-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 20/05/15 12:16, The Gluglug wrote: > > > On 20/05/15 11:30, Beni wrote: >> To replace a hard drive in a laptop you need to open up at least >> one screw. If you don't seal your screws and let people open up >> your laptop, you've got a problem anyway. Everyone can read your >> libreboot rom and reflash another rom, e.g. one that logs your >> passphrase somewhere. So that's dangerous anyway. > > You can write-protect the flash chip, in a way that then requires > external flashing (SPI programmer needed, in other words). This > also isn't perfect because the attacker can probably use a SPI > flasher, but with a randomized seal as you have pointed out, you > can detect if this has occurred. > It's also possible for you to read the flash chip contents, and verify the SHA512 hash. However, distros don't really have reproducible builds yet, and neither does libreboot. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVXG2EAAoJEP9Ft0z50c+U30wH/18lqC3kx1xSSN4aQBs+Xs3N 9ikLaEOZ3gihWB0FbQ+xjdpe9NWyyFfT0R+XFy7+UCbVyNOQ1pvdIf98ICnzyE3b HeObc0BOBB8LJKez7bMuCyIdU8dcmXKYAjC2k38JMBZ6SQStza7oyVkR/sIr/otL U56EBz51ln3Mm9gFjfJL3LWjyUmZo7+GYB+ZL9lFNUa4TRrk1b1glPG6ALHX7lF8 DC2riYhfDAYpJGtr+psOeG34xnm3PgiTy8Ir7O3BOm9ViExmIoK6ycOMJMpmdO+1 VlhCvvko5XOjcsJOu8fKMZjbO8sU/Sq9HQ8tYi5r57ei+c0MyGLUj6FPb85GlKM= =xGKA -----END PGP SIGNATURE-----
