Bodie writes: > access then you are screwed. It is just matter of your importance to > attacker if it will be sooner or later.
You briefly touch on it here > Attacks on CEO level mentioned in post....they have already laptop > made in China and there is plenty of examples how HW is screwed up > these days by firmware and other code doing all the crazy stuff where > even best OS can not help to protect against But then go and ignore it here. There are threat levels between Johnny Nobody and NSA's Most Wanted. While both attacks are eminently possible, attacking the hardware or firmware is hard while attacking the bootloader is easy, if for no other reason than by the time you get to the boot loader you effectively have 1 possible architecture to deal with and plenty of space in which to do it. I've achieved with little fuss what was originally requested in this thread on Linux and FreeBSD and I may or may not have done so using OpenBSD. I forget whether I got it working or not - probably did as it's reputedly possible and I do remember poring over OpenBSD's boot loader code to find something out but I needed a hypervisor on the tin and FreeBSD and Linux were the only options there. So if it's easy to do and the inconvenience is acceptable, it provides protection which is in some cases unnecessary and in some insufficient but is neither in all. Matthew
