Featured Articles

Hardening Guide for phpList
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Introducing BusKill: A Kill Cord for your Laptop
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
WordPress Multisite on the Darknet (Mercator .onion alias)
Detecting (Malicious) Unicode in GitHub PRs
Crowdfunding on Crowd Supply (Review of my experience)
previous arrow
next arrow

Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)

Verifying Boot Integrity with Heads, PureBoot

This post will help to provide historical context and demystify what's under the hood of Heads, PureBoot, and other tools to provide Trusted Boot.

I will not be presenting anything new in this article; I merely hope to provide a historical timeline and a curated list of resources.

Intro

The Librem Key cryptographically verifies the system's integrity and flashes red if it's detected tampering

I've always felt bad about two things:

Because I run QubesOS, I usually disable "Secure Boot" on my laptop I travel a lot, and I don't have a good way to verify the integrity of my laptop (eg from an Evil Maid that gains physical access to my computer)

To address this, I have turned to Heads and PureBoot -- a collection of technologies including an open-source firmware/BIOS, TPM, and a USB security key that can cryptographically verify the integrity of the lowest firmware (and up the chain to the OS).

While Purism has written many articles about PureBoot and has some (minimal) documentation, I found they did a lot of hand waving without explaining how the technology works (what the hell is a "BIOS measurement"?). So I spent a great deal of
. . . → Read More: Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)

Introducing BusKill: A Kill Cord for your Laptop

Bus Kill: A USB Kill Cord for your Laptop

This post will introduce a simple udev rule and ~$20 in USB hardware that effectively implements a kill cord Dead Man Switch to trigger your machine to self-destruct in the event that you're kicked out of the helm position.

Rubber Ducky I <3 you; you make hack time lots of fun!

Let's consider a scenario: You're at a public location (let's say a cafe) while necessarily authenticated into some super important service (let's say online banking). But what if--after you've carefully authenticated--someone snatch-and-runs with your laptop?

Maybe you can call your bank to freeze your accounts before they've done significant financial harm. Maybe you can't.

Or maybe your laptop was connected to your work VPN. In less than 60 seconds and with the help of a rubber ducky, the thief could literally cause millions of dollars in damages to your organization.

Surely there must be some solution to trigger your computer to lock, shutdown, or self-destruct when it's physically separated from you! There is: I call it BusKill.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Introducing BusKill: A Kill Cord for your Laptop

My Search for The Best MP3 Player

I'm going on another cross-country cycling trip this summer, and I'm in the market for a good, solid MP3 player.

Disclaimer: I'm a software guy who likes my devices to be good quality and long lasting. I'm by no means an audiophile, hardware tech, or professional MP3 player reviewer. All of my research was done using Google, and the only MP3 player I've owned is the Sansa e260 v2.

Requirements

Note: These are my personal requirements. They effectively eliminated a *lot* of products in the MP3 market.

1. Rockbox Support

First and foremost, I need rockbox support. Rockbox is a must-have FOSS firmware for MP3 players with a fantastic feature list. You can buy an MP3 player with terrific hardware design, but your experience can be absolutely ruined by poorly designed firmware. My old Sansa e260 was this way, but once I installed rockbox, it was like the device was freed from a software prison. And, of course--another benefit of it being open source--you can completely customize the look+feel of your MP3 player with other user's custom rockbox themes.

Here is a list of MP3 players (targets) and their support status for the Rockbox firmware.

2. Rugged Components that
. . . → Read More: My Search for The Best MP3 Player

New Look!

Well, my old server died (I think the processor fried itself somehow). Due to school workload, I wasn't able to properly configure a new server until now, thereby this blog has been down for months (and, surprisingly, I've actually had people comment about it being down--mostly because they were unable to flame me, though *shrug*).

Anyway, I've finally got a new (actually, it's quite old) rack-mountable server (minus the rack) running FreeBSD as a replacement. Moreover, I've changed the theme, so this site had both a different software and hardware look!

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

tech.michaelaltfield.net/