A newly found security flaw in Ubuntu could allow attackers with physical access to bypass full disk encryption. Learn how the attack works.
  • fmstratEnglish
    38 days ago

    You always “boot something that is unencrypted.” You then “mount” the encrypted volumes and load the OS.

    This is how people can put an SSH server (dropbear) in initramfs so they can unlock remotely.

    The attack is to initramfs, not the encrypted layer.

    The order’ish:

    • Boot
    • Initramfs loads, gives you the LUKS prompt
    • Initramfs decrypts/mounts OS
    • OS loads
      • fmstratEnglish
        28 days ago

        But… your original comment is just… wrong?

        This isn’t a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable.

        The default LUKS partition scheme is vulnerable.

        It’s not even a process flaw at that point, just “possible”.

        There is a successful POC, it is a flaw.

        you can compromise disks once encrypted because everything is happening in an in-memory boot process.

        This is not just in-memory. This is modifying the unencrypted part of initramfs on disk. Powering off the machine does not remove the exploit.