How do crypto coprocessors securely decrypt a disk without allowing bus sniffing?
I'm trying to understand how using a crypto co-processor chip can securely decrypt a disk without someone getting the decryption key by sniffing the bus it communicates on or loading the disk onto another computer and viewing the contents that way. Specifically, I'm trying to figure out how this works when someone has physical access to the device and the device needs to be decrypted without a password.
An example would be an ATM that has an embedded device that will boot on OS only if it is running on trusted hardware that has a crypto chip. In this case it is passwordless (there is no login to be able to use the ATM terminal). A malicious actor can get physical access to the board, but shouldn't be allowed to sniff the bus between the crypto coprocessor and the main processor nor be allowed to remove the SD card and view the contents on a separate computer.
Consider the following situation:
- Embedded system running Linux with a crypto chip that communciates over i2c
- Disk is removable media such as an SD card and has full disk encryption
- The device is passwordless, but only runs on the trusted hardware
- The removable media cannot be loaded into another device and analyzed
- The device/keys can be provisioned in a secure environment
Questions:
- How is it possible that the decryption key can be transmitted across the i2c bus without being intercepted?
- I assume it uses public key encryption, but how is the private key on the disk side kept secret?
- Can this setup work if the removable media is not paired with a specific crypto chip?
- Example being the device gets a new SD card (but can still be decrypted with the crypto chip)
