Le jeu. 17 mars 2016 à 16:08, Will Hill <[email protected]> a
écrit :
On Tuesday 15 March 2016, Denis 'GNUtoo' Carikli wrote:
For instance I'm personally very interested in activists threat
model,
that includes resisting to targeted physical attacks.
Currently, the most used setup (to my knowledge) to resist such
attacks
consists in:
- An FSF certified computer with libreboot.
- GRUB in the BIOS flash, that can open encrypted rootfs.
...
What's the advantage of GRUB in BIOS rather than root FS?
GRUB is never installed to the root filesystem AFAIK, only the config
usually is; but storing GRUB in flash allows you to encrypt the whole
hard disk. Overwriting the flash chip can be a bit harder than
overwriting a few sectors in your hard disk; some BIOS chips can be set
to read-only, etc. If an attacker gets his hands on GRUB he can learn
your encryption password or trick you into loading a compromised kernel.
