They're running on VMs, not bare metal, presumably, because their (new) server's reverse DNS is vps-*, and previously on Digitalocean. You can just dump the VM's memory space while unlocked, can't you?

A lot of this seems like security theater, especially while still hosted behind Cloudflare.

Oops.

Yeah, here it does seem security theater.

But still, it was a good writeup. I mean, dropbear and all.

I have no clue why they're using VPS, after all that. I mean, if they're a real business, they ought to just setup a server, and ship it to Iceland. If the want the ease of VPS, it's easy to do secure KVM in a FDE server. Even with Docker containers within KVM, if you like.

“If they’re a real business” - this is the sort of dribble HN is reduced to? A real business can’t run on a VPS?

It's not that a "real business" that talks about FDE, and has moved to Iceland for better security, can't run on hosted VPS. But they're being disingenuous if they do so.

But what I mainly meant is that a "real business" can afford to build secure servers, ship them to Iceland, and send trusted staff to set up and configure them.

Ok cool. Now I understand very clearly. Thank you.

I believe the point here is that they claim that they care about security, while their Icelandic VPS hosting provider can just dump the host server memory, which would include the encryption keys.

Then can’t we say that? “If they truly cared about security they wouldn’t use a VPS”. It just rubs me the wrong way the way it’s worded.

Yes, I should have been clearer. Sorry.

This is a good point. We are moving to a dedicated server to resolve this issue.

Nice :)

You probably know this, but anyway. If you're setting up FDE with dropbear on a remote server, it's best to build the installer on the machine.

Evil mastermind, supervillains level :)

I dig around. So to remotely unlock LUKS, on bare-metal in datacenter, one can use custom initramfs, like https://github.com/mtth-bfft/dracut-dropbear-unlock

But still "boot time SSH server's key is stored unencrypted, man-in-the-middle attacks can also be carried out to recover the encryption key at boot time". Ideas?

The full quote:

> Full-disk encryption doesn't protect you against someone with physical access to the machine: the encryption key can be recovered from RAM at runtime (e.g. cold boot attacks), and since the boot time SSH server's key is stored unencrypted, man-in-the-middle attacks can also be carried out to recover the encryption key at boot time. Consider this in your threat model.

So yes, for "Evil mastermind, supervillains level" you gotta embed the RAM, and everything that would give adversaries physical access to the RAM, in alumina-filled epoxy. Or better, alumina-and-fiberglass-filled epoxy. The alumina gives you heat condictivity, and the fiberglass strength. Plus embedded trip wires to nuke the board if they're cut.

It's also prudent to disconnect all ports from the board, except for the NIC, and embed everything that could be used to reconnect them.

With that, it'd be very difficult to get anything from RAM. Attempts at physical access would destroy the system.

But is the storage hdd/ssd epoxied too? The ssh keys to do MITM are in cleartext on boot partition... FBI can put their box on your server's IP, and you'll happily connect, same fingerprint, and type unlock and passphrase.

Sorry. Wasn't thinking clearly. I guess that you'd need to embed the SSD(s) too.

But I wonder if there's a way to reproducibly generate SSH key pairs from hardware IDs. That way, there'd be no keys stored in /boot, and they'd be generated at each boot. So only your hardware would have the right keys.

This TPM guide describes TPM for LUKS. "PCR 0-7 Measured by BIOS" seems like HW fingerprint. https://github.com/morbitzer/linux-luks-tpm-boot

If this thing works, there is no need for remote ssh FDE unlocking.

Thanks. If I understand that correctly, the LUKS key is stored in the TPM. Which is protected by a password. So you boot into initramfs, and provide the password.

And this could also work via dropbear. There'd still be an exposed dropbear SSH key in /boot. But it'd be the TPM that you're unlocking. And I assume that there are ways to verify the authenticity of the TPM via initramfs, before providing a password.

Am I understanding that right? It does seem more complicated. Especially given that you don't have physical access to the server.

> .. the LUKS key is stored in the TPM. Which is protected by a password.

Yup. Nope. The key is protected by TPM magic :). TPM measures stuff, then we put the key in TPM and seal it to PCRs 0-13 measurements (whole boot environment). At boot, TPM will allow tcsd daemon (part of initrd) to read LUKS key once, and only if all measurements match, this is as far as I got.

End result is unlocked volume, without any passphrase prompts, neither on console nor via ssh.

Anyone doing this commercially?

I have no clue. Stuff like that has been standard in the banking industry for decades. I've done it in my workshop.

is anybody doing a solution for this?

like some software that floods all the RAM and memory caches with erroneous data, and then the hardware solution of the epoxy trip wires.

Whenever LUKS is decrypted, the key must remain available. Otherwise, the system can't access anything. If you search about recovering stuff from RAM, you'll find some approaches for obfuscating LUKS keys. But ultimately, they (or the way to access them) must be in RAM somewhere. I think, anyway.

For the trip wires thing, you can just have them apply 5VDC to the wrong RAM pins. And then, if you wanted to recover the motherboard, you'd need to chip out stuff, and replace it. But it's probably only the CPU that'd be worth recovering. And maybe you'd want to embed that too, just in case.