[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libreboot] Password protected Grub entries
From: |
The Gluglug |
Subject: |
Re: [Libreboot] Password protected Grub entries |
Date: |
Wed, 20 May 2015 12:18:28 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20/05/15 12:16, The Gluglug wrote:
>
>
> On 20/05/15 11:30, Beni wrote:
>> To replace a hard drive in a laptop you need to open up at least
>> one screw. If you don't seal your screws and let people open up
>> your laptop, you've got a problem anyway. Everyone can read your
>> libreboot rom and reflash another rom, e.g. one that logs your
>> passphrase somewhere. So that's dangerous anyway.
>
> You can write-protect the flash chip, in a way that then requires
> external flashing (SPI programmer needed, in other words). This
> also isn't perfect because the attacker can probably use a SPI
> flasher, but with a randomized seal as you have pointed out, you
> can detect if this has occurred.
>
It's also possible for you to read the flash chip contents, and verify
the SHA512 hash.
However, distros don't really have reproducible builds yet, and
neither does libreboot.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVXG2EAAoJEP9Ft0z50c+U30wH/18lqC3kx1xSSN4aQBs+Xs3N
9ikLaEOZ3gihWB0FbQ+xjdpe9NWyyFfT0R+XFy7+UCbVyNOQ1pvdIf98ICnzyE3b
HeObc0BOBB8LJKez7bMuCyIdU8dcmXKYAjC2k38JMBZ6SQStza7oyVkR/sIr/otL
U56EBz51ln3Mm9gFjfJL3LWjyUmZo7+GYB+ZL9lFNUa4TRrk1b1glPG6ALHX7lF8
DC2riYhfDAYpJGtr+psOeG34xnm3PgiTy8Ir7O3BOm9ViExmIoK6ycOMJMpmdO+1
VlhCvvko5XOjcsJOu8fKMZjbO8sU/Sq9HQ8tYi5r57ei+c0MyGLUj6FPb85GlKM=
=xGKA
-----END PGP SIGNATURE-----
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/20
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/20
- Re: [Libreboot] Password protected Grub entries, Beni, 2015/05/20
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/20
- Re: [Libreboot] Password protected Grub entries, Robert Alessi, 2015/05/24
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/24
- Re: [Libreboot] Password protected Grub entries, Will Hill, 2015/05/24
- Re: [Libreboot] Password protected Grub entries, Robert Alessi, 2015/05/28
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/28
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/28