# able to delete encrypted partitions with livecd, why?

## LoTeK

hi,

without entering my password I could delete partitions of my encrypted SSD with fdisk after booting a livecd. So although I couldn't access the data on the drive without entering my password I was able to destroy them. Is this normal? I thought that with encryption an attacker can't do anything without the password (except maybe the NSA or whatever   :Smile:  )

Because I have my /boot partition on a USB stick it would be very exhausting to disable USB boot as default and always entering first a BIOS password, than boot from USB stick and then entering the password for the encrypted device...

----------

## BillWho

LoTeK,

That's normal. Encrypted partitions aren't protected from deletion.

----------

## 666threesixes666

id expect this behaviour.  you can blast the data off to make a new partition, but if you want to see your sensitive politician data you gotta have the access codes.  disk is for formatting partitioning and installing is it not?

----------

## avx

Encryption (via software) != write protection

As long as there's physical access, that's the situation. There are harddrives with built-in encryption which may have this feature - I don't know - but since there encryption isn't open, there's no reason to trust them.

----------

## LoTeK

Ok, I didn't know that. 

 *Quote:*   

> As long as there's physical access, that's the situation. There are harddrives with built-in encryption which may have this feature - I don't know - but since there encryption isn't open, there's no reason to trust them.

 

But the primary objective of hardware encryption is protection against physical access, isn't it? Because when you start your machine and enter your password then the disk is decrypted and therefore one isn't protected against online threats.

Is it not possible to build software encryption that allows write protection?

----------

## John R. Graham

 *avx wrote:*   

> There are harddrives with built-in encryption which may have this feature...

 All ATA drives (SATA and PATA) have a password locking feature. However, there's no strong protection for the password (it's typically just hidden somewhere on the disk; worse, it travels in the clear over the ATA interface to unlock the drive) nor does it imply encryption: if you can physically access the drive (i.e., with analysis tools), you can recover the contents.

- John

----------

## LoTeK

 *Quote:*   

> However, there's no strong protection for the password (it's typically just hidden somewhere on the disk

 

Is it not possible to store the password on a USB-stick?

----------

## John R. Graham

The hard drive has to know the password in order to validate whether or not the unlock request is presenting the correct password. Where you store the password is up to you, but a copy is always on the disk as well. It's not on a user-accessible sector so it can't be read back directly. The take-away is that, if your drive is stolen, the password is weak protection.

- John

----------

## Hu

 *LoTeK wrote:*   

>  *Quote:*   As long as there's physical access, that's the situation. 
> 
> But the primary objective of hardware encryption is protection against physical access, isn't it? Because when you start your machine and enter your password then the disk is decrypted and therefore one isn't protected against online threats.

 You need to distinguish between different types of physical access attack.  Drive encryption is intended to prevent unauthorized users from viewing the contents of the disk.  As a side effect, it prevents subtle modifications, like adding backdoors to your favorite programs.  However, that latter is prevented as a direct consequence of the former.  The attacker cannot identify which sectors contain the target program, nor how to modify the disk in a way that adds the backdoor without corrupting other data.  The attacker may write to the disk freely, but he does so without the ability to understand what his writes change in your filesystem.  Thus, all but the most obvious changes, such as wiping your partition table, cause massive corruption.

 *LoTeK wrote:*   

> Is it not possible to build software encryption that allows write protection?

 If by software encryption, you mean that I can hand you any consumer grade drive and your algorithm will guarantee the ability to prevent an attacker from writing to that drive, then no, it is not possible.  If we assume that the attacker can execute code of his choosing on your CPU, as happens with any LiveCD, then only the hardware is still potentially under your control, so only the hardware can deny the unauthorized writes.  If you mean that you will load special firmware onto your drive to provide this protection, then yes, you could.  Firmware is a form of software, but beware that in most cases, if the drive allows custom firmware at all, the attacker probably has the option to load a different firmware that is more cooperative.

----------

## LoTeK

 *Quote:*   

> If by software encryption, you mean that I can hand you any consumer grade drive and your algorithm will guarantee the ability to prevent an attacker from writing to that drive, then no, it is not possible

 

So there are maybe special military drives combined with embedded software that allow write protection? 

 *Quote:*   

> If we assume that the attacker can execute code of his choosing on your CPU, as happens with any LiveCD, then only the hardware is still potentially under your control, so only the hardware can deny the unauthorized writes. If you mean that you will load special firmware onto your drive to provide this protection, then yes, you could. Firmware is a form of software, but beware that in most cases, if the drive allows custom firmware at all, the attacker probably has the option to load a different firmware that is more cooperative.

 

I see, but if one has a BIOS password and boot from CD/USB is disabled then one would be secure in the former sense?

Is any firmware closed source?

----------

## avx

Normal BIOS passwords are easy to reset, just unplug the mobo battery for a few minutes or use a special jumper. It's harder, but still not impossible, if it's stored in something else, i.e. trusted platfrom module, but they are usually not on consumer hardware.

Disabling boot from other media is therefor circumvented by resetting the BIOS/EFI or just pulling the disk and putting it in another system.

If you're afraid someone deletes stuff, that's what backups are for.

----------

## LoTeK

 *Quote:*   

> Normal BIOS passwords are easy to reset, just unplug the mobo battery for a few minutes or use a special jumper. It's harder, but still not impossible, if it's stored in something else, i.e. trusted platfrom module, but they are usually not on consumer hardware.

 

yes I know, but in thinkpads it's different (I like it that way, but unfortunately I've set a password and I'm stupid enough to forget it   :Laughing:  , therefore I know from personal experience that it's not as easy as with "normal" computers.. luckily for me the ability to boot from USB was enabled before I forgot it. But therefore this would not be an option anyway).

 *Quote:*   

> If you're afraid someone deletes stuff, that's what backups are for.

 

Actually I'm not afraid at all, because I neither have any secret/very-personal stuff on my computer nor do I have a credit card, but it's just a matter of personal interest in this stuff and I would like to say: "my system is a fortress"   :Smile: 

----------

## Hu

 *LoTeK wrote:*   

>  *Quote:*   If by software encryption, you mean that I can hand you any consumer grade drive and your algorithm will guarantee the ability to prevent an attacker from writing to that drive, then no, it is not possible 
> 
> So there are maybe special military drives combined with embedded software that allow write protection?

 It is possible that such a drive exists, and it could even be available to the general market.  However, the desirability of such a drive is so low that I have never heard of one being created.

 *LoTeK wrote:*   

> Is any firmware closed source?

 Most firmware is closed source, unfortunately.

----------

