[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Libreboot] Libreplanet keynote questions

From: Denis 'GNUtoo' Carikli
Subject: [Libreboot] Libreplanet keynote questions
Date: Tue, 15 Mar 2016 20:59:43 +0100


Edward Snowden will be giving the keynote of this year's Libreplanet.
I saw a video of him speaking at an IETF event, remotely. People had
many questions, many technical.

So I was thinking that we, the libreboot community, could prepare a
list of questions before the event.

We would for instance explain what is libreboot and ask questions
related to it.

For instance I'm personally very interested in activists threat model,
that includes resisting to targeted physical attacks.

Currently, the most used setup (to my knowledge) to resist such attacks
consists in:
- An FSF certified computer with libreboot.
- GRUB in the BIOS flash, that can open encrypted rootfs.
- The full rootfs (including /boot) encrypted with LUKS.
- GRUB password and nail polish/glue seals to prevent reflashing by an
  attacker. The idea is to create random patterns that would be hard
  to reproduce or restore if the seals are broken. Pictures of it are
  taken, and the users verifies that the pattern matches before
  entering the passphrase.
- The laptop would be configured to prevent external connectors from
  providing DMA channels to the system's RAM, before the users enters
  the passphrase.
- The embedded controller firmware is non-free, we should probably fix

Another approach would be a chromebook-like security model combined
with Tails instead of chromeOS. Unfortunately that's not implemented

I wondered how safe was the former kind of setup, for instance:
-> Is the default aes-xts-plain64 cipher (with a 256 or 512 bit key
   size) resistant to malicious HDD firmware. Here the firmware would
   deliberately and actively try to attack the cryptography. I'm also
   supposing that the SATA interface won't give it access to the
   system's RAM, because its DMA is between the HDD and the SATA
   controller. I hope that there are no bugs that permits access to
   the system's RAM.
   Would authenticated cryptography affect it in any way?
-> How to learn to not be able to give the HDD passphrase if we want to.
   Do the hands have to learn the passphrase but not the brain?

And more generally:
-> To what extent is the intelligence community targeting individual
   free software developers involved the development of privacy
   enhancing software.
   Is it always possible for such individual developer to know this is
   To what extent does that affect the ability of such person to
   continue working on privacy enhancing software (where the individuals
   are aware of it, and when they are not)?
-> What are the differences between handling the security of individual
   people and an organization.
   For instance an organization would tend to man in the middle TLS to
   look for data exfiltration.
   An individual would, on the contrary, use the tor-browser.
   What(between organizations and individuals) would be more efficient
   for activism. Here I'm assuming that surveillance makes activism
   less efficient.

The question don't target any specific country or political system, so
the answer might differ accordingly.

Maybe someone has ideas to improve the list, and/or to add questions to

PS: Note that I can't come to libreplanet this year.


Attachment: pgpJeZJ1hKT3Z.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]