Results 1 to 5 of 5

Thread: Access GRUB and break into full encryption drive?

  1. #1
    Join Date
    Feb 2008
    Location
    Munster, Ireland
    Beans
    2,467
    Distro
    Ubuntu Mate

    Question Access GRUB and break into full encryption drive?

    Hi.

    I have full disk encryption on Ubuntu-MATE 15.04. I notice that I can get to GRUB before being asked for the disk decryption password. Can someone access GRUB and break into my encrypted hard drive? I'd think not but would just like some input on this.

    Thanks.
    1st Distro used (live CD): Knoppix in early 2007 ¦ 1st Distro Installed: Ubuntu 7.10 in Feb 2008
    GNU/Linux User #470660 – Ubuntu User #28226
    Isaac Asimov: "I do not fear computers. I fear the lack of them."

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Access GRUB and break into full encryption drive?

    They can attack your encrypted drive. Does that mean that anyone can break it? I dunno. Some reading:
    * https://www.schneier.com/blog/archiv...ng_hard-d.html
    * http://www.jakoblell.com/blog/2013/1...ks-partitions/
    * http://www.irongeek.com/i.php?page=v...on-tom-kopchak

    There is an attack technique where the boot code on your device is replaced with modified code and wait for you to enter the credentials to unlock the storage, storing those or transmitting them elsewhere. Attackers can be patient at this level. If you are paranoid enough, you might want to only boot off a portable device that you keep with you always - at least when travelling. That includes going into the shower, toilet, etc ... when staying in hotels so the evil maid attack is useless.

    For anyone who travels overseas, it might be useful to have a small bootable Linux install that can be used to show a working device or let border control at different locations around the world see a fresh install with ZERO data. A minimal install should fix in 4G and suffice to prove a working system. Other partitions would be encrypted and unused in this "demo" mode boot. i'd make the demo-mode the default boot too.

    Of course, rubber hose unlocking techniques will still exist.
    Last edited by TheFu; May 18th, 2015 at 09:14 PM. Reason: attack techniques, suggestions.

  3. #3
    Join Date
    Feb 2008
    Location
    Munster, Ireland
    Beans
    2,467
    Distro
    Ubuntu Mate

    Re: Access GRUB and break into full encryption drive?

    Thanks for the links. The video was particularly informative.
    1st Distro used (live CD): Knoppix in early 2007 ¦ 1st Distro Installed: Ubuntu 7.10 in Feb 2008
    GNU/Linux User #470660 – Ubuntu User #28226
    Isaac Asimov: "I do not fear computers. I fear the lack of them."

  4. #4
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,783

    Re: Access GRUB and break into full encryption drive?

    The boot partition is not encrypted. The machine has to start up somehow.

  5. #5
    Join Date
    Feb 2008
    Location
    Munster, Ireland
    Beans
    2,467
    Distro
    Ubuntu Mate

    Re: Access GRUB and break into full encryption drive?

    Quote Originally Posted by HermanAB View Post
    The boot partition is not encrypted. The machine has to start up somehow.
    True.
    Attached Images Attached Images
    1st Distro used (live CD): Knoppix in early 2007 ¦ 1st Distro Installed: Ubuntu 7.10 in Feb 2008
    GNU/Linux User #470660 – Ubuntu User #28226
    Isaac Asimov: "I do not fear computers. I fear the lack of them."

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •