On Mon, Jun 28, 2021 at 07:56:47PM -0400, Stefan Monnier wrote:
Along with SED, I suggest that you also implement Secure Boot.
Can someone give me pointers to actually known attacks (not
hypothetical ones, which I can invent myself without much difficulty)
that would have been prevented by Secure Boot?
Basically, subverting the unencrypted loader amounts to what is known
as "evil maid attack" [1]: the most practical variant being that the
subverted loader records your passphrase (or whatever auth thingie you
provide) and either "phones home" or stashes it away in a place your
opponent can retrieve it.
The second time they have control over your device, they can unlock
the disk.
The whole thing is well described in Wikipedia [2], along with some
accounts of actual cases.
So /if/ you leave your laptop unsupervised and have the hunch that
someone might have a chance at it, make sure you reinstall :-)
There is another, low-tech alternative to the monstrous Secure
Boot [3] thingies bandied around here: carry your real boot partition
with you, either in an USB stick or (nicer form factor) an SD card.
Bonus points: you can leave a fake boot partition in your hard disk
which can be checked at each boot; if it changed, you can go "Hmmm...
someone tried to fool me..." and perhaps send them some passphrase.
The wrong one, of course.
Cheers
[1] Yes, a sexist term, but it stuck, unfortunately. OTOH, perhaps
it's realistic in that it acknowledges that underpaid jobs are
usually carried out by women. Sigh.
[2] https://en.wikipedia.org/wiki/Evil_maid_attack
[3] I always have the impression that, with Secure Boot, Microsoft
has more control of the hardware (I paid for dearly, dammit!)
than myself. Don't ask me why, but I thoroughly dislike that
impression. So far I try to steer clear of it.