{"guid":"e2ff5094-2c25-52ea-a975-8485f38c2757","title":"The current state of full disk encryption is still not good (2025)","subtitle":null,"slug":"gpn23-162-the-current-state-of-full-disk-encryption-is-still-not-good-2025-","link":"https://cfp.gulas.ch/gpn23/talk/FJMWAE/","description":"In theory, full disk encryption (FDE) just works. You just have to enable it. But in practice, cops get access to a lot of devices, even when they are encrypted. \n\nI want to summarize the current state of full disk encryption. I will explain conceptional weaknesses/attacks, practical physical attacks (videos of live demos) and give recommendations. I will explain how TPMs work and how you can use them to increase (but also break) the security of your device.\n\nThe focus is on Linux and TPMs. I will briefly talk about the broken state of Smartphone Security and Window's FDE Bitlocker. There is also Linux hands-on.\n\n##### AGENDA\n- Motivation \u0026 Threat Model\n- Smartphone Security\n- History of cold boot attacks\n- Full disk encryption on Linux\n- TPM 2.0 (How does it work? How can I use it? Attacks, benefits and problems)\n- Windows FDE (is currently broken)\n- How I do FDE on Linux\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["kmille"],"tags":["162","2025","gpn23","Cyber Security","ZKM Vortragssaal","gpn23-eng","Day 2"],"view_count":1157,"promoted":false,"date":"2025-06-20T21:30:00.000+02:00","release_date":"2025-06-21T00:00:00.000+02:00","updated_at":"2026-04-02T13:00:05.097+02:00","length":3637,"duration":3637,"thumb_url":"https://static.media.ccc.de/media/events/gpn/gpn23/162-e2ff5094-2c25-52ea-a975-8485f38c2757.jpg","poster_url":"https://static.media.ccc.de/media/events/gpn/gpn23/162-e2ff5094-2c25-52ea-a975-8485f38c2757_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/gpn/gpn23/162-e2ff5094-2c25-52ea-a975-8485f38c2757.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/gpn/gpn23/162-e2ff5094-2c25-52ea-a975-8485f38c2757.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/gpn23-162-the-current-state-of-full-disk-encryption-is-still-not-good-2025-","url":"https://api.media.ccc.de/public/events/e2ff5094-2c25-52ea-a975-8485f38c2757","conference_title":"Gulaschprogrammiernacht 23","conference_url":"https://api.media.ccc.de/public/conferences/gpn23","related":[],"recordings":[{"size":328,"length":3637,"mime_type":"video/webm;codecs=av01","language":"eng","filename":"gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_av1-hd.webm","state":"new","folder":"av1-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-06-22T00:46:22.899+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/av1-hd/gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_av1-hd.webm","url":"https://api.media.ccc.de/public/recordings/88155","event_url":"https://api.media.ccc.de/public/events/e2ff5094-2c25-52ea-a975-8485f38c2757","conference_url":"https://api.media.ccc.de/public/conferences/gpn23"},{"size":36,"length":3637,"mime_type":"audio/opus","language":"eng","filename":"gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-06-21T01:00:02.889+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/opus/gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_opus.opus","url":"https://api.media.ccc.de/public/recordings/88119","event_url":"https://api.media.ccc.de/public/events/e2ff5094-2c25-52ea-a975-8485f38c2757","conference_url":"https://api.media.ccc.de/public/conferences/gpn23"},{"size":55,"length":3637,"mime_type":"audio/mpeg","language":"eng","filename":"gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-06-21T00:58:24.727+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/mp3/gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/88118","event_url":"https://api.media.ccc.de/public/events/e2ff5094-2c25-52ea-a975-8485f38c2757","conference_url":"https://api.media.ccc.de/public/conferences/gpn23"},{"size":1081,"length":3637,"mime_type":"video/webm","language":"eng","filename":"gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-06-21T01:04:05.251+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/webm-hd/gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/88120","event_url":"https://api.media.ccc.de/public/events/e2ff5094-2c25-52ea-a975-8485f38c2757","conference_url":"https://api.media.ccc.de/public/conferences/gpn23"},{"size":139,"length":3637,"mime_type":"video/webm","language":"eng","filename":"gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-06-21T00:49:47.385+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/webm-sd/gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/88116","event_url":"https://api.media.ccc.de/public/events/e2ff5094-2c25-52ea-a975-8485f38c2757","conference_url":"https://api.media.ccc.de/public/conferences/gpn23"},{"size":143,"length":3637,"mime_type":"video/mp4","language":"eng","filename":"gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-06-21T00:49:41.300+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/h264-sd/gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_sd.mp4","url":"https://api.media.ccc.de/public/recordings/88115","event_url":"https://api.media.ccc.de/public/events/e2ff5094-2c25-52ea-a975-8485f38c2757","conference_url":"https://api.media.ccc.de/public/conferences/gpn23"},{"size":524,"length":3637,"mime_type":"video/mp4","language":"eng","filename":"gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-06-21T00:39:25.576+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn23/h264-hd/gpn23-162-eng-The_current_state_of_full_disk_encryption_is_still_not_good_2025_hd.mp4","url":"https://api.media.ccc.de/public/recordings/88113","event_url":"https://api.media.ccc.de/public/events/e2ff5094-2c25-52ea-a975-8485f38c2757","conference_url":"https://api.media.ccc.de/public/conferences/gpn23"}]}