-
@ cherti
2025-03-01 18:53:33
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqpxywsmv64yuv3u9uregzj36sx4luu5cqhzlvjqen3gjdd7jzt5ls4uxg92
1. the initramfs needs to hand off to the real root at some point after opening the LUKS. There could be a possibility to deploy malware into the real root? Would not break the encryption, but nicht allow to circumvent it if stealthy enough?
2. Alternatively, the kernel from pre-LUKS remains, so the final running system could be kernel-level compromised?
3. The initramfs could use the LUKS prompt shown for a luksAddKey instead of luksOpen and then open with that key?
Defend!^^