|
|
|
|
|
|
by rjmalagon
1605 days ago
|
|
|
Your second guess is the correct one.
This is a bug in the LUKS2 header metadata that can trick the kernel to "recover and resume" an unsolicited decryption/reencryption process. Very hard to do because you need access to the drive and later someone to unlock the modified drive. It as fixed bug, and a plausible scenario is if someone wants to decrypt a LUKS2 (in and old linux kernel system) which is auto unlocked by a TPM like device. |
|
|
how's the TPM ecosystem on linux like? On windows bitlocker, it mostly just works, but IIRC on linux you had to jump through a bunch of hoops to get everything configured.