On Sun, Mar 29, 2015 at 7:20 PM, Walter Dnes <waltd...@waltdnes.org> wrote: > On Sun, Mar 29, 2015 at 12:43:12PM +0200, lee wrote > >> That leaves the question why a user who isn't even logged in should >> be able to reboot, which IIRC they can by default with Ctrl+Alt+Del. >> Such users shouldn't be allowed to do anything but to log in. > > As the old saying goes... "If you don't have physical security, you > don't have any security". A malicious person at the physical keyboard > of the machine could just as easily yank the power cord of out of the > wall, insert a USB key into the machine, plug the machine back in, boot > up from the USB key, and copy over malicious binaries. >
With TPM, full-disk encryption, and a verified boot path, you could actually protect against that scenario (they'd have to tear apart the TPM chip and try to access the non-volatile storage directly, and the chips are specifically designed to defeat this). Secure boot would not hurt either (with your own keys). Of course, they could still try to hack in via USB/PCI/etc, or plant keyloggers and such. I'm not suggesting physical security isn't important. It just isn't a good reason to completely neglect console security. -- Rich
