On Tuesday, February 20, 2018 at 7:04:00 AM UTC+7, Tim W wrote: > Make sure there is no way to softboot\power cycle the box as with sed opal2 > hw encrypt drives they will stay unlocked until either manual locked or power > loss state i.e. true power cycle. I run Samsu. 850pro But still run luks > as a precaution to some tricks to softboot a locked powered on system.
I know about this problem, I want to use hardware-based encryption against unprepared/unskilled attackers, but if someone really want to get the keys, there'll allways be a way to do this when you have physical access to the hardware. For example, even if you use LUKS in addition to hardware encryption, the LUKS keys will be in the RAM and attacker can read them directly from RAM: https://en.wikipedia.org/wiki/Cold_boot_attack -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d8f87378-2530-4cd1-93ed-db735ad9dd00%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.