> Ted Unangst: > > If an adversary gains possession of your hard drive and gives it > > back to you, throw it away. > > li...@wrant.com: > > The advice Ted gives is much more than simply correct, it can > > further be extended to "do NOT accept electronics from people > > you can't accept in your trust model" > > Now think about the electronic devices that you bought from people you > don't know,
Which you choose to trust. If you know this party is out of your trust model, simply not accept back any "tampered" device they return to you. > At the moment we have only small bits of verifiable hardware/OSHW so > it's impossible to have "one solution" that covers all the threat > models, unfortunately. Indeed, but worth trying and eventually enumerate and close more models. I observe OpenBSD goes to more length than any other open free software.
