From Whonix

Anti Evil Maid (AEM) notes.

Adversary capabilities:

  • physical access
  • remove disk
  • re-fash BIOS
  • exfiltrate TPM

Anti Evil Maid (AEM) alternatives:

  • BIOS password
    • attack requires removal of disk
    • there might be a BIOS master password
  • boot partition on USB
    • attack on BIOS required
    • or USB persistent modifications
  • disk hasher → attack on BIOS required

Anti Evil Maid security issues:

  • download binary file SINIT without verification and hope the processor will correctly verify it
  • rely on closed source TPM

Anti Evil Maid (AEM)

  • authenticates machine to the user (not user to machine)
  • change in BIOS → reseal required
  • another complicated password?
  • picture support was deprecated?
  • one time password support OTP TOTP ("google authenticator) (2FA)
  • measurement of Xen, kernel, and initrd versions
  • only compatible with legacy boot
  • not compatible with UEFI
  • not compatible with USB 3.0
  • hide USB from dom0 (more secure but also more fragile) (BadUSB attack) vs not-hide (able to use USB AEM)
  • AEM on USB encourages to boot from USB → makes it easier for an evil maid (no need to change settings in BIOS)
  • a reason for AEM on USB → as a keyfile (second factor) → better yubikey

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.