On Do, 05.12.19 15:23, Kevin Kofler (kevin.kofler(a)chello.at) wrote:
Lennart Poettering wrote:
> Uh, first of all plain full disk encryption like we set it up
> typically on Fedora provides confidentiality, not integrity.
Well, it does protect against offline modification (i.e., "borrow" the
computer or the storage devices, put the storage devices into another
computer, trojan the OS, and return the "borrowed" device without getting
caught; or even just boot the computer from a malicious boot device and
trojan the OS from there, if the boot order is not locked). It does not
protect against online modification (i.e., attack the system while it is
running and the disk is decrypted).
No it does not protect against offline modification. That's why
dm-integrity exists after all.
If you use LUKS/dm-crypt without dm-integrity and you have a clue
where things are located then you can change files without anything
being able to detect that. (On btrfs you might have some luck, since
it has data checksumming, but ext4 and other traditional file systems
do not).
And it's easier to figure out where stuff is located then you might
think since we live in a world where people use SSDs and mount file
systems with "discard", so that what are used blocks and what are free
blocks is propagated to the underlying device. Moreover file systems
write in certain patterns, i.e. try to keep large files in one stream
together, put files in the same directories adjacent to each other and
so on, and are usually roughly reproducible.
Lennart
--
Lennart Poettering, Berlin