undefined | Better HN

0 pointsdevops991y ago0 comments

> vs. FDE with a boot key stored in some cloud service secured with the user's password instead of a TPM

Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).

If there's a UEFI password to access UEFI settings, I can reset it in under 20 minutes with physical access. Some tamper-evident tape on the laptop casing may stop me if I haven't already had a resource intrude into the target's home/office to have some replacement tamper-evident sticker material ready. Very very few places, even some really smart ones, make use tamper-evident material. Glitter+glue tamper-evident seals are something I can't spoof though.

It's not that hard to get into a hotel room. Often enough if a business books a hotel for you it's because they want access to your laptop while you're at lunch with another employee who so kindly suggests to leave your backpack in the hotel room.

disclaimer: all above is fictional and for educational and entertainment purposes only

0 comments

AnthonyMouse1y ago

> Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).

Which is the same thing that happens with secure boot, because they just steal the whole device and leave you one that looks the same to enter your password into so it will send it to them.

Meanwhile if you're using tamper-evident materials then you don't need secure boot, because then they can't undetectably remove the cover to get physical access to remove your UEFI password or image the machine.

devops99OP1y ago

Thank you for prompting attention to the switcheroo.

This angle of attack is generally unheard of, but should be considered. I can think of some mitigations that can work.

Tamper-evident materials are well-known by the crowds that will target users. There are many criminals among us, so many that those who don't have criminal psychology have a hard time wrapping their mind around it. Given this, I am cynical, and every defense within reasonable cost should be leveraged.

j / k navigate · click thread line to collapse