Collaborate Disseminate
I’m redoing my laptop installation from scratch, and this time I want a full secure boot chain.
Here’s what I did so far :
Enroll my own keys in the UEFI firmware
Sign my grub bootloader
Full disk encryption (implying /boot is encrypted a… Continue reading Secure boot + full disk encryption, should I sign the kernel?
I’ve now googled a lot, but the only information I can find is ‘kon-boot hides its code in BIOS memory and changes kernel-code on the fly’…
As far as I understand, UEFI initializes devices and tries to load bootloaders into memory from M… Continue reading How can kon-boot run code in UEFI?
For any file on your OS you can get a md5 or sha256 value and if you suspect anything you get it again and compare. I was wondering if there is any way to do the same with the bios and bootloader and check their integrity manually. Can you… Continue reading Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?
I’m choosing between Seabios and Tianocore as a coreboot payload.
Secure boot is a UEFI feature. I haven’t found any mention of it in seabios documentation. It must be not supported.
Can anyone confirm it, please?
I guess since I want to u… Continue reading Seabios and secure boot. Coreboot payload
This assumes that:
Machine is powered off
No UEFI backdoors
No Reflashing the firmware
No clearing the NVRAM (The point is to modify/read a small amount of NVRAM, instead of resetting it)
Device requires password to POST (Enforced by BIOS… Continue reading How hard is it to modify UEFI nvram if the device is off and the UEFI is locked?
I have a Dell Inspiron 2n1 laptop which recently noticed that it was affected by a bug called Boot Hole, which is a kind of damn bug that targets GRUB/Linux Secure Boot/Windows. And I might think it’s interfering on both virtualization sof… Continue reading My laptop was affected by Boot Hole bug. What now?
Is fTPM more secure than a real TPM module when using Bitlocker?
As far as I know, you should enable pre-boot authentication if you use a TPM module that is plugged separately onto the motherboard to prevent possible reading / sniffing of … Continue reading fTPM more secure than TPM when using Bitlocker?
How do you boot a Linux live image from a CDN using Https as boot protocol?
The reason for netbooting using a CDN would be to start fresh with a non persistent operating system image. Booting fresh via the network should make it harder to … Continue reading How do you boot from the network using https?
I want to restrict all USB boot media from my system, except for a certain USB boot drive that I declare secure via a certain key.
Is this possible using UEFI/Secure Boot/TPM? Maybe via TPM? TPM gets a private key and checks if public key … Continue reading Is it possible to allow only a certain secure USB boot media to boot an UEFI system?
I recently bought a used SanDisk SSD and I am curious to know if there is any way to assess the integrity of its firmware using information such as SMART or drive details.
In addition to SMART information, SanDisk Dashboard application als… Continue reading Is it possible to assess the integrity of an SSD’s firmware using SMART results or drive details?