Linux Foundation' Linux workstation security checklist

coderman coderman at
Tue Sep 1 07:55:39 PDT 2015

On 9/1/15, Georgi Guninski <guninski at> wrote:
> ...
> They protect against trojanized (off the shelf) BIOS.

prevents trojan / arb exec from persistence via BIOS.

prevents surreptitious FDE keylogger via BIOS hooks.

yes, also off the shelf attacks. which is nearly all of them. :)
 [ see also HackingTeam dump, and research examples ]

> If an adversary has sufficient supply of application and
> root sploits, how much they will protect you?

separate question; see also defense in depth.

however, a robust bespoke BIOS beats otherwise cascade catastrophe.

> Instead of rootkit they will root you every boot IMHO.

this also has a different visibility, as executing in priv. or user
context & addr space.

also why "throw away" VMs per Qubes or Live OS images a useful
technique to avoid attempted persistence via weird machines gone

best regards,

More information about the cypherpunks mailing list