The current state of full disk encryption is still not good (2025)

June 18, 2025 June 18, 2025 One-minute read

tpm • linux • encryption • security

TBD:

presentation
slides
resources and further reads of the talk of the talk

Resources

Motivation & thread model
- https://www.tagesschau.de/inland/innenpolitik/bka-durchsuchungen-heimlich-100.html
Smartphone Security
- Cellebrite leaks
  - https://osservatorionessuno.org/blog/2025/03/a-deep-dive-into-cellebrite-android-support-as-of-february-2025/#the-february-2025-support-matrix
  - TODO: GrapheneOS social
- Auto reboot timer
- Chip-Off
  - https://www.youtube.com/watch?v=yzVIKc5Vj3A
- Budapest Komplex: https://alleantifa.noblogs.org/post/2025/05/26/21-05-2025-bericht-vom-17-prozesstag/
FDE on Linux
- https://srijan.ch/encrypting-an-existing-linux-systems-root-partition
- https://media.ccc.de/v/gpn20-32-poc-implementing-evil-maid-attack-on-encrypted-boot
- cold boot attacks
  - demo: https://www.youtube.com/watch?v=XfUlRsE3ymQ
  - https://trustedcomputinggroup.org/wp-content/uploads/TCG_PlatformResetAttackMitigationSpecification_1.10_published.pdf
  - linux implementing: https://github.com/torvalds/linux/commit/ccc829ba3624beb9a703fc995d016b836d9eead8
  - f-secure’s bypass: https://blog.f-secure.com/cold-boot-attacks/
    - demo https://www.youtube.com/watch?v=RqvPZnLkP70
  - podcast by f-secure’s researchers: https://www.youtube.com/watch?v=2ww2R-CvPz0
  - german talk https://www.youtube.com/watch?v=lwrpzTcyxPY)h
  - https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense
  - https://en.wikipedia.org/wiki/TRESOR
  - https://www.kicksecure.com/wiki/Dev/confidential_computing#RAM_Encryption
  - BusKill https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
TPMs
- TPM image: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/system/event_attachments/attachments/000/004/103/original/36c3-hacking-tpm.pdf
- TPM explained: https://debugging.works/blog/tpm-explained/
- Gist - How to use a TPM on Linux: https://gist.github.com/kmille/1bc2e4b84adac13f4cc529e9f0b6391a
- TPM2 PCR Measurements Made by systemd: https://systemd.io/TPM2_PCR_MEASUREMENTS/
- attacks:
  - TPM Sniffing: images https://pulsesecurity.co.nz/articles/TPM-sniffing https://blog.scrt.ch/2021/11/15/tpm-sniffing/
  - https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
  - https://blog.securityinnovation.com/preventing-initramfs-attacks-tpm
  - Stacksmashing - TPM sniffing: https://youtu.be/wTl4vEednkQ?si=nBcPMiFyu8MEpKb3
  - Github Merge Request Systemd (TPM2 parameter encryption): https://github.com/systemd/systemd/pull/22630
  - Windows & parameter encryption: https://security.stackexchange.com/questions/253776/why-does-windows-not-enable-tpm-2-0-parameter-encryption-to-protect-against-bus
  - Pentesting company using TPM sniffing for red teaming: https://blog.scrt.ch/2024/10/28/privilege-escalation-through-tpm-sniffing-when-bitlocker-pin-is-enabled/
  - TPM sniffing trainings/workshops
    - https://www.orangecyberdefense.com/ch/insights/events/tpm-sniffing-workshop
    - https://hands-on-security.com/#trainings
  - how to enable TPM PIN on Windows: https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/
  - bitpixie vulnerability

non technical solutoins for cops