Re: [Libreboot] Libreplanet keynote questions

[Daniel Tarrero]

On Tue, Mar 15, 2016 at 08:59:43PM +0100, Denis 'GNUtoo' Carikli wrote:
> Hi,
> 
> Edward Snowden will be giving the keynote of this year's Libreplanet.
> I saw a video of him speaking at an IETF event, remotely. People had
> many questions, many technical.
> 
> So I was thinking that we, the libreboot community, could prepare a
> list of questions before the event.
> 
> We would for instance explain what is libreboot and ask questions
> related to it.
> 
> For instance I'm personally very interested in activists threat model,
> that includes resisting to targeted physical attacks.
> 
> Currently, the most used setup (to my knowledge) to resist such attacks
> consists in:
> - An FSF certified computer with libreboot.
> - GRUB in the BIOS flash, that can open encrypted rootfs.
> - The full rootfs (including /boot) encrypted with LUKS.
> - GRUB password and nail polish/glue seals to prevent reflashing by an
>   attacker. The idea is to create random patterns that would be hard
>   to reproduce or restore if the seals are broken. Pictures of it are
>   taken, and the users verifies that the pattern matches before
>   entering the passphrase.
> - The laptop would be configured to prevent external connectors from
>   providing DMA channels to the system's RAM, before the users enters
>   the passphrase.
> - The embedded controller firmware is non-free, we should probably fix
>   that.
> 
> Another approach would be a chromebook-like security model combined
> with Tails instead of chromeOS. Unfortunately that's not implemented
> yet.
> 
> I wondered how safe was the former kind of setup, for instance:
> -> Is the default aes-xts-plain64 cipher (with a 256 or 512 bit key
>    size) resistant to malicious HDD firmware. Here the firmware would
>    deliberately and actively try to attack the cryptography. I'm also
>    supposing that the SATA interface won't give it access to the
>    system's RAM, because its DMA is between the HDD and the SATA
>    controller. I hope that there are no bugs that permits access to
>    the system's RAM.
>    Would authenticated cryptography affect it in any way?
> -> How to learn to not be able to give the HDD passphrase if we want to.
>    Do the hands have to learn the passphrase but not the brain?
> 
> And more generally:
> -> To what extent is the intelligence community targeting individual
>    free software developers involved the development of privacy
>    enhancing software.
>    Is it always possible for such individual developer to know this is
>    happening.
>    To what extent does that affect the ability of such person to
>    continue working on privacy enhancing software (where the individuals
>    are aware of it, and when they are not)?
> -> What are the differences between handling the security of individual
>    people and an organization.
>    For instance an organization would tend to man in the middle TLS to
>    look for data exfiltration.
>    An individual would, on the contrary, use the tor-browser.
>    What(between organizations and individuals) would be more efficient
>    for activism. Here I'm assuming that surveillance makes activism
>    less efficient.
> 
> The question don't target any specific country or political system, so
> the answer might differ accordingly.
> 
> Maybe someone has ideas to improve the list, and/or to add questions to
> it
> 
> PS: Note that I can't come to libreplanet this year.
> 
> Denis.

i wont be able to be there, i hope someone find some of this interesting too 
and can ask & transcript the answers! 8)

some questions about all this "privacy, data security and firmware" stuff:

- i like libreboot & see the uefi boot system comming, self signed boot roms 
and CA's: will this be as strong as it seems?

- IoT, PxE, AMT, iME, SoC's, mobile phones, wearables, drones, firms & chips 
everywhere!: are the firmwares the "only-one" "flag" to capture? what can we do 
with undocumented chip/ports features, from an atheist perspective ;)? are 
there trusted hardware manufacturers?
i miss a trusted link in the platform :,( FSF-libreboot-<hardware>-user

- Tempest attacks, aka 'chip exfiltrations to reverse cryptographyc keys': how 
close is this to be "in the wild"? are there some key meassures that someone 
can take to avoid this?

- the net, open source, activism, information leaks, the growing and needed 
share knowledge global culture 8,): appart from keep on going with libreboot, 
what can we do better? what else? join others?

love to snowden, smart, honor, and big courage, all a human can bring with him 
and be proud of
D