Bypassing Disk Encryption with Automatic TPM2 Unlock: A Critical Vulnerability
2025-01-17
This article exposes a critical vulnerability in systems using TPM2 for automatic disk encryption unlocking. An attacker with brief physical access can decrypt the disk without altering the TPM's state. The vulnerability stems from most setups failing to verify the LUKS identity of the decrypted partition. The attacker can use the initrd image in the unencrypted boot partition to create a fake LUKS partition with a known key, tricking the system into executing a malicious init program, thereby obtaining the original disk key. Solutions include using a TPM PIN or properly verifying the LUKS identity within the initrd.
Tech
Disk Encryption