Right, but that’s sort of the reason some OSes like MacOS use a hardware security module to store the key used for encrypting the disk contents. Your adversary can make as many copies of the disk as they want, but they need the HSM (which is, by design, hard to clone) to read the plaintext.
An HSM can even enforce policies like rate limiting brute force attempts and/or erasing itself after too many attempts. It could even support a duress password which immediately erases the keys.
Without the ability to clone the HSM, the attacker doesn’t get a “second chance” if they attempt to use the duress password.
An HSM can even enforce policies like rate limiting brute force attempts and/or erasing itself after too many attempts. It could even support a duress password which immediately erases the keys.
Without the ability to clone the HSM, the attacker doesn’t get a “second chance” if they attempt to use the duress password.