Pascal Hambourg a écrit :
> Andrew McGlashan a écrit :
>> On 22/11/2015 8:01 PM, Pascal Hambourg wrote:
>>> How would a flaw in the motherboard BIOS/UEFI firmware allow to bypass
>>> the disk password ?
>> If it is able to snoop on your keyboard input.
>
> I would not call this a flaw but actual m
Andrew McGlashan a écrit :
>
> On 22/11/2015 8:01 PM, Pascal Hambourg wrote:
>> How would a flaw in the motherboard BIOS/UEFI firmware allow to bypass
>> the disk password ?
>
> If it is able to snoop on your keyboard input.
I would not call this a flaw but actual malware.
On 22/11/2015 8:01 PM, Pascal Hambourg wrote:
> Andrew McGlashan a écrit :
>>
>> On 22/11/2015 6:11 AM, Pascal Hambourg wrote:
>>> Andrew McGlashan a écrit :
> Assuming the vendor firmware has no backdoor or flaw allowing to bypass
> the user-defined password.
Ditto for the drive's o
Andrew McGlashan a écrit :
>
> On 22/11/2015 6:11 AM, Pascal Hambourg wrote:
>> Andrew McGlashan a écrit :
Assuming the vendor firmware has no backdoor or flaw allowing to bypass
the user-defined password.
>>> Ditto for the drive's own firmware. ;-)
>> That's what I was referring to as "
Andrew McGlashan a écrit :
>
> On 22/11/2015 6:17 AM, Pascal Hambourg wrote:
>> I do not see how this "solution" protects against tampering of the
>> unencrypted boot part.
>
> True, physical access and you are still toast.
The only solution I have read about to protect the boot part on the
inte
On 22/11/2015 6:17 AM, Pascal Hambourg wrote:
> Andrew McGlashan a écrit :
> What problem does it solve exactly, besides the need of a keyboard ?
> I do not see how this "solution" protects against tampering of the
> unencrypted boot part.
True, physical access and you are still toast.
A.
On 22/11/2015 6:11 AM, Pascal Hambourg wrote:
> Andrew McGlashan a écrit :
>>> Assuming the vendor firmware has no backdoor or flaw allowing to bypass
>>> the user-defined password.
>>
>> Ditto for the drive's own firmware. ;-)
>
> That's what I was referring to as "vendor firmware". The disk ve
es not protect against tampering, as the boot
>>> part cannot be encrypted.
>>
>> As I understand it, self-encrypting drives (SED) encrypt
>> everything (including the boot partition).
>
> You can do full disk enccryption, but you are right that you need
> somethi
Andrew McGlashan a écrit :
>
> On 21/11/2015 8:17 PM, Pascal Hambourg wrote:
>> David Christensen a écrit :
>>> As I understand it, self-encrypting drives (SED) encrypt everything
>>> (including the boot partition). To use this feature, you need a
>>> co
On 21/11/2015 8:17 PM, Pascal Hambourg wrote:
> David Christensen a écrit :
>>
>> As I understand it, self-encrypting drives (SED) encrypt everything
>> (including the boot partition). To use this feature, you need a
>> computer with BIOS/ UEFI that supports it -
tampering, as the boot
>> part cannot be encrypted.
>
> As I understand it, self-encrypting drives (SED) encrypt
> everything (including the boot partition).
You can do full disk enccryption, but you are right that you need
something to "boot" ... my solution is to use dro
and read or modify it with another
>> machine.
>>
>> To protect against this you can use encryption or set up a password
>> on the disk (ATA security functions). Note that encryption alone does
>> not protect against tampering, as the boot part cannot be encrypted.
&
David Christensen a écrit :
>
> As I understand it, self-encrypting drives (SED) encrypt everything
> (including the boot partition). To use this feature, you need a
> computer with BIOS/ UEFI that supports it -- e.g. the BIOS will prompt
> you for the password during POST; if
use encryption or set up a password
on the disk (ATA security functions). Note that encryption alone does
not protect against tampering, as the boot part cannot be encrypted.
As I understand it, self-encrypting drives (SED) encrypt everything
(including the boot partition). To use this feature
14 matches
Mail list logo
