Re: FDE and integrity of OS Was: How to Test HDD Encryption

["Mike Hale" <eyeronic.design () gmail com>]

"attacker who has
temporary physical access to your computer (while it is switched off)
changes the system so that attacker's software loads first (the
attacker changes boot-sector or reflash BIOS)"

Do you have an example of a program that can do this?

On 11/14/07, Alexander Klimov <alserkli () inbox ru> wrote:
> On Tue, 13 Nov 2007, Ansgar -59cobalt- Wiechers wrote:
> > > But isn't FDE primarily targeted at protecting data from lost or
> > > stolen systems? A bit over 40% of data breaches are due to lost or
> > > stolen devices.
> >
> > That's its primary use. However, FDE also protects the integrity of
> > the operating system while the computer is not running.
>
> FDE can make tampering with your OS slightly harder but it does not
> protect OS integrity in any strong sense. Consider the following
> example (inspired by `Vbootkit' and `Blue Pill'): attacker who has
> temporary physical access to your computer (while it is switched off)
> changes the system so that attacker's software loads first (the
> attacker changes boot-sector or reflash BIOS), this software loads the
> rest of the system in a virtual environment. For the user the system
> looks exactly the same as it was (e.g., the system asks for password
> or a smart card and decrypts the OS), but in reality the attacker has
> complete control.
>
> --
> Regards,
> ASK


-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0