aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2022-01-11 09:35:47 -0300
committerSilvio Rhatto <rhatto@riseup.net>2022-01-11 09:35:47 -0300
commite9d1a8d2679cd6f150ca94829f64c46ca9c8d785 (patch)
tree9d96fb807f3b856e518eeb9ed4860d9cccf6303d
parentd16d6534e2ebc535db5c4d9d257e4bbd3123f694 (diff)
downloadbootless-e9d1a8d2679cd6f150ca94829f64c46ca9c8d785.tar.gz
bootless-e9d1a8d2679cd6f150ca94829f64c46ca9c8d785.tar.bz2
Feat: additional threat modelling and mitigations
-rw-r--r--index.md27
1 files changed, 24 insertions, 3 deletions
diff --git a/index.md b/index.md
index 74e37f0..451f225 100644
--- a/index.md
+++ b/index.md
@@ -5,6 +5,9 @@ attached bootloader in order to make more difficult to tamper the initialization
process. Bootless is a bootloader installed in a removable media and used to
initialize computers.
+It offers partial protection against the so-called [evil maid
+attacks](https://en.wikipedia.org/wiki/Evil_maid_attack).
+
- [Repository](https://git.fluxo.info/bootless).
- [Tutorial](tutorial).
- [References](references).
@@ -86,10 +89,28 @@ Threat Model
3. The USB stick itself is not a static device: it's has a built-in controller that could be exploited to present to your computer a compromised kernel or initramfs ([BadUSB attacks](https://links.fluxo.info/tags/badusb)).
+Again:
+
+* Bootless does not remove the threat of an evil tamperer but significantly
+ reduces the attack surface. Exploits in the bootloader's `stage0` would need
+ to be significantly smaller to do their jobs and optionally also load
+ an operating system (in case it's intended not to be noticed).
+
+* Spyware could still be installed in the firware or in specialized harware,
+ which are plentyful in current computers.
+
### Additional mitigations
-3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter.
+1. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter.
+
+2. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware.
+
+3. Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot).
-4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware.
+4. Against additional perimeter attacks, you could combine bootless with a
+ solution like Edward Snowden's [Haven](https://guardianproject.github.io/haven/) or even always stay with your [TPC - Trusted Physical Console](https://web.archive.org/web/20180914153944/http://cmrg.fifthhorseman.net/wiki/TrustedPhysicalConsole).
-- Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot).
+5. When turning on your machine, make sure that the ethernet and wireless
+ networks are switched off (this could be done by removing cables, antennas
+ or switching the "rfkill" button in laptops), preventing any bootloader exploit
+ that broadcasts keystrokes.