diff --git a/content/posts/knowledge/Laptop Hardware Security/index.md b/content/posts/knowledge/Laptop Hardware Security/index.md index 61f663f..ef67095 100644 --- a/content/posts/knowledge/Laptop Hardware Security/index.md +++ b/content/posts/knowledge/Laptop Hardware Security/index.md @@ -139,7 +139,7 @@ The problem with this design is that everything hinges on the boot block doing i #### PureBoot & Purism -![Librem 14](librem-14.png) +![Purism](purism.png) Purism sells their laptops with PureBoot, a fork of Heads. It works in pretty much the same way, with a few extra features. @@ -147,7 +147,7 @@ Let's go through some of their claims and contrast that agains reality. > PureBoot can protect against firmware tampering. -It cannot protect against firmware tampering as discussed in the [Heads](#heads) section. +It cannot protect against firmware tampering as discussed in the [Heads](#heads) section. It does not even work conceptually, and the bypass will always be there. Just to be clear, this is not a vulnerability - this is an inherent flaw in the design that cannot be fixed. > [The ME is disabled (HAP set to 1), and mostly wiped with `me_cleaner`](https://puri.sm/learn/intel-me/). @@ -181,7 +181,7 @@ Some laptop brands may set up Boot Guard correctly and meet a high HSI level, bu ### Ancient laptops -![Stallman and his Thinkpad](stallma-thinkpad.webp) +![Stallman and his Thinkpad](stallman-thinkpad.webp) ### RYF and the Illusion of Freedom diff --git a/content/posts/knowledge/Laptop Hardware Security/librem-14.png b/content/posts/knowledge/Laptop Hardware Security/librem-14.png deleted file mode 100644 index 2f840f6..0000000 Binary files a/content/posts/knowledge/Laptop Hardware Security/librem-14.png and /dev/null differ diff --git a/content/posts/knowledge/Laptop Hardware Security/purism.png b/content/posts/knowledge/Laptop Hardware Security/purism.png new file mode 100644 index 0000000..7452fd9 Binary files /dev/null and b/content/posts/knowledge/Laptop Hardware Security/purism.png differ