The term "evil maid attack" was coined by security researcher Joanna Rutkowska in 2009, in a blog post demonstrating the technique against TrueCrypt's full-disk encryption. The name is deliberately evocative: imagine a hotel maid — or anyone with brief, unsupervised physical access — entering your room while you're at dinner. They don't need to crack your encryption. They need about five minutes alone with your laptop.
The attack exposes an uncomfortable gap in how most people think about disk encryption. We treat "encrypted" as a binary property of the data. But encryption is only as trustworthy as the code that asks for your passphrase — and that code, on a typical machine, sits unencrypted and unprotected.
The Bootstrapping Problem
Here's the core issue. When your disk is fully encrypted, something has to run before decryption can happen — code that displays the passphrase prompt, reads what you type, derives the key, and unlocks the volume. That something is the bootloader and early boot environment. And it cannot itself be encrypted, because nothing has decrypted it yet. It's the chicken that has to exist before the egg.
On a standard setup, this pre-boot code lives in plaintext: in the EFI system partition, an unencrypted /boot partition, or the master boot record on older systems. An attacker with physical access can read it, modify it, and write it back. They have full control over the exact program that will later handle your passphrase.
Full-disk encryption assumes the attacker sees your disk only once — when it's stolen. The evil maid attack assumes the attacker sees it twice: once to plant malicious boot code, and again after you've typed your passphrase into that code. Two visits break the entire model.
How the Attack Actually Works
The classic version is straightforward:
- First contact. The attacker boots the target from a USB stick, or simply reads its unencrypted boot partition. They replace the legitimate bootloader or passphrase prompt with a tampered version that looks identical but secretly records the passphrase — writing it to an unencrypted corner of the disk, or transmitting it over the network.
- You unlock it. You return, see the normal-looking prompt, and type your passphrase. The volume unlocks; everything works as expected. You notice nothing. Behind the scenes, the malicious code has captured your key material.
- Second contact. The attacker returns, retrieves the stored passphrase (or has already received it remotely), and now decrypts the entire disk at leisure.
A more sophisticated variant skips the second visit entirely by exfiltrating the passphrase over any available network the moment it's typed. And the technique generalizes beyond passphrase capture — a tampered boot chain can plant a persistent backdoor that survives into the running operating system.
Critically, none of this requires breaking the cryptography. AES-256 is not the weak link. The weak link is that you trusted an unverified program with your secret.
Measured Boot and the TPM
The defense that actually addresses the root cause is measured boot, built around a Trusted Platform Module. The idea: instead of just running each stage of the boot process, the firmware cryptographically hashes each component before handing control to it, and extends those hashes into the TPM's Platform Configuration Registers (PCRs). The PCRs accumulate a tamper-evident record of exactly what code ran.
You can then seal a secret to the TPM such that it will only be released if the PCRs hold the expected values. If an evil maid modifies the bootloader, the measurements change, the PCRs no longer match, and the TPM refuses to unseal. The tampering is detected before you ever type your passphrase.
Rutkowska's own answer to the attack she popularized was a tool called Anti Evil Maid, which uses exactly this mechanism: the TPM unseals a secret only if the boot state is unmodified, and that secret is displayed to you as a recognizable phrase. If the secret appears, the boot chain is intact and it's safe to enter your passphrase. If it doesn't, something changed — don't type anything.
The trick is to make the computer prove to you that it hasn't been tampered with, before you prove to the computer that you're you.
Where the Defenses Get Subtle
Measured boot is powerful but not magic, and the details matter:
| Defense | What it stops | The catch |
|---|---|---|
| Secure Boot | Unsigned or modified bootloaders | Only verifies signatures, not which signed binary; misconfigured trust stores and signed-but-vulnerable loaders weaken it |
| TPM-sealed key | Boot-chain tampering (PCRs change) | If you bind to PCRs that legitimately change on updates, you get lockouts; bind too loosely and you lose protection |
| Anti Evil Maid secret | Tampering, by alerting you | Requires you to actually notice a missing/changed secret every single boot |
| Tamper-evident seals | Case opening / hardware implants | Defeats DMA and hardware attacks measured boot can't see; relies on careful inspection |
There's also a deeper limit: measured boot defends the boot software, but a determined attacker with enough time can target hardware — adding a physical keylogger, a malicious DMA device over Thunderbolt, or replacing components. This is why high-assurance practice pairs measured boot with tamper-evident physical seals and, ideally, never leaving the device unattended in the first place.
What This Means for Normal Threat Models
For most people, an evil maid attack is not a realistic concern. It requires targeted, repeated physical access — which means someone is specifically after you, not running an opportunistic smash-and-grab. If your threat model is "laptop stolen from a café," plain full-disk encryption is genuinely sufficient, because the thief only ever sees the disk once.
The attack becomes relevant when:
- You cross borders, where devices are routinely taken out of your sight (see our guide on device privacy at border crossings).
- You're a journalist, activist, or executive whom a capable adversary would invest in targeting.
- You leave equipment in hotel rooms, shared offices, or anywhere a motivated party could get unsupervised minutes with it.
The practical takeaway is a mindset shift. Full-disk encryption answers the question "what if someone takes my drive?" It does not answer "what if someone touches my machine and gives it back?" Those are different threats, and the second one is the one most people never account for. Defenses like Secure Boot and measured boot exist precisely to close that second gap — but only if you understand it's there.
The Broader Lesson
The evil maid attack is a clean illustration of a principle that runs through all of security: encryption protects data, but you also have to protect the system that handles the keys. A perfect cipher guarding a corrupted prompt protects nothing. Trust has to be anchored somewhere unforgeable — a TPM, a hardware root of trust, a secret only you and an untampered machine can know — or it quietly leaks out the side.
The same logic applies far beyond laptops. Whenever you type a secret into a device, you are trusting every layer of code between your fingers and the cryptography. Secure communication tools take this seriously by minimizing how much that chain can betray you — deriving keys on-device so a compromised server never sees them, and never asking you to trust a component you can't verify.