Wednesday, February 22, 2017

Unencrypted /boot partition can be infected from windows on dual-boot system?


I have dual-boot with windows 7 and ubuntu.



  • /dev/sda1 ext4 (/boot)


  • /dev/sda2 ntfs (windows partition)


  • /dev/sda5 ext4 (root encrypted)



I don't have any concern of adversaries gaining physical access to my laptop and installing keylogger on unencrypted /boot partition.


But my concern is that if my windows 7 is compromised by adversary could they(Without Physical access):



  1. Enable windows to recognise ext4 boot partition and install keylogger there to record paraphrase on next ubuntu boot.

  2. Read paraphrase collected by keylogger on next windows boot.

  3. use that paraphrase to unlock linux root partition from windows, and replace original kernel.


Or am I being paranoid?


I m linux newbie, and very concerned about privacy. Please help.



Yes, in theory an attacker can install a modified kernel with a keylogger to your /boot partition.


If you are worried about this you might want to run Windows in a virtual machine rather than dual boot.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

11.10 - Can't boot from USB after installing Ubuntu

I bought a Samsung series 5 notebook and a very strange thing happened: I installed Ubuntu 11.10 from a usb pen drive but when I restarted (...