From e9d1a8d2679cd6f150ca94829f64c46ca9c8d785 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Tue, 11 Jan 2022 09:35:47 -0300 Subject: Feat: additional threat modelling and mitigations --- index.md | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/index.md b/index.md index 74e37f0..451f225 100644 --- a/index.md +++ b/index.md @@ -5,6 +5,9 @@ attached bootloader in order to make more difficult to tamper the initialization process. Bootless is a bootloader installed in a removable media and used to initialize computers. +It offers partial protection against the so-called [evil maid +attacks](https://en.wikipedia.org/wiki/Evil_maid_attack). + - [Repository](https://git.fluxo.info/bootless). - [Tutorial](tutorial). - [References](references). @@ -86,10 +89,28 @@ Threat Model 3. The USB stick itself is not a static device: it's has a built-in controller that could be exploited to present to your computer a compromised kernel or initramfs ([BadUSB attacks](https://links.fluxo.info/tags/badusb)). +Again: + +* Bootless does not remove the threat of an evil tamperer but significantly + reduces the attack surface. Exploits in the bootloader's `stage0` would need + to be significantly smaller to do their jobs and optionally also load + an operating system (in case it's intended not to be noticed). + +* Spyware could still be installed in the firware or in specialized harware, + which are plentyful in current computers. + ### Additional mitigations -3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter. +1. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter. + +2. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware. + +3. Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). -4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware. +4. Against additional perimeter attacks, you could combine bootless with a + solution like Edward Snowden's [Haven](https://guardianproject.github.io/haven/) or even always stay with your [TPC - Trusted Physical Console](https://web.archive.org/web/20180914153944/http://cmrg.fifthhorseman.net/wiki/TrustedPhysicalConsole). -- Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). +5. When turning on your machine, make sure that the ethernet and wireless + networks are switched off (this could be done by removing cables, antennas + or switching the "rfkill" button in laptops), preventing any bootloader exploit + that broadcasts keystrokes. -- cgit v1.2.3