From b85e7a19c5a10b9c2d5a439dd870903038af41e6 Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 10 Jun 2024 10:02:30 -0700 Subject: [PATCH] Clean up Signed-off-by: Tommy --- content/posts/knowledge/Laptop Hardware Security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/knowledge/Laptop Hardware Security/index.md b/content/posts/knowledge/Laptop Hardware Security/index.md index 5052ee4..b6bf5a5 100644 --- a/content/posts/knowledge/Laptop Hardware Security/index.md +++ b/content/posts/knowledge/Laptop Hardware Security/index.md @@ -129,7 +129,7 @@ Heads is built around the desire for the signing key for the firmware to be in t - The firmware checks if the files in /boot are signed by the GPG key. - If everything is as expected, the system will boot normally. -The problem with this design is that everything hinges on the boot block doing its initial measurements truthfully. Since the user is supposed be able to change the key, no key can be set up with Boot Guard to protect the boot block. The result is that there is nothing stopping an attacker from flashing a piece of malicious firmware that will just lie about the measurements. This is anagolous to asking a potential liar of they are being truthful. At best, Heads can protect against tampering of the disk, but it cannot protect against firmware tampering. +The problem with this design is that everything hinges on the boot block doing its initial measurements truthfully. Since the user is supposed be able to change the key, no key can be set up with Boot Guard to protect the boot block. The result is that there is nothing stopping an attacker from flashing a piece of malicious firmware that will just lie about the measurements. At best, Heads can protect against tampering of the disk, but it cannot protect against firmware tampering. #### PureBoot & Purism