Hi misc@, In playing around with Libreboot and Coreboot, my belief that physical access to the hardware really ups an attacker’s ability to win against most security has been massively reinforced. For example, someone with enough practice could take my Thinkpad T500 apart, force flash the BIOS (as I have been doing), reassemble it and put it back on my desk in ten to fifteen minutes (or maybe faster). The payload they flash could easily include a root kit and keylogger which would mitigate the advantage of Full Disk Encryption (because they could grab your passphrase keystrokes and send them off to the mother ship). So my happy little bubble that FDE would give me protection against all but a brute force attack has been popped.
Here’s my thought. What if we modified our boot code to do a hash of the BiOS and stored it persistently across boots? Then we could compare it this time to the last value and take some action / issue some warning that something changed. It would be mildly annoying if you actually did just update your BIOS to a new version but that would be a small trade off in my mind at least. The sticking point is this - where do you store the previous hash? If we stored it outside of the FDE container, the attacker could just rewrite it on boot and we wouldn’t be able to detect a change. Put it inside the FDE and you would have to type your passphrase (sending it to the attacker) to read it. So now to my ask - would a feature like this be of any interest to others? If so, any thoughts on how to securely persist the hash to solve the problem I describe above? Thanks for any and all feedback. -- Thanks, Bryan
