This post will help to provide historical context and demystify what’s under the hood of Heads, PureBoot, and other tools to provide Trusted Boot.
I will not be presenting anything new in this article; I merely hope to provide a historical timeline and a curated list of resources.
Intro
The Librem Key cryptographically verifies the system’s integrity and flashes red if it’s detected tampering
I’ve always felt bad about two things:
Because I run QubesOS, I usually disable “Secure Boot” on my laptop I travel a lot, and I don’t have a good way to verify the integrity of my laptop (eg from an Evil Maid that gains physical access to my computer)
To address this, I have turned to Heads and PureBoot — a collection of technologies including an open-source firmware/BIOS, TPM, and a USB security key that can cryptographically verify the integrity of the lowest firmware (and up the chain to the OS).
While Purism has written many articles about PureBoot and has some (minimal) documentation, I found they did a lot of hand waving without explaining how the technology works (what the hell is a “BIOS measurement”?). So I spent a great deal of . . . → Read More: Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
This post will introduce a simple udev rule and ~$20 in USB hardware that effectively implements a kill cord Dead Man Switch to trigger your machine to self-destruct in the event that you’re kicked out of the helm position.
Rubber Ducky I <3 you; you make hack time lots of fun!
Let’s consider a scenario: You’re at a public location (let’s say a cafe) while necessarily authenticated into some super important service (let’s say online banking). But what if–after you’ve carefully authenticated–someone snatch-and-runs with your laptop?
Maybe you can call your bank to freeze your accounts before they’ve done significant financial harm. Maybe you can’t.
Or maybe your laptop was connected to your work VPN. In less than 60 seconds and with the help of a rubber ducky, the thief could literally cause millions of dollars in damages to your organization.
Surely there must be some solution to trigger your computer to lock, shutdown, or self-destruct when it’s physically separated from you! There is: I call it BusKill.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
I’m going on another cross-country cycling trip this summer, and I’m in the market for a good, solid MP3 player.
Disclaimer: I’m a software guy who likes my devices to be good quality and long lasting. I’m by no means an audiophile, hardware tech, or professional MP3 player reviewer. All of my research was done using Google, and the only MP3 player I’ve owned is the Sansa e260 v2.
Requirements
Note: These are my personal requirements. They effectively eliminated a *lot* of products in the MP3 market.
1. Rockbox Support
First and foremost, I need rockbox support. Rockbox is a must-have FOSS firmware for MP3 players with a fantastic feature list. You can buy an MP3 player with terrific hardware design, but your experience can be absolutely ruined by poorly designed firmware. My old Sansa e260 was this way, but once I installed rockbox, it was like the device was freed from a software prison. And, of course–another benefit of it being open source–you can completely customize the look+feel of your MP3 player with other user’s custom rockbox themes.
Here is a list of MP3 players (targets) and their support status for the Rockbox firmware.
Well, my old server died (I think the processor fried itself somehow). Due to school workload, I wasn’t able to properly configure a new server until now, thereby this blog has been down for months (and, surprisingly, I’ve actually had people comment about it being down–mostly because they were unable to flame me, though *shrug*).
Anyway, I’ve finally got a new (actually, it’s quite old) rack-mountable server (minus the rack) running FreeBSD as a replacement. Moreover, I’ve changed the theme, so this site had both a different software and hardware look!
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
About Michael
tech.michaelaltfield.net/
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
