fsebugoutzone.org:9999

       Post AEXMhSlQJFLOrubfLE by y0x3y@hackers.town
 (DIR) More posts by y0x3y@hackers.town
 (DIR) Post #AEXHQ5hOJOzqdjcLcu by alexandra@mk.nixnet.social
       2021-12-18T17:52:42.548Z
       
       1 likes, 1 repeats
       
       I still haven&#39;t been able to determine the threat model for secure bootis it someone who doesn&#39;t know how to get a signed copy of grub2?
       
 (DIR) Post #AEXHTM0W8MJw5Y7TU0 by penny@cute.science
       2021-12-18T17:53:26.883397Z
       
       0 likes, 0 repeats
       
       @alexandra computer yells at you if someone replaces your signed grub 2
       
 (DIR) Post #AEXINXLBBTNzSFZeka by lanodan@queer.hacktivis.me
       2021-12-18T18:03:31.513395Z
       
       0 likes, 0 repeats
       
       @alexandra Only way I would have something close to secure boot would be a smartcard which verifies a signature against my own keys.
       
 (DIR) Post #AEXMhRqhi7yS204Mvw by alexandra@mk.nixnet.social
       2021-12-18T18:06:31.200Z
       
       0 likes, 0 repeats
       
       @penny@cute.science but they could just use their own signed grub2 to boot an evil OS so...?
       
 (DIR) Post #AEXMhSEoGVFxElLcVU by alexandra@mk.nixnet.social
       2021-12-18T18:07:59.539Z
       
       0 likes, 0 repeats
       
       @penny@cute.science or replace your config file and/or kernel and/or initramfs for an evil maid attack
       
 (DIR) Post #AEXMhSlQJFLOrubfLE by y0x3y@hackers.town
       2021-12-18T18:22:11Z
       
       0 likes, 0 repeats
       
       @alexandra @penny defense in depth is an effective tactic, not all opponents are nation states or so deliberate
       
 (DIR) Post #AEXMhTCiflB8EZNSt6 by alexandra@mk.nixnet.social
       2021-12-18T18:31:15.101Z
       
       0 likes, 0 repeats
       
       @y0x3y@hackers.town @penny@cute.science This isn&#39;t a difficult attack that takes nation-state resources though, replace initramfs with one that contains a few binaries and a fairly simple script that prints the normal spew you get from your initramfs with roughly the right timings, connects to the network, prompts for your disk decryption passphrase, and sends it over a TCP connection to a hard-coded address. Or if you can&#39;t configure the network save it to a hidden file on the boot partition and come back later to recover it.This would be pretty easy for someone to make for script kiddies (you&#39;d need roughly one version per distro) and putting it in place consists of copying a file to the boot partition.
       
 (DIR) Post #AEXMhTcF8raxVjJqfg by penny@cute.science
       2021-12-18T18:51:59.725952Z
       
       0 likes, 0 repeats
       
       @alexandra @y0x3y