On this deserted island I could use some help()

unlawfulbooger@lemmy.blahaj.zone · 18 days ago

Well yes, assuming that:

you trust the hardware manufacturer
you can install your own keys (i.e. not locked by vendor)
you secure your bios with a secure password
you disable usb / network boot

With this you can make your laptop very tamper resistant. It will be basically impossible to tamper with the bootloader while the laptop is off. (e.g install keylogger to get disk-encryption password).

What they can do, is wipe the bios, which will remove your custom keys and will not boot your computer with secure boot enabled.

Something like a supply-side attack is still possible however. (e.g. tricking you into installing a malicious bootloader while the PC is booted)

Always use security in multiple layers, and to think about what you are securing yourself from.

unlawfulbooger@lemmy.blahaj.zone · 1 month ago

And don’t just fork it on GitHub, if the original repo gets deleted, any forks might too.

Also do a git clone locally, or set up a mirror on another host.

unlawfulbooger@lemmy.blahaj.zone · 2 years ago

On this deserted island I could use some help()