| ▲ | arcfour 2 hours ago | |
The attacker does this when the drive is already unlocked & the OS is running. Backdooring your kernel is much, much more difficult to recover from than a typical user-mode malware infection. | ||
| ▲ | AnthonyMouse 2 hours ago | parent [-] | |
> The attacker does this when the drive is already unlocked & the OS is running. But then you're screwed regardless. They could extract the FDE key from memory, re-encrypt the unlocked drive with a new one, disable secureboot and replace the kernel with one that doesn't care about it, copy all the data to another machine of the same model with compromised firmware, etc. | ||