aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--index.md26
1 files changed, 13 insertions, 13 deletions
diff --git a/index.md b/index.md
index 885804d..59837fe 100644
--- a/index.md
+++ b/index.md
@@ -14,8 +14,7 @@ attacks](https://en.wikipedia.org/wiki/Evil_maid_attack).
- License: [GPLv3+](LICENSE).
- Contact: rhatto at riseup.net.
-Design
-------
+## Design
The user has at least one USB thumb drive which will be used to boot multiple
operating systems in multiple machines for multiple different projects/farms
@@ -26,15 +25,13 @@ The `bootless` application wraps around `grub-mkrescue` to create a USB
bootdisk with preloaded custom configuration and optional kernel and initramfs
images.
-Dependencies
-------------
+## Dependencies
- [GNU Grub](https://www.gnu.org/software/grub/).
- Reference implementation is targeted to Debian like operating systems.
- Optionally use git and [git-annex](http://git-annex.branchable.com/) to manage your repository and images.
-Installation
-------------
+## Installation
Don't want to install another piece of software and prefer to build a bootless
rescue disk yourself? Then read about the [barebones tutorial](tutorial).
@@ -53,8 +50,7 @@ you might have available on your shell.
You can optionally add the `bootless` script it to your `$PATH` environment
variable or package it to your preferred distro.
-Workflow
---------
+## Workflow
Initialize:
@@ -72,14 +68,12 @@ Check device/image signatures:
bootless check <folder> <device>
-Customization
--------------
+## Customization
- Place your custom images into `custom` folder.
- Edit `custom/custom.cfg` to suit your needs.
-Threat Model
-------------
+## Threat Model
### Does bootless mitigate all types of Evil Maid attacks? No.
@@ -124,8 +118,14 @@ Again:
solution like Edward Snowden's [Haven](https://guardianproject.github.io/haven/)
or even always stay with your
[TPC - Trusted Physical Console](https://web.archive.org/web/20180914153944/http://cmrg.fifthhorseman.net/wiki/TrustedPhysicalConsole).
+ See also this [short video HOWTO](https://twitter.com/BlackAlchemySo2/status/1378565221879529472).
5. When turning on your machine, make sure that the ethernet and wireless
networks are switched off (this could be done by removing cables, antennas
or switching the "rfkill" button in laptops), preventing any bootloader exploit
- that broadcasts keystrokes.
+ that to broadcast keystrokes.
+
+6. Implement "Physically Unclonable Functions" at your device:
+ * [Thwarting Evil Maid Attacks](https://media.ccc.de/v/30C3_-_5600_-_en_-_saal_1_-_201312301245_-_thwarting_evil_maid_attacks_-_eric_michaud_-_ryan_lackey#t=2616) (30C3).
+ * [Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish](https://www.wired.com/2013/12/better-data-security-nail-polish/).
+ * [Home-made tamper-evident security seals for kids and adults alike](http://blog.ssokolow.com/archives/2017/04/08/home-made-tamper-evident-security-seals-for-kids-and-adults-alike/).