Llibreboot - SW vs HW methods for X/T60
- Inicie sesión ou rexístrese para enviar comentarios
Apparently X60 and T60 can me flashed with libreboot by the hardware and the software methods respectively.
When it is possible to do by HW method, why would you do it by the S method?
Well, if you use the software method you don't need a BeagleBoard and you don't have to touch the motherboard at all.
Hence the question: Why bother with the HW method.
Oh, your question is formulated like: "Why do it with the software method when you can use the hardware method instead?" Or am I reading this wrong?
Actually more the other way around: "Why do it with the hardware method (which seems more cumbersome) when you can use the software method instead?"
It sounds much easier indeed.
As for security (for the overly paranoid),
if someone reflashes the CPU (assuming he can have full access for a long time, like when stealing it), as long as your drive is encrypted, I don't see any advantage in allowing re-flashing through hardware only.
I suppose a GRUB password can be a hurdle to prevent software re-flashing.
But again, what's the point in securing this part? It's not like it's likely to happen, and even if it does, it's not like you wouldn't notice since you wouldn't be able to boot.
I mean the attacker would need the exact naming you used while setting up Libreboot.
Can you explain this in an even clearer way?
If libreboot is first flashed by the HW method, can it be re-flashed the SW method afterwards?
But anyway, would it not be impossible for an adversary to gain access to your files on a fully encrypted harddisk even if s/he re-flashed the computer?
Can it be re-flashed the SW method afterwards? By default, yes, but I think you can prevent it.
Yes, that's what I tried to say, if the CPU is re-flashed, it doesn't give you access to the HDD or SSD if encrypted.
EDIT: I probably mad a mistake when I said that Libreboot had to b configured in a very specific way else it can't boot.
But there's some truth to it since it must be the specific libreboot for a specific kind of computer etc.
I re-flashed my machine the software way, and sure I'm far from an expert, but it's still difficult enough, and with plenty of mistakes asking to happen.
I mean, that attacker has too much time on his hands.
On 14/12/16 22:05, name at domain wrote:
> As for security (for the overly paranoid),
> if someone reflashes the CPU (assuming he can have full access for a
> long time, like when stealing it), as long as your drive is encrypted,
> I don't see any advantage in allowing re-flashing through hardware only.
> I suppose a GRUB password can be a hurdle to prevent software
> re-flashing.
>
> But again, what's the point in securing this part? It's not like it's
> likely to happen, and even if it does, it's not like you wouldn't
> notice since you wouldn't be able to boot.
> I mean the attacker would need the exact naming you used while setting
> up Libreboot.
You are almost right, but not there. What is reflashed is not the
CPU, is the BIOS.
What happens is the BIOS is reflashed even though the hard drive is
encrypted? The reflashed BIOS would be backdoored, and in spite of
encryption would be able to use the network connections to deliver any
information from your computer to an outside spy.
So you've got a safe BIOS, and you want to ensure it keeps being
safe. What kind of attacks can you prevent?
-Remote attack: some malicious code manages to enter your computer, get
executed, and rewrite the BIOS. But this is not really different than
getting rooted. It's like a rootkit, but in the BIOS rather than the
hard drive. So in order to prevent it, you just need to follow the
usual security measures that prevent getting rooted.
-Physical attack: some attacker gets your computer and rewrites the
BIOS, either by hardware (with an external computer) or software
(booting from an USB drive). Both require physical access to your
machine during about 15 minutes. The problem here is not your computer
being stolen; the problem is when your computer is *not* stolen and you
unsuspectedly continue using it without knowing it is backdoored and
everything you do is being sent to spies (well, pretty much as having
Microsoft Smart Screen activated)
The GRUB password can be a hurdle to prevent software re-flashing?
Yes, of course... but then, the BIOS chip could be unwelded from the
motherboard and replaced by other BIOS chip chosen to be similar to yours...
...so, my point here...: Not only the BIOS chips needs to require a
GRUB password in order to prevent rewriting of the BIOS booting from a
USB drive, YOU need to require a password in order to ensure the BIOS
that is in your computer hasn't been replaced! Think about it.
--
Ignacio Agulló · name at domain
I'm not in a situation where I have to defend myself all the time, at all costs. As long as I don't have a proprietary BIOS, anything beyond disk encryption and maybe stuff like grsec and the like is overkill.
So I don't see the point nor do I have the need for a GRUB password. It would be an amazing waste of time to get into my house, re-flash and go away just to hope getting my decryption passphrase (else, why not just take the whole computer anyway?).
I feel your answer assumes I defend propriety BIOS, but it's early, I'm already tired and I don't have the time to dig much further.
My point is that the suggested extra security is most likely extra burden since the probability for such an attack is so low.
Plus the user base is so small I doubt it's even worth the time and effort.
I mean you can harden your machine forever, it will never be safe unless you never turn it on. On that security spectrum (extreme but useless security to zero security but very useable):
- GRUB password can be useful, but not that likely to actually be useful for most people. As you said, unwanted software reflashing would require root access.
- Not being able to prevent software reflashing still allows for hardware reflashing, which is a highly unlikely scenario. There's no money in there, and too many risks.
EDIT (I'll leave what I've previously written just in case you answer something based on that in the mean time. By the way, please disregard the part where I assume you think I defend using a proprietary BIOS):
Now that I can take my time,
Regarding physical attacks,
What happens is the BIOS is reflashed even though the hard drive is
encrypted? The reflashed BIOS would be backdoored, and in spite of
encryption would be able to use the network connections to deliver any
information from your computer to an outside spy.
Sure, but that means a crazilyy motivated person. Tons of risks for very little return on average (assuming someone can access my computer without me knowing, and leave, and repeat the process with other people).
Regarding remote attacks, as you said, if the attacker gets to this point, it's rather pointless to worry about BIOS manipulation/replacement.
The GRUB password can be a hurdle to prevent software re-flashing?
Yes, of course... but then, the BIOS chip could be unwelded from the
motherboard and replaced by other BIOS chip chosen to be similar to yours...
I agree, since that was one of the points I've made.
...so, my point here...: Not only the BIOS chips needs to require a
GRUB password in order to prevent rewriting of the BIOS booting from a
USB drive, YOU need to require a password in order to ensure the BIOS
that is in your computer hasn't been replaced! Think about it.
I see what you mean, but my point is this has as much chances of happening as me becoming Batman.
Therefore, it is a waste of time (to me, may I add).
But you're right, I need to get more familiar with the "innards" of a computer.
I see. But even in that case, having access with a Live USB wouldn't change much, right? But sure, that way, they won't be using it at all.
- Inicie sesión ou rexístrese para enviar comentarios