[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libreboot] Password protected Grub entries

From: Beni
Subject: Re: [Libreboot] Password protected Grub entries
Date: Wed, 20 May 2015 13:20:34 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0

> On 20/05/15 11:30, Beni wrote:
>> To replace a hard drive in a laptop you need to open up at least
>> one screw. If you don't seal your screws and let people open up
>> your laptop, you've got a problem anyway. Everyone can read your
>> libreboot rom and reflash another rom, e.g. one that logs your
>> passphrase somewhere. So that's dangerous anyway.
> You can write-protect the flash chip, in a way that then requires
> external flashing (SPI programmer needed, in other words). This also
> isn't perfect because the attacker can probably use a SPI flasher, but
> with a randomized seal as you have pointed out, you can detect if this
> has occurred.

I still don't get why a seal prevents someone from flashing the chip but
not from replacing the hard drive. You could also check your hard drive
ID to make sure it has not been replaced.

In my opinion the danger of hard drive replacement is the same as
re-flashing the rom.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]