About 6 months ago i used the Installing a safer operating system guide by Patrick, part of which requires installing whonix.
When installing, I opted for the installing it on the internal hard drive of the laptop, and using an encrypted USB stick as a ‘key’ to start the while system up.
My question is this:
If the laptop belonged to my workplace, and I returned it WITHOUT the usb stick, would the I.T department be able to access any of the information on the hard drive?
I also had the BIOS password protected, but I’ve been called in regarding the laptop on Monday morning, and fair to say, I’m shitting myself. I had kali linux, and a whole other range of ‘penetration tools’, as well as viruses and guides etc etc.
It is not very clear to me. What guide are you talking about? Could you provide a link? Is the laptop internal hard drive encrypted? If yes, how was it encrypted?
If the hard drive is NOT encrypted, then of course anybody with physical access to the laptop can access the hard drive content. I can’t see how you could prevent that if it is not encrypted.
The guide only supports full disk encryption. So my bet is that if you followed the guide faithfully, your laptop internal hard disk should be fully encrypted. Which means, no one can access it and read its content without the right passphrase, unless you chose a stupidly easy passphrase that could be easily bruteforced.
When you used the laptop, did you remember having to enter a passphrase just after the bootloader screen (GRUB)? Something like this (screenshot taken from a previous version of the guide):
but a previous version involves replacing the passphrase by an encrypted keyfile located on the /boot partition of your USB key, which is supposed to be even more secure.
That guide was written by Tempest, not Patrick. Patrick is the lead developer of Whonix, the guide Tempest wrote is independent of the Whonix project. In the 6 months since you used the guide, quite a bit of the guide – Email configuration etc – has been added (or is in the process of being added) to the Whonix wiki. This is all thanks to Tempest, for writing the content and allowing it to be added to the wiki and torjunkie, for transcribing, formatting and editing it.
Normally I would say you will be OK but the problem is I.T may have installed software on the laptop that you don’t know about. Accessing the laptop would require the pass phrase (or encryption key) but its not out of the realm of possibility that there is some software on there that could sniff and store those for an I.T. admin. Then the admin can retrieve those at a later date. I’m not sure how likely that would be for your company but something similar to that could be possible.
It will take about 10 seconds to reset the password once they have access to the motherboard. Most have a little switch that resets the bios password.
It would be very unlikely that there is. So don’t sweat it. Some companies monitor their employees activities when using company owned electronic devices. So its something to think about the next time you have use of a company laptop.
Smart thing to do. You may also want to consider other employees may have used that laptop. God knows what they did with it. BIOS could have been infected with malware etc. Wiping hard drive alone would not help. I would be very cautious about putting anything personal/sensitive on a computer not owned by yourself.
