Featured Articles

Detecting (Malicious) Unicode in GitHub PRs
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Why I was banned from GrapheneOS by Daniel Micay
Techlore Interview (BusKill, Interdiction, and OpSec)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Hardening Guide for phpList
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Introducing BusKill: A Kill Cord for your Laptop
WordPress Multisite on the Darknet (Mercator .onion alias)
previous arrow
next arrow

Techlore Interview (BusKill, Interdiction, and OpSec)

By Michael Altfield, on December 9th, 2025
Michael Altfield Techlore Interview

I’m super happy that Techlore invited me on their YouTube channel to talk security and privacy 😀

Henry was mostly interested in my work with BusKill (an open-source dead man switch), but our conversation ran a gamut of issues regarding security and privacy — including

How to mitigate State-sponsored interdiction attacks, minimizing attack surfaces of mobile phones with broadband processors, the threats of AI “identity verification” systems on privacy, and much more

You can watch the full video below

Can’t see video above? Watch it on PeerTube at tehlore.tv or on YouTube at youtu.be/cptk6aBbJpU

If you’d like to purchase a BusKill cable, click here.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

tech.michaelaltfield.net/

Leave a comment  

Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)

By Michael Altfield, on February 16th, 2023
Verifying Boot Integrity with Heads, PureBoot

This post will help to provide historical context and demystify what’s under the hood of Heads, PureBoot, and other tools to provide Trusted Boot.

I will not be presenting anything new in this article; I merely hope to provide a historical timeline and a curated list of resources.

Intro

The Librem Key cryptographically verifies the system’s integrity and flashes red if it’s detected tampering

I’ve always felt bad about two things:

Because I run QubesOS, I usually disable “Secure Boot” on my laptop I travel a lot, and I don’t have a good way to verify the integrity of my laptop (eg from an Evil Maid that gains physical access to my computer)

To address this, I have turned to Heads and PureBoot — a collection of technologies including an open-source firmware/BIOS, TPM, and a USB security key that can cryptographically verify the integrity of the lowest firmware (and up the chain to the OS).

While Purism has written many articles about PureBoot and has some (minimal) documentation, I found they did a lot of hand waving without explaining how the technology works (what the hell is a “BIOS measurement”?). So I spent a great deal of
. . . → Read More: Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)

10 comments