This talk will cover how Trusted Platform Modules (TPMs) are used for boot process validation, focused on the use case of automatic full-disk encryption in Linux. It is intended for an audience with a reasonably technical background, especially those who have enabled full-disk encryption but do not fully understand the details of how it is implemented.

The talk will start by introducing TPMs and their role in boot process validation. This will primarily focus on the measurements held by Platform Control Registers (PCRs), and how they are used to control when data may be unsealed from the TPM. This context will be used to build an understanding of how the system performs disk encryption without requiring a user password.

A specific failure mode, not measuring PCR 9, will be covered in detail. PCR 9 measures the initramfs, an unencrypted file system loaded early in the Linux kernel initialization process to provide data that is needed before the primary file system can be loaded.

An easy and surprisingly fast evil maid attack will be demonstrated that obtains the disk encryption key on a misconfigured system by tampering with initramfs. The attack will be presented through recordings and screen captures, it will not be performed live.

Finally, two methods of preventing this attack will be given, one based on bundling the initramfs into a signed kernel image, and the easier method of enabling PCR 9, a step which everyone should be doing but is absent from many tutorials.