Conversation

Notices

1. Embed this notice
   Lennart Poettering (pid_eins@mastodon.social)'s status on Thursday, 12-Jun-2025 04:07:52 JST Lennart Poettering

   in reply to

   • Klaus Frank
   • Timothée Ravier

   @agowa338 @siosm not sure what you are going on about, but the way the trust chain concept works on modern computers is that you boot up in a trusted state, and then chain everything else from there. Hence of course, you reboot to reset the state, to get your trust chain into a clean state again?

   Note that all of systemd's factory reset work actually runs from the initrd, i.e. under the assumption of an UKI world in a fully vendor signed part of the OS with only minimal input from elsewhere.

   • Embed this notice
     Klaus Frank (agowa338@chaos.social)'s status on Thursday, 12-Jun-2025 04:07:52 JST Klaus Frank

     in reply to

     • Timothée Ravier

     @pid_eins @siosm

     But why should I need to break the trustchain as an attacker wanting to exfiltrate secrets? I can do most of that as regular user. Therefore we never turn compromised systems back on once we know they're compromised.
     That just gives attackers opportunities to have their scripts ran. Also there is still the risk of exploits.

     It is just bad security practice to boot from a compromised disk. At most you'd attach it to an air gapped offline system to do analysis and such...

   • Embed this notice
     Klaus Frank (agowa338@chaos.social)'s status on Thursday, 12-Jun-2025 04:07:53 JST Klaus Frank

     • Timothée Ravier

     @pid_eins @siosm

     Lol, so now we should boot the compromised system again? You know that normal security practice is to wipe it before it lays eggs right?

     Also if just rebooting was enough then we wouldn't literally need to do the factory reset...