Collaborate Disseminate
I was reading the Gentoo guide on Full Disk Encryption and couldn’t help but be triggered by the first line:
True Full Disk Encryption is not something that helps in most threat models, and it requires using separate storage to store all … Continue reading Why is FDE not something that helps in most threat models?
I’ve been hearing stories about people suffering apartment break-ins. This made me think about what might be stolen from my apartment if something similar happened, and the desktop computer certainly seems like an attractive option.
My Win… Continue reading Is the Windows PIN sign-in option good protection in case of device theft? [duplicate]
My partner who knew my pin to my iPhone 14 took off with my phone for 3 days and when it was returned it was appeared off like it appeared a smaller screen resolution and inspecting it I noticed 2 things. 1 I had recently completed a backu… Continue reading Evil maid attack after my iPhone disappeared and returned 2 days later [closed]
Since JTAG can be authenticated and encrypted, which key is used? I read that Secure Boot is used, but what is the key? Me, owner of this laptop, how can I know the key to use to access my own laptop JTAG?
If you are using an encrypted APFS container, for example, to encrypt the Time Machine, whenever the physical disk is plugged in, MacOS asks for a decryption password with an option to store it ("remember the password") in the ke… Continue reading Storing APFS password in Apple’s Keychain for Time Machine
Suppose you need a laptop repair, so you bring it to
A big box store where you have some sort of coverage (who will have the computer for 2-3 weeks)
A small chain of repair shops
a small independent repair shop
All in the United States. … Continue reading Laptop Repair vs. Evil Maid
I’ve gone through a related question on how to protect data in case of unauthorized physical access to a server, where the consensus seemed to be that preventing data access when someone has physical access to the server (the machine is tu… Continue reading How to protect a local server if someone has physical access to it?
Context
I’m working to make an embedded devices safe against physical access. (publicly accessible device and can be easily stolen)
I already made the following action :
secure boot is enabled on cpu, bootloaded is signed
Image is also si… Continue reading How to safely use dm-crypt as overlayfs uper partition?
Security threat: physical theft of a laptop and a server that use TPM2 auto unlock FDE with LUKS. In both cases the TPM checks against some PCRs before unsealing the key. The laptop prompts for a TPM PIN, the server doesn’t. The attacker i… Continue reading PCR to prevent TPM2 key unsealing in case of rogue DMA devices connected?
I can think of multiple ways to surveil a logged out computer with temporary physical access. The first is installing a hardware keylogger which would enable one to get all the keystrokes from it; however, hardware keyloggers on laptops ar… Continue reading Surreptitiously surveil a logged out laptop AD workstation’s keyboard with temporary physical access?