one complaint ive had with the OTP key mechanism
i want there to be a way to lock reading of the keys until a reboot has completed
if that is done, then gaining root after the luks unlock wont give them access to OTP
so the thread surface is drastically reduced, to just the initrd and luks unlock process
but if the attacker has /dev/mem access, they could still undo that, so it depends on how youve built your kernel
i want there to be a way to lock reading of the keys until a reboot has completed
if that is done, then gaining root after the luks unlock wont give them access to OTP
so the thread surface is drastically reduced, to just the initrd and luks unlock process
but if the attacker has /dev/mem access, they could still undo that, so it depends on how youve built your kernel
Statistics: Posted by cleverca22 — Tue Jun 11, 2024 12:17 am