And now I remember people telling me Windows is more secure than Unix because of...

shitter · on May 2, 2023

Windows, Linux, OpenBSD - it doesn't matter. Without a TPM you're vulnerable to trivial attacks (Evil Maid), far easier than the one in this article.

salawat · on May 2, 2023

So.... Take your laptop with you everywhere?

When did we start creating nightmarish system complexity to guard against attacks that are generally exceedingly rare....oh wait. Forgot where I was.

shitter · on May 3, 2023

That cannot be a serious proposal. These attacks can and do happen, and it's in our interest to design systems that make them as hard as possible.

I'll take "nightmarish complexity" that puts these attacks outside of the scope of a technically savvy teenager over having to carry my machine with me everywhere I go, any day of the week.

anthk · on May 2, 2023

Did you try OpenBSD with bioctl? You can tamper with the bootloader, but not the rest. And you can always set the bootloader in another media and always boot from that.

shitter · on May 2, 2023

Tampering with the bootloader is game over. And what, are you keeping this other bootloader medium on your person and in your sight at all times? It's never ever unattended?

codedokode · on May 2, 2023

Using TPM with closed source firmware, especially written and designed by Microsoft, probably full of backdoors, when you don't even know what it's doing is a worse choice.

shitter · on May 2, 2023

I don't think it's a worse choice. Either way, you're screwed with physical access. At least with TPM, the attack requires more sophistication.