How to verify boot firmware integrity if you prioritize neutralizing Intel ME?

25 点作者 PrimaryAlibi9 个月前

It was difficult to make a title because of char limit.when you use me_cleaner to neutralize intel ME, it also removes TPM. TPM is required for boot verification technologies like Heads or AEM. So you can't use Heads/AEM and me_cleaner, you have to choose one and in this case we choose to prioritize me_cleaner.Heads: https://osresearch.net/ me_cleaner: https://github.com/corna/me_cleanerThen the question becomes, what do you personally do to protect your computers boot firmware? There are many ways you can do that such as the popular glitter nailpolish technique. The problem with that technique is you need a good camera with a firm stand so you can take the before and after pictures at the exact same distance and place to compare them. It's also quite a lot of work to do that every single time you leave your computer which could be several times every day. AEM is also most popular to use when traveling and when traveling, having all that extra equipment with you is a problem.What else? Maybe a secret camera without any internet connection capability which you can place somewhere in the room with the computer and that way you can know if someone was inside the room and if they did anything with the computer. The camera would have to record to a local storage like a micro sd card and you overwrite all data on that card every day so you won't need too much storage capacity. And maybe the camera only activates on movement triggered then its even easier to quickly check if there's any video when you come back to your computer. You would also need to be sure that the adversary doesnt replace the camera so you dont know its not your camera anymore or if they can erase the video files before they leave like hackers who erase logs. What do you think about that?Another idea is a container for the computer. The container can of course be destroyed easily but then you will at least know they did something with the computer. But you would need a container that the evil maid can't go get a duplicate of or have one manufactured so they can replace the container after destroying original one.Same problem with a sticker on the screws to open up the laptop, they could get a duplicate sticker to replace yours. I also heard there are ways to remove a sticker and then put it back again.Practically I think camera technique is best to use on daily basis because its effective and relatively simple but maybe in some situations you have to gamble by using a container or sticker.And then you also need to check your firmware once in a while even if you don't suspect anything. I'm not sure the best way to do that because I've read it is practically impossible to know if rom has been maliciously modified. So its probably not enough to simply dump the rom and do a diff against the rom you flashed. Maybe you just have to redo the flash again not knowing if it was necessary or not.

13 条评论

michaelt9 个月前

> Then the question becomes, what do you personally do to protect your computers boot firmware?I have a multi-stage strategy.First and most important, physical security. My computer is valuable enough that if I left it unattended in public, someone would probably nick it and put it on ebay. So I only leave it unattended in places with good enough physical security.Secondly, I avoid doing anything that would impose spy-thriller-movie-level security requirements on my equipment. My employer wants to secure a critical code signing key? I'll be happy to sort them out with their own HSM in their own properly secured data centre, or their own USB stick in a bank vault, or whatever their requirements dictate. My personal security research? I anonymously publish anything interesting I find right away. And I strictly avoid going to countries where I think the government ought to be overthrown.Therefore, the chances of an attack targeting my boot firmware are exceptionally small.Finally, I embrace the reality that the TPM wouldn't have helped me anyway. Firstly the security the TPM offers depends on the security of the BIOS, and we all know that's a joke. Secondly, even if the TPM worked perfectly and the BIOS was secure and so on, an attacker in a position to mess with my firmware could just as easily install a physical keylogger, or a hidden camera pointing at my keyboard, or just have masked goons hit me with a $5 wrench until I tell them the password.

评论 #41379218 未加载

zeroflow9 个月前

My bigger question would be why do you need to verify boot firmware? If we know your goal, maybe there is a better way.Tbh, I for myself would not care for physical intrusion. If someone (private or state sponsored) has the willingness to intrude into my home, them tampering with my PC is the least of my concerns. As someone else also mentioned: A $5 wrench will be more effective than any measures you can do by modifying your pc.Regarding tamper evidence, there have been multiple Defcon / Blackhat talks about tamper evidence. One thing that comes into mind is vacuum sealing a notebook into a bag with colored beans and taking a photo. This way, it will be impossible to access the pc without disturbing the pattern of beans surrounding the PC. You just need the software to compare photos to know if the sealed bag has been tampered with.

评论 #41378433 未加载

transpute9 个月前

> when you use me_cleaner to neutralize intel ME, it also removes TPM.s/TPM/fTPM/Some laptops have a discrete pTPM in addition to the ME's firmware TPM, which can be used for firmware validation, disk encryption, etc.Some OEMs can detect when the chassis is opened, e.g. HP TamperLock, <a href="https://h20195.www2.hp.com/v2/getpdf.aspx/4AA7-8167ENW.pdf" rel="nofollow">https://h20195.www2.hp.com/v2/getpdf.aspx/4AA7-8167ENW.pdf</a>

dghughes9 个月前

This reminds me of my casino days. For slot machines each has several seals and the firmware and OS were checked each time anything was changed. We used a machine from a company called Kobetron for the EEPROMS but later the check was the OS on a disk. Seals were two layer foil with TAMPER when pulled off or a plastic tab that had a wire embedded in it.

thelastparadise9 个月前

One trick is to weld the case shut (you can get a welder on amazon for ~$100). This makes it much harder to open, especially in a non-tamper-evident way. You can open the case back up by using an angle grinder with a cutting disc to slice through the weld.I'd recommend taking a very high res photo of the welds so you can compare later if tampering is suspected.

AshamedCaptain9 个月前

> Another idea is a container for the computer. The container can of course be destroyed easily but then you will at least know they did something with the computer. But you would need a container that the evil maid can't go get a duplicate of or have one manufactured so they can replace the container after destroying original one.What's the goal here? Why can't the same super-powered evil maid just create a visually-identical replica of your entire computer, login UI included, then MITM your password / unlock sequence ?Then go through your original computer at their leisure with the captured password, while you ponder why "your" computer just crashed after login...

评论 #41401178 未加载

ajot9 个月前

> Another idea is a container for the computer. The container can of course be destroyed easily but then you will at least know they did something with the computer. But you would need a container that the evil maid can't go get a duplicate of or have one manufactured so they can replace the container after destroying original one.There was an article [0] posted some days ago, they reccomended a transparent container and a mixture of red and brown lentils, and work just as with the glitter nail polish.[0] <a href="https://www.anarsec.guide/posts/tamper/" rel="nofollow">https://www.anarsec.guide/posts/tamper/</a>

nicolapcweek949 个月前

"Perfection is the enemy of good" also applies here, imho. If you need one specific machine and cannot work without it, well I guess there's not much more you can do than the nail polish trick. But if you "just" need a safe compute environment and store your sensitive data off site (in whatever secure way you prefer), burner machines probably work best. Don't travel with your data at all, buy a cheapo early Secure Boot laptop on arrival (an X220-era Thinkpad or something like a C720P Chromebook), install whatever distro you prefer with your own Secure Boot keys enrolled and a signed kernel and feel free to access your remote data from your freshly installed secure 100$ laptop. A ton of early Chromebooks can be Corebooted for extra purity (with an easy script from MrChromebox) so you can go from vanilla Chromebook to Coreboot + custom keyed Secure Boot + distro of choice in half an hour!

评论 #41403555 未加载

Jerrrrrrry9 个月前

You cannot protect hardware, just the things that flow through it, for a brief time.Buy a random older computer with cash. Nothing critical needs more than 512mb anyway.Faraday caged, WIFI/Bluetooth/EM sensitive heartbeat monitors, decentralized fail-safe Live feeds,full air gapped setup with UPS, white-noise machines, and only transmit data via QR codes.Hope the monitor you chose to display QR and the web-camera are also faraday'd.Hope the computer you are using to display the QR never gets compromised, and the QR-code reader, at the same time.It's easier to send a squid-team with a $5 wrench.

nullc9 个月前

The validation you lose is close to worthless in any sense because attackers that could get past your glitter nail polish can replace your computer's innards. even so far as replacing your computer with a networked KVM that pilots your computer at a distant location so you can type in your passwords, etc.

评论 #41401200 未加载

rolph9 个月前

resocket your chipset so you can pop it out and take it with you.

fsflover9 个月前

I use Heads with TPM and Librem Key (with my own keys) just fine on my Librem 14 with neutralized ME.

评论 #41378229 未加载

dtx19 个月前

The correct answer is coreboot+heads

13 条评论

michaelt9 个月前

评论 #41379218 未加载

zeroflow9 个月前

评论 #41378433 未加载

transpute9 个月前

dghughes9 个月前

thelastparadise9 个月前

AshamedCaptain9 个月前

评论 #41401178 未加载

ajot9 个月前

> Another idea is a container for the computer. The container can of course be destroyed easily but then you will at least know they did something with the computer. But you would need a container that the evil maid can't go get a duplicate of or have one manufactured so they can replace the container after destroying original one.There was an article [0] posted some days ago, they reccomended a transparent container and a mixture of red and brown lentils, and work just as with the glitter nail polish.[0] <a href="https://www.anarsec.guide/posts/tamper/" rel="nofollow">https://www.anarsec.guide/posts/tamper/</a>

nicolapcweek949 个月前

评论 #41403555 未加载

Jerrrrrrry9 个月前

nullc9 个月前

评论 #41401200 未加载

rolph9 个月前

resocket your chipset so you can pop it out and take it with you.

fsflover9 个月前

I use Heads with TPM and Librem Key (with my own keys) just fine on my Librem 14 with neutralized ME.

评论 #41378229 未加载

dtx19 个月前

The correct answer is coreboot+heads