zlacker

[parent] [thread] 2 comments
1. rollca+(OP)[view] [source] 2023-06-07 10:12:57
> If I could, I'd configure grub or whatever to serial-lock my Linux install to my desktop hardware (and keep a recovery key that would unlock it at another location).

This is the general idea behind TPM/Secure Boot, but as you present it, it just sounds like a headache for performing system recovery, at no obvious benefit for security.

What's your threat model? In the 99.(9)% case it's a crook snatching the laptop, wiping the HD, and selling the whole thing and/or the parts. Evil maid is a real threat, but only practical (in terms of sophistication/cost vs benefit) for high-value targets, like C-levels, devs holding company secret keys, etc.

replies(1): >>hedora+FV
2. hedora+FV[view] [source] 2023-06-07 15:56:17
>>rollca+(OP)
I don't really care if the desktop gets snatched. I'm more worried about old tax returns, the credentials stored in its password manager, etc. Breaking in twice (once to install a bump in the wire key logger, and once to walk away with the machine) would lead to at least 10x more payout for a burglar.

Also, ignoring what it is worth to the attacker, having to roll over all my credentials, freeze accounts, etc, etc, because my desktop was stolen would cost way more of my time than buying a new desktop (happily, the drive is encrypted).

replies(1): >>rollca+nk5
◧◩
3. rollca+nk5[view] [source] [discussion] 2023-06-08 17:23:40
>>hedora+FV
Sounds like paranoia.
[go to top]