undefined | Better HN

0 pointsclaudius13y ago0 comments

They would get quite a few pseudorandom numbers of mine, aside from a self-compiled Linux kernel. :-)

0 comments

3 comments · 1 top-level

snuxoll13y ago· 2 in thread

> aside from a self-compiled Linux kernel.

Likely sitting on an unencrypted /boot, waiting to be replaced by one with a keylogger, am I right? Of course a sane person doesn't trust a system that's been compromised before nuking it and reloading from a clean image.

claudiusOP13y ago

There is unfortunately relatively little you can do to thwart such an attack, apart from keeping your notebook with you at all/most times.

Though using a USB key for /boot might be an idea, it is a little less clunky than a ThinkPad and since I suspend to RAM most of the time, it could even be practical. Hm.

pak13y ago

Can't TPM be used for this? It could verify your /boot with keys external to the disk itself. I'm not sure if somebody has actually built a solution that uses it yet.

https://en.wikipedia.org/wiki/Trusted_Platform_Module

2 more replies

j / k navigate · click thread line to collapse