libreboot
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libreboot] Password protected Grub entries

From: The Gluglug
Subject: Re: [Libreboot] Password protected Grub entries
Date: Wed, 20 May 2015 12:16:50 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 20/05/15 11:30, Beni wrote:
> To replace a hard drive in a laptop you need to open up at least
> one screw. If you don't seal your screws and let people open up
> your laptop, you've got a problem anyway. Everyone can read your
> libreboot rom and reflash another rom, e.g. one that logs your
> passphrase somewhere. So that's dangerous anyway.

You can write-protect the flash chip, in a way that then requires
external flashing (SPI programmer needed, in other words). This also
isn't perfect because the attacker can probably use a SPI flasher, but
with a randomized seal as you have pointed out, you can detect if this
has occurred.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVXG0iAAoJEP9Ft0z50c+UU4QH/AgEp0KWuhlTFkeuTjEftqCT
OXmNyUbIP9dSDlN7oPI5Md58e/0epDByzZrIyMKIeUvxAOO2e13mLFIfcqOktmv3
9cOyJOBFbTdX92wRk2Zb9PQUzX05GsbpUzgVOq08zr7YavzEg5IEM72Inup1ErBD
yUEU5aXUWthGdVCyvUcjRsaSEzouEY80QmztyLumt74vYY5wgmE38OHLdhrH2aQB
ZmEZ2qPIe44YFm1+PPF90kVBjimKGtV0YdoELnFhsUUwshEz1oAz/rQABcoOmCNu
7BG7j5aL4z7C9/681bMh5SAoVa7JeJyGDBQJ3TxWwTB7cng/zwu3FWnWM7tsOlQ=
=uo0G
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]