Anti Evil Maid (AEM) notes.
- physical access
- remove disk
- re-fash BIOS
- exfiltrate TPM
Anti Evil Maid (AEM) alternatives:
- BIOS password
- attack requires removal of disk
- there might be a BIOS master password
- boot partition on USB
- attack on BIOS required
- or USB persistent modifications
- disk hasher → attack on BIOS required
Anti Evil Maid security issues:
- download binary file SINIT without verification and hope the processor will correctly verify it
- rely on closed source TPM
Anti Evil Maid (AEM)
- authenticates machine to the user (not user to machine)
- change in BIOS → reseal required
- another complicated password?
- picture support was deprecated?
- one time password support OTP TOTP ("google authenticator) (2FA)
- measurement of Xen, kernel, and initrd versions
- only compatible with legacy boot
- not compatible with UEFI
- not compatible with USB 3.0
- hide USB from dom0 (more secure but also more fragile) (BadUSB attack) vs not-hide (able to use USB AEM)
- AEM on USB encourages to boot from USB → makes it easier for an evil maid (no need to change settings in BIOS)
- a reason for AEM on USB → as a keyfile (second factor) → better yubikey
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)