aboutsummaryrefslogtreecommitdiff
path: root/index.md
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2024-07-13 10:58:54 -0300
committerSilvio Rhatto <rhatto@riseup.net>2024-07-13 10:58:54 -0300
commit16c4d7c30457f798470c0b92e81849599c69f049 (patch)
treebb86ac9fbf8fb0c26bbfede72d74724899f4dd19 /index.md
parentb561cb246071e38ad73e40e63d3df17c7dd0da73 (diff)
downloadbootless-16c4d7c30457f798470c0b92e81849599c69f049.tar.gz
bootless-16c4d7c30457f798470c0b92e81849599c69f049.tar.bz2
Improve docs, adds TODO page and more references
Diffstat (limited to 'index.md')
-rw-r--r--index.md40
1 files changed, 24 insertions, 16 deletions
diff --git a/index.md b/index.md
index 59837fe..6540e1a 100644
--- a/index.md
+++ b/index.md
@@ -5,14 +5,17 @@ attached bootloader in order to make more difficult to tamper the initialization
process. Bootless is a bootloader installed in a removable media and used to
initialize computers.
-It offers partial protection against the so-called [evil maid
-attacks](https://en.wikipedia.org/wiki/Evil_maid_attack).
+It offers partial protection against the so-called [evil maid attacks][], which
+basically consists in compromising the boot procedure on unnattended machines.
-- [Repository](https://git.fluxo.info/bootless).
-- [Tutorial](tutorial).
-- [References](references).
-- License: [GPLv3+](LICENSE).
-- Contact: rhatto at riseup.net.
+* [Repository](https://git.fluxo.info/bootless).
+* [Tutorial](tutorial).
+* [References](references).
+* [TODO](todo).
+* License: [GPLv3+](LICENSE).
+* Contact: rhatto at riseup.net.
+
+[evil maid attacks]: https://en.wikipedia.org/wiki/Evil_maid_attack
## Design
@@ -27,9 +30,10 @@ images.
## Dependencies
-- [GNU Grub](https://www.gnu.org/software/grub/).
-- Reference implementation is targeted to Debian like operating systems.
-- Optionally use git and [git-annex](http://git-annex.branchable.com/) to manage your repository and images.
+* [GNU Grub](https://www.gnu.org/software/grub/).
+* Reference implementation is targeted to Debian like operating systems.
+* Optionally use git and [git-annex](http://git-annex.branchable.com/) to
+ manage your repository and images.
## Installation
@@ -70,8 +74,8 @@ Check device/image signatures:
## Customization
-- Place your custom images into `custom` folder.
-- Edit `custom/custom.cfg` to suit your needs.
+* Place your custom images into `custom` folder.
+* Edit `custom/custom.cfg` to suit your needs.
## Threat Model
@@ -83,7 +87,9 @@ Check device/image signatures:
2. Infection is still possible in plenty of unencrypted/unauthenticated
software residing in the machine, such as BIOS, network firmware and
- potential backdoors such as Intel's AMT/ME.
+ potential backdoors such as Intel's AMT/ME. Nowadays seems like there
+ are plenty of places were malicious code can be placed, not to say
+ about the many ways miniaturized hardware can be implanted.
3. The USB stick itself is not a static device: it's has a built-in controller
that could be exploited to present to your computer a compromised kernel or
@@ -96,8 +102,8 @@ Again:
to be significantly smaller to do their jobs and optionally also load
an operating system (in case it's intended not to be noticed).
-* Spyware could still be installed in the firware or in specialized harware,
- which are plentyful in current computers.
+* Spyware could still be installed in the firmware or in specialized hardware,
+ which are plentiful in current computers.
### Additional mitigations
@@ -125,7 +131,9 @@ Again:
or switching the "rfkill" button in laptops), preventing any bootloader exploit
that to broadcast keystrokes.
-6. Implement "Physically Unclonable Functions" at your device:
+6. Implement [Physically Unclonable Functions][] (PUF) at your device:
* [Thwarting Evil Maid Attacks](https://media.ccc.de/v/30C3_-_5600_-_en_-_saal_1_-_201312301245_-_thwarting_evil_maid_attacks_-_eric_michaud_-_ryan_lackey#t=2616) (30C3).
* [Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish](https://www.wired.com/2013/12/better-data-security-nail-polish/).
* [Home-made tamper-evident security seals for kids and adults alike](http://blog.ssokolow.com/archives/2017/04/08/home-made-tamper-evident-security-seals-for-kids-and-adults-alike/).
+
+[Physically Unclonable Functions]: https://en.wikipedia.org/wiki/Physical_unclonable_function