For those of you who are using linux: Are you using secure boot? I.e. is your bootloader configured to only decrypt your disk and boot your OS, while blocking all “booting from USB stick” and such?
I’m asking because i’m considering a very specific attack vector, through which a sufficiently skilled agent (e.g. FBI, CIA) could install a keylogger into your OS and get access to your sensitive data that way, even when your disk is encrypted and without your knowledge.
I have secure boot enabled in the bios, if that’s what your asking. I pretty much exclusively use Linux with secure boot enabled. The only time I’ve ever disabled it was to try and get Virtual Box working in Linux Mint but it stops working as soon as I re-enable secure boot, so I don’t use Virtual Box.
I’ve got two machines, one with, one without. The one without is a glorified media box. The one with has documents and emails and such
Yes. I have fully self-managed keys too.
I am but with self enrolled keys. People wildly misunderstand secure boot, it’s more for kernel/boot level malware and so it can be used with module signing.
Configured it successfully on my Laptop, then bricked my PCs MB trying to configure it on that. Never tried again. After all, it only works for you if you trust the closed source UEFI anyway. If you want actual security, desolder the flash chip
No, everything I have is connected to the internet anyway so has far more easily compromised vectors. If I had any data sensitive enough I would not trust any security other than physical with it. I assume with physical access, a motivated enough attacker could gain access, there’s loopholes in everything.
So, if I had that sort of data, it would be on an offline machine, no wireless, never connected to a network. I would only trust it in so far as I could guarantee I am the only one who can access it.
Nothing else about me is secure, why should my boot get to be?
You want AIDS? That’s how you get AIDS
I don’t get this joke, but it made me laugh anyway. Upvote.
Boot not secure = Unprotected buttsex
I guess that all tracks. Me and my computer do both love butt sex.
A partial solution to this evil-maid attack vector is Heads firmware (a replacement for the bios/uefi itself), which lets you sign the contents of your unencrypted boot partition using a gpg key on a hardware token, and verify the integrity of the firmware itself using a totp/hotp key stored in the tpm.
All the benefits of secure boot, but you get to control the signing keys yourself instead of relying on a vendor. It’s great stuff.
this is exactly what i was looking for.
Keep your OS updated, make regular backups, use full-disk-encryption, and nuke and pave whenever things get cluttery. You’ll be alright.
Were it me and I just went through a TSA screening and they took it and returned,… I may nuke the laptop.
If I had that sort of threat model and let the government get their hands on my computer, I would never trust the hardware again. Too many components with their own SoCs containing firmware blobs where an exploit could lurk and reinfect even after a ‘nuke.’ GPUs, disk controllers, WiFi chips, etc.
Good thinking, shoot it with a 12ga slug.
but seriously, time and sense are a factor there. A few seconds? In front of me? I’d waver that action under a few conditions.
Wipe and resell on local buy/sell/trade. They will monitor someone else. Otherwise, put it on a separate subnet and use a bot to reshare every scrap of social media it can touch.
If someone can plant a camera somewhere that they can see your keyboard, they can probably obtain your password.
good point. I hadn’t even considered the whole USB keylogger problem.
I never even used it on Windows.
Nope. Things break on my system when it gets turned on. I just updated the BIOS last week, which somehow resulted in it getting turned back on. That silently broke my graphics card driver and it took me like an hour to figure out what was going on since there was no obvious error message.
I’ll enable FDE during the install for systems with sensitive data, but I don’t bother with secure boot. If I were deploying machines in unsecured areas (i.e. not my house) that also had sensitive data on board, I might look into it.
no
Unless you run your mobo with a password (no one really does), the attack vector always exists by disabling secure boot physically; and even the BIOS password could be reset through ways so I don’t really see the point in secure boot.
You can have it set so it fails to boot with secure boot disabled. Not part of my threat model but AFAIK it’s default even for Windows FDE.
Secure boot can be made secure in principle. The internal disk is encrypted, the bootloader stores the cryption key internally. When you change which OS is booted, the bootloader refuses to give out the key or deletes the key altogether. For one, you would immediately noticed that your OS was tampered with. For two, even when an alternative OS manages to boot, it can’t read your data.
