On Wed, Mar 04, 2020 at 03:28:35PM +0000, Kevin Chadwick wrote: > On 2020-03-04 11:38, Ottavio Caruso wrote: > > Probably not what you were looking for but, back in the days when I > > was ultra paranoid about my web browsing, I used to use stripped down > > live usb installations of Linux distros (DSL was one of them that I > > remember). I ignore if OpenBSD comes with such a solution out the box, > > but I'm sure it wouldn't be difficult to make your own read-only > > install. Then, you could either reboot from it or run it through an > > emulator. > > A live cd is read-only and is also something I did for a while in my teenage > years. Knoppix, Insert were examples and STD was another aptly named one as it
a read only cd don't give you any defense againt uefi rootkit > > However, considering OpenBSD replaces it's whole base every upgrade with > signed > binaries, then you get all of that for free. You can even double check the > bios > with flashrom (less so on laptops), bootloader, signing keys, packages etc., > if > you want to. > if your kernel is infected with uefi rootkit most probably double check uefi or bios with flashrom is absolutely not useful. > If this effort is really worth it, then it probably makes more sense than > trusting someone else to package up a usb linux distro or CD. > the problem is not trusting people that make package, the problem is the sites you visit.
