diff options
-rw-r--r-- | index.md | 26 |
1 files changed, 13 insertions, 13 deletions
@@ -14,8 +14,7 @@ attacks](https://en.wikipedia.org/wiki/Evil_maid_attack). - License: [GPLv3+](LICENSE). - Contact: rhatto at riseup.net. -Design ------- +## Design The user has at least one USB thumb drive which will be used to boot multiple operating systems in multiple machines for multiple different projects/farms @@ -26,15 +25,13 @@ The `bootless` application wraps around `grub-mkrescue` to create a USB bootdisk with preloaded custom configuration and optional kernel and initramfs images. -Dependencies ------------- +## Dependencies - [GNU Grub](https://www.gnu.org/software/grub/). - Reference implementation is targeted to Debian like operating systems. - Optionally use git and [git-annex](http://git-annex.branchable.com/) to manage your repository and images. -Installation ------------- +## Installation Don't want to install another piece of software and prefer to build a bootless rescue disk yourself? Then read about the [barebones tutorial](tutorial). @@ -53,8 +50,7 @@ you might have available on your shell. You can optionally add the `bootless` script it to your `$PATH` environment variable or package it to your preferred distro. -Workflow --------- +## Workflow Initialize: @@ -72,14 +68,12 @@ Check device/image signatures: bootless check <folder> <device> -Customization -------------- +## Customization - Place your custom images into `custom` folder. - Edit `custom/custom.cfg` to suit your needs. -Threat Model ------------- +## Threat Model ### Does bootless mitigate all types of Evil Maid attacks? No. @@ -124,8 +118,14 @@ Again: solution like Edward Snowden's [Haven](https://guardianproject.github.io/haven/) or even always stay with your [TPC - Trusted Physical Console](https://web.archive.org/web/20180914153944/http://cmrg.fifthhorseman.net/wiki/TrustedPhysicalConsole). + See also this [short video HOWTO](https://twitter.com/BlackAlchemySo2/status/1378565221879529472). 5. When turning on your machine, make sure that the ethernet and wireless networks are switched off (this could be done by removing cables, antennas or switching the "rfkill" button in laptops), preventing any bootloader exploit - that broadcasts keystrokes. + that to broadcast keystrokes. + +6. Implement "Physically Unclonable Functions" at your device: + * [Thwarting Evil Maid Attacks](https://media.ccc.de/v/30C3_-_5600_-_en_-_saal_1_-_201312301245_-_thwarting_evil_maid_attacks_-_eric_michaud_-_ryan_lackey#t=2616) (30C3). + * [Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish](https://www.wired.com/2013/12/better-data-security-nail-polish/). + * [Home-made tamper-evident security seals for kids and adults alike](http://blog.ssokolow.com/archives/2017/04/08/home-made-tamper-evident-security-seals-for-kids-and-adults-alike/). |