On Thu, Mar 09, 2017 at 06:41:00PM +1100, Russell Coker wrote:
> I agree that reducing the attack surface is good, but I doubt that dealing
> with BIOS bugs actually achieves that goal. To get to the BIOS an attacker
> has to either compromise the kernel/acpid or gain physical access to the
> system. It's well known that there are a variety of ways of intercepting key
> presses that an attacker could use to get the passphrase to your encrypted
> filesystems, GPG key, etc after they made a copy of your disk.
> It's easy to imagine how EFI attacks could be useful in attacking a corporate
> desktop PC standard running Windows with signed kernel etc. But I can't
> imagine how it could be the most effective attack against the typical people
> who are involved in groups like this.
I look at it more as investing time and effort than threat models. It took me
maybe a week or two to set coreboot up on my T400, and now it's much less
exposed than its previous BIOS. In addition I've removed ME, so I have a mostly
free boot system running.
> Android is theoretically free software (ignoring the binary driver issue) via
> the AOSP. But in practice it's too difficult for me to install one of the
> versions, and I was using Linux in 1992!
You tend to have to get the phone that you know will work with a ROM.
Free-software-melb mailing list
Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/