3

I have questions about secure boot and TPMs and I couldn’t find precise answers on the web, so I’m hoping someone skilled in this domain will be able to answer.

In a case of an evil maid attack, what prevents an attacker from replacing the chip containing the keys used for verification of the booted OS with a rogue one, allowing to boot a rogue OS ?

Assuming that nothing really prevents that, how can I configure LUKS so that it unlocks only if there is the right TPM module plus a manually-entered password ? So I’m protected against chip replacement and cold-boot attack/bus-sniffing, because the system can only boot with the presence of the original TPM and myself.

I’m sorry if I asked something evident, don’t exactly know how all of this is working.

gfaure
  • 41

1 Answers1

2

If you are using the TPM to store the keys used for unlocking a LUKS volume, then removing/replacing that TPM will automatically force the OS to require a password to unlock, as it no longer has the keys available.

If you really want luks to require both TPM keys and a password on every unlock, then you will need to double-encrypt your volume

Cpt.Whale
  • 10,914