On Thu, Mar 09, 2017 at 06:41:00PM +1100, Russell Coker wrote:
> I agree that reducing the attack surface is good, but I doubt that dealing 
> with BIOS bugs actually achieves that goal.  To get to the BIOS an attacker 
> has to either compromise the kernel/acpid or gain physical access to the 
> system.  It's well known that there are a variety of ways of intercepting key 
> presses that an attacker could use to get the passphrase to your encrypted 
> filesystems, GPG key, etc after they made a copy of your disk.
> It's easy to imagine how EFI attacks could be useful in attacking a corporate 
> desktop PC standard running Windows with signed kernel etc.  But I can't 
> imagine how it could be the most effective attack against the typical people 
> who are involved in groups like this.

I look at it more as investing time and effort than threat models. It took me
maybe a week or two to set coreboot up on my T400, and now it's much less
exposed than its previous BIOS. In addition I've removed ME, so I have a mostly
free boot system running.

> Android is theoretically free software (ignoring the binary driver issue) via 
> the AOSP.  But in practice it's too difficult for me to install one of the 
> other 
> versions, and I was using Linux in 1992!

You tend to have to get the phone that you know will work with a ROM.
Free-software-melb mailing list

Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Reply via email to