Is it possible to read decrypted key?


#1

Hello! As I understood:

  • initramfs presents the locked LUKS key to Zymkey
  • Zymkey validates the signature and decrypts the key
  • The decrypted key is presented to LUKS and the root file system is then decrypted

Isn’t it possible to read the decrypted key by using a logic analyzer on the I2C lines between the Zymkey and Raspberry Pi? Is there any protection implemented against this type of attack?


#2

Hi @CristianM,

All traffic on the i2c bus between the RPi and the Zymkey is encrypted and signed. So, the decrypted key can’t be read out from the i2c bus. The key exchange is carried out with ECDH within sessions that are finite in duration.