diff options
Diffstat (limited to 'index.md')
| -rw-r--r-- | index.md | 40 |
1 files changed, 24 insertions, 16 deletions
@@ -5,14 +5,17 @@ attached bootloader in order to make more difficult to tamper the initialization process. Bootless is a bootloader installed in a removable media and used to initialize computers. -It offers partial protection against the so-called [evil maid -attacks](https://en.wikipedia.org/wiki/Evil_maid_attack). +It offers partial protection against the so-called [evil maid attacks][], which +basically consists in compromising the boot procedure on unnattended machines. -- [Repository](https://git.fluxo.info/bootless). -- [Tutorial](tutorial). -- [References](references). -- License: [GPLv3+](LICENSE). -- Contact: rhatto at riseup.net. +* [Repository](https://git.fluxo.info/bootless). +* [Tutorial](tutorial). +* [References](references). +* [TODO](todo). +* License: [GPLv3+](LICENSE). +* Contact: rhatto at riseup.net. + +[evil maid attacks]: https://en.wikipedia.org/wiki/Evil_maid_attack ## Design @@ -27,9 +30,10 @@ images. ## Dependencies -- [GNU Grub](https://www.gnu.org/software/grub/). -- Reference implementation is targeted to Debian like operating systems. -- Optionally use git and [git-annex](http://git-annex.branchable.com/) to manage your repository and images. +* [GNU Grub](https://www.gnu.org/software/grub/). +* Reference implementation is targeted to Debian like operating systems. +* Optionally use git and [git-annex](http://git-annex.branchable.com/) to + manage your repository and images. ## Installation @@ -70,8 +74,8 @@ Check device/image signatures: ## Customization -- Place your custom images into `custom` folder. -- Edit `custom/custom.cfg` to suit your needs. +* Place your custom images into `custom` folder. +* Edit `custom/custom.cfg` to suit your needs. ## Threat Model @@ -83,7 +87,9 @@ Check device/image signatures: 2. Infection is still possible in plenty of unencrypted/unauthenticated software residing in the machine, such as BIOS, network firmware and - potential backdoors such as Intel's AMT/ME. + potential backdoors such as Intel's AMT/ME. Nowadays seems like there + are plenty of places were malicious code can be placed, not to say + about the many ways miniaturized hardware can be implanted. 3. The USB stick itself is not a static device: it's has a built-in controller that could be exploited to present to your computer a compromised kernel or @@ -96,8 +102,8 @@ Again: to be significantly smaller to do their jobs and optionally also load an operating system (in case it's intended not to be noticed). -* Spyware could still be installed in the firware or in specialized harware, - which are plentyful in current computers. +* Spyware could still be installed in the firmware or in specialized hardware, + which are plentiful in current computers. ### Additional mitigations @@ -125,7 +131,9 @@ Again: or switching the "rfkill" button in laptops), preventing any bootloader exploit that to broadcast keystrokes. -6. Implement "Physically Unclonable Functions" at your device: +6. Implement [Physically Unclonable Functions][] (PUF) at your device: * [Thwarting Evil Maid Attacks](https://media.ccc.de/v/30C3_-_5600_-_en_-_saal_1_-_201312301245_-_thwarting_evil_maid_attacks_-_eric_michaud_-_ryan_lackey#t=2616) (30C3). * [Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish](https://www.wired.com/2013/12/better-data-security-nail-polish/). * [Home-made tamper-evident security seals for kids and adults alike](http://blog.ssokolow.com/archives/2017/04/08/home-made-tamper-evident-security-seals-for-kids-and-adults-alike/). + +[Physically Unclonable Functions]: https://en.wikipedia.org/wiki/Physical_unclonable_function |