Amaelle Guiton 💾 is a user on mstdn.fr. You can follow them or interact with them if you have an account anywhere in the fediverse.
If you don't, you can sign up here.
Yo Mastodon, petite question #opsec avant que j'aille torturer un nouvel ordi et/ou que j'investisse dans un nouveau gadget : la Yubikey ça pare à la "evil maid attack", ou ça vaut toujours le coup d'avoir le /boot sur une clé externe ?
@amaelle_g Booting from an external USB stick does not necessarily protect you from an Evil Maid attack, check https://mjg59.dreamwidth.org/35742.html for options using a time based one time password generator on your mobile phone (or build one with an arduino: https://hackaday.com/2012/07/11/time-based-one-time-passwords-with-an-arduino/).
@oliof What I don't get is: what can be tampered with when HD is fully encrypted & /boot is on an external USB stick?
@amaelle_g it would still be possible to intercept the passphrase by man-in-the-middling the bootup phase/putting something between your usb stick and the disk to unlock (for example by modifying the firmware on your mainboard). The TPM measuring method protects against that.