298
edits
RidgeRun Platform Security Manual/Platform Security/Disk Encryption: Difference between revisions
RidgeRun Platform Security Manual/Platform Security/Disk Encryption (view source)
Revision as of 20:07, 14 March 2025
, Friday at 20:07no edit summary
No edit summary |
|||
| Line 33: | Line 33: | ||
#The service is shut down, which ensures that passphrase generation is done only once. | #The service is shut down, which ensures that passphrase generation is done only once. | ||
=== Disk Encryption limitations === | |||
The purpose of disk encryption is to prevent an attack from stealing or tampering with data on the disk. Even if the disk is physically unmounted (or, in the case of an internal device such as an eMMC, is removed from the device), the data cannot be exposed or retrieved. | |||
Due to the way it works, disk encryption cannot protect against the following types of threat: | |||
*A background process or daemon that has a security hole. An attacker may be able to use the hole to gain control of the process and access the disk. | |||
*Theft or leakage of the login ID and password. An attacker can use these credentials to log in to the device and access the disk. | |||