Originally posted by franglais125
View Post
Announcement
Collapse
No announcement yet.
Cryptsetup Vulnerability Allows Easily Getting To A Root Shell
Collapse
X
-
This hyped vulnerability implies the perpetrator has a physical access to your PC? Well, then he can boot from his own media and p0wn your initrd and access any unencrypted data. Too much drama.
Before you tell me about Secure Boot or BIOS password, stop! Your CMOS can be easily reset by removing a battery.
- Likes 1
Comment
-
Originally posted by birdie View PostThis hyped vulnerability implies the perpetrator has a physical access to your PC? Well, then he can boot from his own media and p0wn your initrd and access any unencrypted data. Too much drama.
Before you tell me about Secure Boot or BIOS password, stop! Your CMOS can be easily reset by removing a battery.
Anyway bios and grub security is kind of pointless these day on a laptop since no one fully powers down their laptop anyway.
Comment
-
Originally posted by carewolf View Post
Removing the battery and leaving it out for 6 months you mean? The CMOS usually has their own small battery.
Anyway bios and grub security is kind of pointless these day on a laptop since no one fully powers down their laptop anyway.
Google->Images 'CMOS battery' and don't humiliate yourself. In case Google is too difficult for you, here's an example.
Comment
-
Originally posted by birdie View PostThis hyped vulnerability implies the perpetrator has a physical access to your PC? Well, then he can boot from his own media and p0wn your initrd and access any unencrypted data. Too much drama.
Before you tell me about Secure Boot or BIOS password, stop! Your CMOS can be easily reset by removing a battery.
Anyway, this "pull the battery to reset" is true for shitty consumer hardware, NOT true for many workstation-grade laptops (say thinkpads) that store the password in a special flash chip.
Yes, you can get at the thing, desolder the fucker or solder cables to reflash it manually to erase it, but it's not something you can do on the fly or without looking at documentation.
http://sodoityourself.com/hacking-ib...bios-password/ (ancient stuff)
http://www.ja.axxs.net/t430.htm (more modern stuff)
official LENOVO statement https://support.lenovo.com/us/en/documents/ht036206
A forgotten Supervisor password will prevent access to the ThinkPad BIOS setup utility. If the Supervisor password has been forgotten and cannot be made available to the service technician, there is no service procedure to reset the password. The system board must be replaced for a scheduled fee. Proof of purchase is required, and this repair is not covered under the warranty.
- Likes 1
Comment
-
Originally posted by Luke View PostFurther note: In Dracut, failure to open an encrypted root device will force an initramfs shell no matter what cryptsetup does, but that is dracut's behavior on not finding root and can't be changed by changing cryptsetup
Comment
-
I've been talking about consumer grade laptops - for instance my laptop from late 2015 has a removable CMOS battery. In fact you anecdotal evidence of business laptops with some sort of flash for storing a password is again anecdotal. At least 95% of laptops out there have an unsoldered CMOS battery which can be easily removed or short circuited. The laptops you're describing are exceedingly rare.
Comment
Comment