Re: physical access, it seems not a technical problem. I.e. keep laptop with you, hire a guard, etc. I'm not very technical, but could the hash be stored in usb stick or online?
Maybe construct yourself a "computer safe" to make it harder for people to get access while you're away? I.e. increase the time/difficulty for them. On Tue, Oct 17, 2017 at 6:21 AM, flipchan <flipc...@riseup.net> wrote: > Hey I also run libreboot :) > > I have read research about signing all the components and then verifying > all that while you both , anyhow I think this would be very problematic > with the new karl implementation that has taken place in openbsd 6.2 > > On October 14, 2017 4:26:21 PM GMT+02:00, "Bryan C. Everly" < > br...@bceassociates.com> wrote: > >Hi misc@, > > > >In playing around with Libreboot and Coreboot, my belief that physical > >access to the hardware really ups an attacker’s ability to win against > >most > >security has been massively reinforced. For example, someone with > >enough > >practice could take my Thinkpad T500 apart, force flash the BIOS (as I > >have > >been doing), reassemble it and put it back on my desk in ten to fifteen > >minutes (or maybe faster). The payload they flash could easily include > >a > >root kit and keylogger which would mitigate the advantage of Full Disk > >Encryption (because they could grab your passphrase keystrokes and send > >them off to the mother ship). So my happy little bubble that FDE would > >give > >me protection against all but a brute force attack has been popped. > > > >Here’s my thought. What if we modified our boot code to do a hash of > >the > >BiOS and stored it persistently across boots? Then we could compare it > >this time to the last value and take some action / issue some warning > >that > >something changed. It would be mildly annoying if you actually did just > >update your BIOS to a new version but that would be a small trade off > >in my > >mind at least. > > > >The sticking point is this - where do you store the previous hash? If > >we > >stored it outside of the FDE container, the attacker could just rewrite > >it > >on boot and we wouldn’t be able to detect a change. Put it inside the > >FDE > >and you would have to type your passphrase (sending it to the attacker) > >to > >read it. > > > >So now to my ask - would a feature like this be of any interest to > >others? > >If so, any thoughts on how to securely persist the hash to solve the > >problem I describe above? > > > >Thanks for any and all feedback. > > > >-- > > > >Thanks, > >Bryan > > -- > Take Care Sincerely flipchan layerprox dev
