Thesis: it is possible that someone may access your laptop without you knowing if you leave it unattended.
Experiment: after having gone through a number of - some meaningless[1] - attempts to be able to proof that this happened, there was no evidence it happened.
Doubt: did it happen nonetheless without leaving any trace
ot it din't actually happened at all?
Bonus: the experimenter learned that NVRAM exists in the stupid UEFI firmware
Conclusion: None worth mentioning, but be very aware of what the terrible evil maids can do, and do use the recommended Android app to defend against them.
[1] Hashing a whole hard disk is only a "positive" proof, if the hashes correspond nothing changed, but it is very possible that the hashes change because of any filesystem or disk issue if the system is used, so the method is pointless in the real world, where people bring with them a laptop in order to use it.
>Thesis: it is possible that someone may access your laptop without you knowing if you leave it unattended.
This is known to be true, this experiment was about seeing if anyone would access this laptop. Which also addresses what you view as meaningless, real world scenarios are trying to avoid their laptop being compromised while the author was hoping that it would.
>The "experiment" has too few data points to be meaningful, and the proposed way to verify remains meaningless, two simple cases:
This isn't science, we know this is possible and the "experiment" was to try and find examples of it happening.
A false negative is always assumed, it is impossible to know you haven't been compromised. A false positive is meaningless as finding a change is only the first step. You then need to analyze what the change is, and if you can't pin down what has been compromised you're just back to the default state of unaware.
This is a honeypot. If you leave your honeypot and return to an empty one, you're pretty sure a bear is around but can't do anything. If you find a bear with their paws in the pot, you don't need to run the experiment again to prove there's a bear.
A forensic image of the encrypted disk is useless (assuming strong passphrase, no bugs, etc.). The article is about the risk that an "evil maid" injects software/firmware into his laptop that presents the expected UI but secretly logs everything he types, and does something bad with that information later.
Experiment: after having gone through a number of - some meaningless[1] - attempts to be able to proof that this happened, there was no evidence it happened.
Doubt: did it happen nonetheless without leaving any trace ot it din't actually happened at all?
Bonus: the experimenter learned that NVRAM exists in the stupid UEFI firmware
Conclusion: None worth mentioning, but be very aware of what the terrible evil maids can do, and do use the recommended Android app to defend against them.
[1] Hashing a whole hard disk is only a "positive" proof, if the hashes correspond nothing changed, but it is very possible that the hashes change because of any filesystem or disk issue if the system is used, so the method is pointless in the real world, where people bring with them a laptop in order to use it.