[systemd-devel] How to factory reset?

Simon McVittie simon.mcvittie at collabora.co.uk
Tue Mar 10 10:31:20 PDT 2015


On 10/03/15 17:13, Tobias Hunger wrote:
> Even if all filesystems are encrypted you could factory-reset random
> computers you have access to, simply by editing the bootloader
> configuration file usually found in the poorly protected EFI
> partition!

If your threat model includes "an attacker can alter the partition
containing my initramfs without me noticing", then you can't win. The
attacker could equally well replace the initramfs with one that accepts
your cryptsetup password and uploads it to the internet.

For that matter, if their only goal is denial of service, they could
equally well just zero out the encrypted partitions, or their cryptsetup
key blocks - they won't know what those zeroes will decrypt to, but the
answer "not your data" is good enough for denial of service.

    S


More information about the systemd-devel mailing list