Hacker News new | past | comments | ask | show | jobs | submit login

Make the BIOS run a checksum of all the hardware.

Automatically clear some memory when the laptop is opened so the BIOS can tell.

Put important parts inside an epoxy. Add some transformer wire in the epoxy that will break when somebody tries to tamper with it.

I'm not trying to be exhaustive. But stuff like that.




You cannot trust the BIOS after an evil maid attack. And there can be sniffers on the physical layer inside the laptop.


DRTM, SMM attestation and remote attestation have evil maid attacks in their threat model, with a firmware TPM or SoC enclave that isn't subject to mitm.

Password keystroke surveillance (from sniffer, optical cameras or RF WiFi Sensing) can be mitigated by removable 2FA/smartcard.

TEMPEST info leakage from displays, components or RF implants can be measured, as SDRs and machine learning lower decoding costs, https://news.ycombinator.com/item?id=41116682

Some enterprise PCs can detect when the case cover is opened, e.g. http://h10032.www1.hp.com/ctg/Manual/c07055601.pdf


All of those really reduce the risk. But I wouldn't trust them to be able to stop the CIA, KGB, or whatever the Chinese equivalent is.


Nation-state attackers can afford to exploit zero-day vulnerabilities that bypass OS security protections.


Ok, you can make every chip/device communicate with each other using some challenge-response authentication.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: