HackerTrans
TopNewTrendsCommentsPastAskShowJobs

blastrock

no profile record

comments

blastrock
·पिछला वर्ष·discuss
Thanks for the link!

Funny to see that someone already thought of this attack in 2022
blastrock
·पिछला वर्ष·discuss
Very clever!

I am the author of one of the older guides https://blastrock.github.io/fde-tpm-sb.html .

I was wondering about the solution you propose which seems a bit complicated to me. Here's my idea, please tell me if I'm completely wrong here.

What if I put a file on the root filesystem with some random content (say 32 bytes), let's name it /prehash. I hash this file (sha256, blake2, whatever). Then, in the signed initrd, just after mounting the filesystem, I assert that hash(/prehash) == expected_hash or crash the system otherwise. Do you think it would be enough to fix the issue?