On Thu, Oct 04, 2018 at 02:34:58PM +1000, Zenaan Harkness wrote:
Multi factor boot authentication, making use of the TPM chip (to whatever extent you might consider that worthwhile or otherwise), generation of a QR code and a mobile phone app for external (to your laptop/ computer) "verification" of bootup hash values, doing so all in free libre and open source software (of course), is now in sight:
https://puri.sm/posts/category/firmware/
(7 year old lappy here, saving for a puri.sm)
Ideally, we'd actually have our own seL4 or other small sized kernel inside the Intel ME, so we could make full use of it; beginnings:
https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-m...
https://www.reddit.com/r/linux/comments/6b2xgu/reverseengineering_the_intel_...
Next, we need a libre hardware/ auditable "free/libre" hardware/ chip for ethernet and/ or wireless, as that'd be my first port of call if I were with intent and dollar$ to undermine "generally available hardware" in such a way that my rogue infiltration packet opened a hardware backdoor (on generally available hardware).
New Evidence Of Chinese Spy Hardware Found By Ex-Mossad Investigators; Super Micro Shares Plunge https://www.zerohedge.com/news/2018-10-09/new-evidence-chinese-spy-hardware-...