Actions

AEM

From Whonix



Anti Evil Maid (AEM) notes.

Adversary capabilities:

  • physical access
  • remove disk
  • re-fash BIOS
  • exfiltrate TPM

Anti Evil Maid (AEM) alternatives:

  • BIOS password
    • attack requires removal of disk
    • there might be a BIOS master password
  • boot partition on USB
    • attack on BIOS required
    • or USB persistent modifications
  • disk hasher → attack on BIOS required

Anti Evil Maid security issues:

  • download binary file SINIT without verification and hope the processor will correctly verify it
  • rely on closed source TPM

Anti Evil Maid (AEM)

  • authenticates machine to the user (not user to machine)
  • change in BIOS → reseal required
  • another complicated password?
  • picture support was deprecated?
  • one time password support OTP TOTP ("google authenticator) (2FA)
  • measurement of Xen, kernel, and initrd versions
  • only compatible with legacy boot
  • not compatible with UEFI
  • not compatible with USB 3.0
  • hide USB from dom0 (more secure but also more fragile) (BadUSB attack) vs not-hide (able to use USB AEM)
  • AEM on USB encourages to boot from USB → makes it easier for an evil maid (no need to change settings in BIOS)
  • a reason for AEM on USB → as a keyfile (second factor) → better yubikey


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

https [archive] | (forcing) onion [archive]

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.