#499 Improved Boot Security

Closed
opened 6 months ago by jxself · 3 comments

I don't normally keep up with Purism but I have to say that this is interesting: https://puri.sm/posts/introducing-the-librem-key/

Along with https://puri.sm/posts/demonstrating-tamper-detection-with-heads/

It would be neat if that were available in libreboot; http://osresearch.net/

Although I think not all librebootable devices have a TPM. But perhaps there are other ways to pull off the idea without one.

I don't normally keep up with Purism but I have to say that this is interesting: https://puri.sm/posts/introducing-the-librem-key/ Along with https://puri.sm/posts/demonstrating-tamper-detection-with-heads/ It would be neat if that were available in libreboot; http://osresearch.net/ Although I think not all librebootable devices have a TPM. But perhaps there are other ways to pull off the idea without one.
Leah Rowe commented 6 months ago
Owner

It's not really that interesting. With a decent open diceware passphrase and full disk encryption (including /boot/) you should be pretty much OK.

And anyway it's not a good idea to promote Purism as a company, even if they do one or two nice things on occasion.

It's not really that interesting. With a decent open diceware passphrase and full disk encryption (including /boot/) you should be pretty much OK. And anyway it's not a good idea to promote Purism as a company, even if they do one or two nice things on occasion.
Leah Rowe commented 6 months ago
Owner

it's a nice concept, but please link to one that isn't sold by purism :)

it's a nice concept, but please link to one that isn't sold by purism :)
Swift Geek commented 6 months ago
Collaborator

It's a terrible concept that would just add obfuscation. TPM doesn't provide root of trust but relies on it. Possibility of replaying PCRs values on a target nullifies effects of TPM use in boot chain.

It's a terrible concept that would just add obfuscation. TPM doesn't provide root of trust but relies on it. Possibility of replaying PCRs values on a target nullifies effects of TPM use in boot chain.
Sign in to join this conversation.
Loading...
Cancel
Save
There is no content yet.