Conversation

Notices

1. Embed this notice
   (NekoSock) Miya Ironami (iro_miya@mk.absturztau.be)'s status on Saturday, 13-Jul-2024 23:34:49 JST (NekoSock) Miya Ironami

   I now have TOTP codes in my boot process, this is a protection against evil maid attacks!!!
   
   The secret used to generate those codes is bound on values that depend on the system's state. Such that, if you changed anything that could compromise the system's trustworthiness, like modify the BIOS firmware or modify secure boot, then the codes cannot be generated.
   
   A BIOS password can't stop someone from disabling secure boot if they reset the motherboard, but with this system, any tampering can be detected.

   • kaia likes this.
   • Embed this notice
     kaia (kaia@brotka.st)'s status on Saturday, 13-Jul-2024 23:35:28 JST kaia

     in reply to
     @iro_miya isn't that a liability in case something goes wrong hardware-wise? or something changes without you noticing?
   • Embed this notice
     (NekoSock) Miya Ironami (iro_miya@mk.absturztau.be)'s status on Saturday, 13-Jul-2024 23:38:32 JST (NekoSock) Miya Ironami

     in reply to

     • kaia

     @kaia@brotka.st then the codes won't be generated properly but you can still log in without a problem. This just allows you to verify that everything is as expected, and if it's not, you can investigate if needed.

     kaia likes this.
   • Embed this notice
     kaia (kaia@brotka.st)'s status on Saturday, 13-Jul-2024 23:38:38 JST kaia

     in reply to
     @iro_miya ooh I see, like a canary