multi band/ out of band/ multi factor TPM TOTP codes for boot verification / increased boot verity/ assurance - puri.sm leading Free Libre Open Source Software, Hardware and Security vision
Multi factor boot authentication, making use of the TPM chip (to whatever extent you might consider that worthwhile or otherwise), generation of a QR code and a mobile phone app for external (to your laptop/ computer) "verification" of bootup hash values, doing so all in free libre and open source software (of course), is now in sight: https://puri.sm/posts/category/firmware/ (7 year old lappy here, saving for a puri.sm) Ideally, we'd actually have our own seL4 or other small sized kernel inside the Intel ME, so we could make full use of it; beginnings: https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-m... https://www.reddit.com/r/linux/comments/6b2xgu/reverseengineering_the_intel_... Next, we need a libre hardware/ auditable "free/libre" hardware/ chip for ethernet and/ or wireless, as that'd be my first port of call if I were with intent and dollar$ to undermine "generally available hardware" in such a way that my rogue infiltration packet opened a hardware backdoor (on generally available hardware).
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html #OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz , #Cryptocurrency All necessary elements to [an environment of] freedom... Best get them built and adopted, and soon, else the fail will continue to get worse...
On Thu, Oct 04, 2018 at 02:34:58PM +1000, Zenaan Harkness wrote:
Multi factor boot authentication, making use of the TPM chip (to whatever extent you might consider that worthwhile or otherwise), generation of a QR code and a mobile phone app for external (to your laptop/ computer) "verification" of bootup hash values, doing so all in free libre and open source software (of course), is now in sight:
https://puri.sm/posts/category/firmware/
(7 year old lappy here, saving for a puri.sm)
Ideally, we'd actually have our own seL4 or other small sized kernel inside the Intel ME, so we could make full use of it; beginnings:
https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-m...
https://www.reddit.com/r/linux/comments/6b2xgu/reverseengineering_the_intel_...
Next, we need a libre hardware/ auditable "free/libre" hardware/ chip for ethernet and/ or wireless, as that'd be my first port of call if I were with intent and dollar$ to undermine "generally available hardware" in such a way that my rogue infiltration packet opened a hardware backdoor (on generally available hardware).
New Evidence Of Chinese Spy Hardware Found By Ex-Mossad Investigators; Super Micro Shares Plunge https://www.zerohedge.com/news/2018-10-09/new-evidence-chinese-spy-hardware-...
participants (2)
-
grarpamp -
Zenaan Harkness