diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2022-01-11 09:35:47 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2022-01-11 09:35:47 -0300 |
| commit | e9d1a8d2679cd6f150ca94829f64c46ca9c8d785 (patch) | |
| tree | 9d96fb807f3b856e518eeb9ed4860d9cccf6303d | |
| parent | d16d6534e2ebc535db5c4d9d257e4bbd3123f694 (diff) | |
| download | bootless-e9d1a8d2679cd6f150ca94829f64c46ca9c8d785.tar.gz bootless-e9d1a8d2679cd6f150ca94829f64c46ca9c8d785.tar.bz2 | |
Feat: additional threat modelling and mitigations
| -rw-r--r-- | index.md | 27 |
1 files changed, 24 insertions, 3 deletions
@@ -5,6 +5,9 @@ attached bootloader in order to make more difficult to tamper the initialization process. Bootless is a bootloader installed in a removable media and used to initialize computers. +It offers partial protection against the so-called [evil maid +attacks](https://en.wikipedia.org/wiki/Evil_maid_attack). + - [Repository](https://git.fluxo.info/bootless). - [Tutorial](tutorial). - [References](references). @@ -86,10 +89,28 @@ Threat Model 3. The USB stick itself is not a static device: it's has a built-in controller that could be exploited to present to your computer a compromised kernel or initramfs ([BadUSB attacks](https://links.fluxo.info/tags/badusb)). +Again: + +* Bootless does not remove the threat of an evil tamperer but significantly + reduces the attack surface. Exploits in the bootloader's `stage0` would need + to be significantly smaller to do their jobs and optionally also load + an operating system (in case it's intended not to be noticed). + +* Spyware could still be installed in the firware or in specialized harware, + which are plentyful in current computers. + ### Additional mitigations -3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter. +1. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter. + +2. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware. + +3. Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). -4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware. +4. Against additional perimeter attacks, you could combine bootless with a + solution like Edward Snowden's [Haven](https://guardianproject.github.io/haven/) or even always stay with your [TPC - Trusted Physical Console](https://web.archive.org/web/20180914153944/http://cmrg.fifthhorseman.net/wiki/TrustedPhysicalConsole). -- Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). +5. When turning on your machine, make sure that the ethernet and wireless + networks are switched off (this could be done by removing cables, antennas + or switching the "rfkill" button in laptops), preventing any bootloader exploit + that broadcasts keystrokes. |