Conversation

As impressive and scary as tjis sounds, it's a complete non-threat with proper use of FDE and IOMMU.
Quote Tweet
One of my first ever hardware projects was making malware that installs itself inside the hard drive (not on the disk, but inside the hard drive firmware). Even if you reformatted the entire computer, the malware would just write itself back.
Show this thread
3
3
Replying to
In theory, but in practice disk encryption rarely provides authenticated encryption and doesn't protect against an attacker able to modify the encrypted data. It is possible to do it though. Code that handles bootstrapping also needs to be verified of course.
1
4
Replying to and
fscrypt is supposed to be providing efficient AEAD cipher support at some point. I'm not sure if fscrypt is actually entirely upstream though since source.android.com/security/encry doesn't seem to be supported upstream rather than layering it on dm-crypt like source.android.com/security/encry.
1
1
Show replies