Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Are you suggesting that HW method is easier and/or safer than SW method?
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
When it is possible to do by HW method, why would you do it by the S method?
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
I'm not in a situation where I have to defend myself all the time, at all costs. As long as I don't have a proprietary BIOS, anything beyond disk encryption and maybe stuff like grsec and the like is overkill. So I don't see the point nor do I have the need for a GRUB password. It would be an amazing waste of time to get into my house, re-flash and go away just to hope getting my decryption passphrase (else, why not just take the whole computer anyway?). I feel your answer assumes I defend propriety BIOS, but it's early, I'm already tired and I don't have the time to dig much further. My point is that the suggested extra security is most likely extra burden since the probability for such an attack is so low. Plus the user base is so small I doubt it's even worth the time and effort. I mean you can harden your machine forever, it will never be safe unless you never turn it on. On that security spectrum (extreme but useless security to zero security but very useable): - GRUB password can be useful, but not that likely to actually be useful for most people. As you said, unwanted software reflashing would require root access. - Not being able to prevent software reflashing still allows for hardware reflashing, which is a highly unlikely scenario. There's no money in there, and too many risks.
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Actually more the other way around: "Why do it with the hardware method (which seems more cumbersome) when you can use the software method instead?"
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
On 14/12/16 22:05, m...@ruggedinbox.com wrote: > As for security (for the overly paranoid), > if someone reflashes the CPU (assuming he can have full access for a > long time, like when stealing it), as long as your drive is encrypted, > I don't see any advantage in allowing re-flashing through hardware only. > I suppose a GRUB password can be a hurdle to prevent software > re-flashing. > > But again, what's the point in securing this part? It's not like it's > likely to happen, and even if it does, it's not like you wouldn't > notice since you wouldn't be able to boot. > I mean the attacker would need the exact naming you used while setting > up Libreboot. You are almost right, but not there. What is reflashed is not the CPU, is the BIOS. What happens is the BIOS is reflashed even though the hard drive is encrypted? The reflashed BIOS would be backdoored, and in spite of encryption would be able to use the network connections to deliver any information from your computer to an outside spy. So you've got a safe BIOS, and you want to ensure it keeps being safe. What kind of attacks can you prevent? -Remote attack: some malicious code manages to enter your computer, get executed, and rewrite the BIOS. But this is not really different than getting rooted. It's like a rootkit, but in the BIOS rather than the hard drive. So in order to prevent it, you just need to follow the usual security measures that prevent getting rooted. -Physical attack: some attacker gets your computer and rewrites the BIOS, either by hardware (with an external computer) or software (booting from an USB drive). Both require physical access to your machine during about 15 minutes. The problem here is not your computer being stolen; the problem is when your computer is *not* stolen and you unsuspectedly continue using it without knowing it is backdoored and everything you do is being sent to spies (well, pretty much as having Microsoft Smart Screen activated) The GRUB password can be a hurdle to prevent software re-flashing? Yes, of course... but then, the BIOS chip could be unwelded from the motherboard and replaced by other BIOS chip chosen to be similar to yours... ...so, my point here...: Not only the BIOS chips needs to require a GRUB password in order to prevent rewriting of the BIOS booting from a USB drive, YOU need to require a password in order to ensure the BIOS that is in your computer hasn't been replaced! Think about it. -- Ignacio Agulló · agu...@ati.es
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
I see. But even in that case, having access with a Live USB wouldn't change much, right? But sure, that way, they won't be using it at all.
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Indeed. That's why I wrote "secure". In my case, I'm sharing a flat with a bunch of people. I don't want their friends to "use" my laptop at all, even with live distro on USB stick (even if they don't know what it is lol) The daunting welcome screen with GRUB password prompt is enough to scare them and press shutdown.
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Frankly, that's overkill. It's wasted effort. Encryption is enough, who cares if some ninja re-flashes my machine with some fake Libreboot, that would maybe record my passphrase or something? It's extremely unlikely such a scenario can happen. Plus, if we're talking about workstations, if the said ninja has access to the computer, it's faster and easier to switch the CPU for his. So hardening the access to re-flashing is even more pointless to me.
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Can it be re-flashed the SW method afterwards? By default, yes, but I think you can prevent it. Yes, that's what I tried to say, if the CPU is re-flashed, it doesn't give you access to the HDD or SSD if encrypted.
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Oh, your question is formulated like: "Why do it with the software method when you can use the hardware method instead?" Or am I reading this wrong?
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Some Libreboot compatible mobo / laptops require hardware flash the first time, some are able to be flashed from software (with flashrom) while running factory bios. Once Libreboot is flashed, it is always possible to flash from software. So if you want to stay somehow "secure", you want to put a password in the GRUB payload to prevent someone to boot a live distro and reflash from there.
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Can you explain this in an even clearer way? If libreboot is first flashed by the HW method, can it be re-flashed the SW method afterwards? But anyway, would it not be impossible for an adversary to gain access to your files on a fully encrypted harddisk even if s/he re-flashed the computer?
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Hence the question: Why bother with the HW method.
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
It sounds much easier indeed. As for security (for the overly paranoid), if someone reflashes the CPU (assuming he can have full access for a long time, like when stealing it), as long as your drive is encrypted, I don't see any advantage in allowing re-flashing through hardware only. I suppose a GRUB password can be a hurdle to prevent software re-flashing. But again, what's the point in securing this part? It's not like it's likely to happen, and even if it does, it's not like you wouldn't notice since you wouldn't be able to boot. I mean the attacker would need the exact naming you used while setting up Libreboot.
Re: [Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Well, if you use the software method you don't need a BeagleBoard and you don't have to touch the motherboard at all.
[Trisquel-users] Llibreboot - SW vs HW methods for X/T60
Apparently X60 and T60 can me flashed with libreboot by the hardware and the software methods respectively. When it is possible to do by HW method, why would you do it by the S method?
