aboutsummaryrefslogtreecommitdiff
[[!meta title="Bootless: evil-maid mitigator"]]

Bootless is a scheme allowing a computer with encrypted disk to stay without
attached bootloader in order to make more difficult to tamper the initialization
process. Bootless is a bootloader installed in a removable media and used to
initialize computers.

- [Repository](https://git.fluxo.info/bootless).
- [Tutorial](tutorial).
- [References](references).
- License: [GPLv3+](LICENSE).
- Contact: rhatto at riseup.net.

Design
------

The user has at least one USB thumb drive which will be used to boot multiple
operating systems in multiple machines for multiple different projects/farms
(personal, work, hackerspace, etc).

The `bootless` application wraps around `grub-mkrescue` to create a USB
bootdisk with preloaded custom configuration and optional kernel and initramfs
images.

Dependencies
------------

- [GNU Grub](https://www.gnu.org/software/grub/).
- Reference implementation is targeted to Debian like operating systems.
- Optionally use git and [git-annex](http://git-annex.branchable.com/) to manage your repository and images.

Installation
------------

Don't want to install another piece of software and prefer to build a bootless
rescue disk yourself? Then read about the [barebones tutorial](tutorial).

Just clone

    git clone https//git.fluxo.info/bootless

And then leave it somewhere, optionally adding it to your `$PATH` environment
variable or package it to your preferred distro.

Workflow
--------

Initialize:

    bootless init <folder> [repository]

Create an image:

    boootless image <folder> bootless.iso

Write image to thumb drive:

    boootless image <folder> <device>

Check device/image signatures:

    bootless check <folder> <device>

Customization
-------------

- Place your custom images into `custom` folder.
- Edit `custom/custom.cfg` to suit your needs.

Threat Model
------------

### Does bootless mitigate all types of Evil Maid attacks? No.

1. It reduces the attack surface by placing the bootloader away from the physical machine and recommending you to use Full Disk Encryption (FDE) to store your operating system, swap and data.

2. Infection is still possible in plenty of unencrypted/unauthenticated software residing in the machine, such as BIOS, network firmware and potential backdoors such as Intel's AMT/ME.

### Additional mitigations

3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter.

4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for open hardware and try to build stuff yourself :P

- Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot).