Hi, (the "starting a new thread on each follow-up" problem was addressed off-list; thank you, Michael! :)
I'm glad I've asked the question of the target audience, since as we'll see below, it's a little bit tricky. Michael English wrote (16 Mar 2016 00:22:11 GMT) : > First, we should identify the problem. Tails does not replace all of the > software on one's computer. There is additional storage on the SPI flash > chip which carries the BIOS and ME, and there is the USB stick which has > its own firmware. As shown by LegbaCore, this software outside of Tails > can be easily infected. “Since almost no organizations in the world > provide BIOS patch management, it is almost guaranteed that any given > system has at least one exploitable BIOS vulnerability that has > previously been publicly disclosed. Also, the high amount of code reuse > across UEFI BIOSes means that BIOS infection is automatable and > reliable.” Once the firmware is infected, the malware is more privileged > than all applications and operating systems. Basically, Tails is > completely useless on insecure hardware. This last sentence is only true in face of a very small class of adversaries, given Tails threat model. Against a much bigger class of adversaries, Tails is still very useful, even when run on insecure hardware. > Your question about the audience is a bit of a leading question. All > Tails users should be the audience. Currently, Tails only has > documentation about warnings of firmware vulnerabilities. However, > readers have no course of action to take against this serious problem. > Anyone who cares about their privacy/security/freedom enough to run > Tails should purchase or configure secure hardware. It seems to be that you're assuming that 1. all current Tails users face very powerful adversaries, and that 2. we should optimize our work towards this use case. I don't think the former is correct currently, and I beg to disagree with the latter. I think that Tails is useful against a wide range of adversaries, including some who won't exploit hardware/firmware security issues, and I would like it to stay this way. I would not be happy to see Tails disregard a big part of its current (and presumably, future) audience, because the "don't care enough" to "purchase or configure secure hardware". In particular, I want us to go on being as inclusive as we reasonably can wrt. those who cannot (economically) afford purchasing secure hardware, or who cannot (technically) configure secure hardware. > One solution to the vulnerable SPI flash chip that we can document is > Libreboot. Unlike Coreboot, Libreboot is completely open-source without > the Intel FSP and provides easy to understand documentation. Yes, I would totally agree to link to documentation explaining how to do that, from the place in our own doc that states that firmware can be part of what your adversary controls. Now, we need to be extra clear regarding what are the pre-requisites in terms of time and skills, because sending people to a place where they won't understand a thing is not exactly helpful for them :) > There are > two options to get a Libreboot X200. First, one can buy a refurbished > Lenovo ThinkPad X200 from a electronics store like Newegg in the United > States. (I assume that there is a European equivalent.) Then, he or she > can follow the relatively easy-to-understand instructions on the > Libreboot website for installing the BIOS > https://libreboot.org/docs/hcl/x200.html and removing the ME > https://libreboot.org/docs/hcl/gm45_remove_me.html . I've tried to follow these instructions and they lead me to https://libreboot.org/docs/install/x200_external.html, that IMO is arguably waaaay too hard technically, and requires waaaay too much time, for the huge majority of our target user base. > Second, one can buy > a laptop with Libreboot pre-installed. The Free Software Foundation has > a list of hardware that respects your freedom and currently includes two > companies that sell Libreboot laptops: > https://www.fsf.org/resources/hw/endorsement/respects-your-freedom . I > personally recommend Minifree which is run by the same person who > founded Libreboot. When buying a laptop with Libreboot pre-installed, > one does not have to worry about making a mistake in the installation > process, financially supports Libreboot, and gets a longer warranty in > the case of Minifree which offers a whole two year warranty. I do not > recommend that we specifically promote one company on the Tails website, > but we should link to the Respects Your Freedom page as an option > instead of the manual install. OK, that's an option indeed. Now, this all boils down to a couple question users need to ask themselves, i.e. "can I trust Minifree more than Lenovo/Intel to not backdoor the firmware they install on my computer?", and "can I trust Minifree's supply chain not to be tampered with by the very same powerful adversaries that Libreboot aims at resisting against?". > Another small note about the X200 is that it has a wireless kill switch > to prevent the leaking of sensitive information over the network without > the user noticing. Any reference showing that it's a _hardware_ kill switch, i.e. one that really disconnects power, instead of merely indicating to the firmware/OS that the user wishes to turn the Wi-Fi off? Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.