On Thu, Mar 09, 2017 at 06:41:00PM +1100, Russell Coker wrote: > I agree that reducing the attack surface is good, but I doubt that dealing > with BIOS bugs actually achieves that goal. To get to the BIOS an attacker > has to either compromise the kernel/acpid or gain physical access to the > system. It's well known that there are a variety of ways of intercepting key > presses that an attacker could use to get the passphrase to your encrypted > filesystems, GPG key, etc after they made a copy of your disk. > > It's easy to imagine how EFI attacks could be useful in attacking a corporate > desktop PC standard running Windows with signed kernel etc. But I can't > imagine how it could be the most effective attack against the typical people > who are involved in groups like this.
I look at it more as investing time and effort than threat models. It took me maybe a week or two to set coreboot up on my T400, and now it's much less exposed than its previous BIOS. In addition I've removed ME, so I have a mostly free boot system running. > Android is theoretically free software (ignoring the binary driver issue) via > the AOSP. But in practice it's too difficult for me to install one of the > other > versions, and I was using Linux in 1992! You tend to have to get the phone that you know will work with a ROM. _______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/