Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mk.absturztau.be/notes/9vnsd03xk8cl0300">(NekoSock) Miya Ironami (iro_miya@mk.absturztau.be)'s status on Saturday, 13-Jul-2024 23:34:49 JST</a><a href="https://mk.absturztau.be/@iro_miya" title="iro_miya@mk.absturztau.be"><img src="https://gnusocial.jp/avatar/23422-48-20221122101146.webp" width="48" height="48" alt="(NekoSock) Miya Ironami" style="position: absolute; left: 0; top: 0;">(NekoSock) Miya Ironami</a></section><article><p>I now have TOTP codes in my boot process, this is a protection against evil maid attacks!!!<br><br>The secret used to generate those codes is bound on values that depend on the system's state. Such that, if you changed anything that could compromise the system's trustworthiness, like modify the BIOS firmware or modify secure boot, then the codes cannot be generated.<br><br>A BIOS password can't stop someone from disabling secure boot if they reset the motherboard, but with this system, any tampering can be detected.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3369341#notice-6630909">In conversation</a><time datetime="2024-07-13T23:34:49+09:00" title="Saturday, 13-Jul-2024 23:34:49 JST">about a year ago</time> <span>from <span><a href="https://mk.absturztau.be/notes/9vnsd03xk8cl0300" rel="external" title="Sent from mk.absturztau.be via ActivityPub">mk.absturztau.be</a></span></span><a href="https://mk.absturztau.be/notes/9vnsd03xk8cl0300">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2901936">A screenshot of my computer's startup screen, where it runs a hook called tpm2-encrypt and it outputs some TOTP number.</a></label><br><a href="https://misskey-taube.s3.eu-central-1.wasabisys.com/files/a364ddc6-74c5-4b11-b184-862b84833210.webp" rel="external">https://misskey-taube.s3.eu-central-1.wasabisys.com/files/a364ddc6-74c5-4b11-b184-862b84833210.webp</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
(NekoSock) Miya Ironami (iro_miya@mk.absturztau.be)'s status on Saturday, 13-Jul-2024 23:34:49 JST (NekoSock) Miya Ironami
I now have TOTP codes in my boot process, this is a protection against evil maid attacks!!!

The secret used to generate those codes is bound on values that depend on the system's state. Such that, if you changed anything that could compromise the system's trustworthiness, like modify the BIOS firmware or modify secure boot, then the codes cannot be generated.

A BIOS password can't stop someone from disabling secure boot if they reset the motherboard, but with this system, any tampering can be detected.
In conversationabout a year ago from mk.absturztau.bepermalink
Attachments
1. A screenshot of my computer's startup screen, where it runs a hook called tpm2-encrypt and it outputs some TOTP number.
  https://misskey-taube.s3.eu-central-1.wasabisys.com/files/a364ddc6-74c5-4b11-b184-862b84833210.webp

Public

Embed Notice

HTML Code

Corresponding Notice