible in this case that any USB thumb drives you take with you may also be taken from you, however briefly. Now, if you carry a bootable CD-r with you to boot your system from, then at least that can't be modified easily without you realising it because it is write-once.

Of course, if we're talking security agency level activity here, lets face it these guys have multi-billion dollar funding and most likely have more ways to bug your hardware than you can shake a stick at, so you've already lost.


Leaving the spy stories aside, a more realistic scenario is if you're trying to protect a desk PC in a large shared workplace from out of hours tampering by using full-disk encryption, in which case booting from a USB stick and taking it home with you in the evening is probably more than adequate, so long as you don't leave the USB stick unattended. The difference is that with a bootable cd-r you don't have to worry too much about whether you leave it unattended.


Let's face it though, this is all pretty far fetched stuff and probably not worth worrying about.

You can't. That's the point. Therefore, either don't keep the boot files on the computer at all (boot from a live CD or USB flash drive, and have only encrypted data reside on the computer). Or, if you must use the boot files on the computer, make sure you run them through an IDS like Tripwire or AIDE from live media prior to usage. Of course, you'd still need to worry about a hardware sniffer which could have been installed while you were away. That's the thing with physical access, once you lose control over it, you can't ever really be sure about anything any more. No amount of encryption is gonna change that.

ok, I think I need some enlightenment here. how does one compromise an encrypted filesystem or disk without the password/key? As long as the secret key is not stored anywhere on the system itself, be it disk, bios, nvram, whatever, then your data should be safe, even if it does fall into the hands of untrusted people. It seems like there are possible models for doing this (though I don't know what has been implemented), like:

1. keeping your boot partition on a thumb drive, re-writable or not, so long as the thumb drive is kept safe, or
2. using a public/private key algorithm (with priv key on removable media, also kept safe) from within the boot loader

Am I missing something?

Grepmasterd,

The entire file system is not encrypted. The boot partition must remain unencrypted for the system to bootstrap. It's at this point that trojans can be injected to compromise everything else - for instance, a key logger to record the passphrase for the encrypted volume.

If you take a laptop through TSA/Customs and it doesn't boot, you're going to lose it for an indeterminant period of time and be subject to a more scrutinizing investigation.

In pure paranoia mode, I do like the idea of booting from a small usb drive. I have a micro usb drive that fits in my wallet where I can maintain a significant level of security and accountability. But to avoid trouble with the TSA goons, you'd be wise to 'dual boot' to something just to show it works.

In reality, if you're going to be travelling, dont keep sensitive data on your laptop. VPN it on the internets before you leave the country, download it, use it, and re-VPN it back before you re-enter the country.

If you dont want to leave any trace of what you've been working on, set up a 2nd user account to do your work and browsing. 'shred -u -n 3' that user directory when done.

hm, so "whole disk encryption" is not really that. it's really "whole partition encryption", it sounds like. Also, regarding boot partition compromise, it seems like either keeping the boot partition on a thumb drive or having some way to restore the boot partition from a trusted source at each boot up would resolve those concerns.

this is speculative talk on my part, though, since it doesn't sound like much of this has been implemented. thanks for your ideas.

TSA points are good ones, though I think there are a lot of people (like me) who are more concerned about laptop theft. In that case compromising the boot partition won't do the theives any good, so long as the key is not stored there.

Correct, and even then, the boot partition has to remain read-only while the system is "up" to prevent alteration/compromise of that boot device.

As far as TrueCrypt and LUKS products go, the phassphrase key isn't stored on any disk medium (key files can be).

Also keep in mind that the key is (must be) stored in RAM while the file system is open. That has some inherent risks as well... a root user has full access to /proc/kcore to try and find it. And some researchers have been able to recover that key data after several minutes of the system being powered off (under controlled circumstances).

I would think that if don't want to worry about about TSA when you travel then I think the option I mentioned above about taking the laptop HDD that is encrypted, putting in a box and then shipping it (with tracking and delivery confirmation) ahead of you to your destination would be wise provided you have a secure destination to ship it to (ie. Corporate Office). This why when it's taken to a "back room" for interrogation and to have them rifle through your personal files they wouldn't be able to. Of course it comes down to whom your more afraid of, your government or the person sitting next you.

Me, I often ponder that question, most of the time I'm not worried about the person sitting next to me as I am about the agent standing off in the distance watching my every move.

Like mentioned before, since this is going through Customs (they have unsupervised physical access) you still have to consider federally injected trojans with this option unless you maintain a fake boot partition - and boot from removable boot media.

<tinfoil_hat>In the ultimate paranoid scenario, it's best to maintain physical control of your computer, demonstrate it works as expected by a compliant suspicionless sheeple, and VPN your working data back and forth across country lines. But, if you're that big of a target to the government that they want inject a trojan into your computer as you go through border checkpoints, you're going to get owned eventually. The government is, as previously stated, unstoppable and you're eventually going to make a mistake to inadvertently help them out.</tinfoil_hat>

LOL, I love this topic where this is going. Giving my an idea for next novel. But while I am of not interest to the government, what ruffles my feathers is that them going through my stuff and never knowing what they did or viewed on my system. Never mind that my data isn't TOP-SECRET government material but I think of it as so, it just the principle of the matter. I had a friend whom back in college went through my computer and while I had nothing to hide, it ticked me off to no end to know that my privacy was invaded. He rubbed it in by telling me he'd done it too... Since then I have had a raw taste about my computer and it contents.

I'd compare it to having your home broken into, regardless if they took anything or not, having your personal space invaded by someone unknown to you makes you realize just how vulnerable you are and makes you feel so dirty to know that someone when through your stuff. Not to mention the anger, hell I think anyone would/should be angry to have their personal space invaded.

And such a sad thing is this. What would our forefathers think about today's government.