[sanlyx]

And so can anyone with physical access to the device. I know there's no way to fully prevent evil maid attacks, but Secure Boot helps in that no one can simply plug e.g. a Linux Live USB and wipe my disks in less than 3 minutes

[rocqua]

Really, that should not be possible with secure boot. Secure boot ensures only trusted OSes are run, and those OSes should require authorization before allowing secure boot to be turned off. Scarier evil maid attacks involve changing hardware or firmware. The personalized version of secure boot mentioned would make that more difficult.

Incidentally, an interesting defense against evil maid attacks involves glitter nail polish. Use it on a sticker over the case and take a photo. To verify your laptop is safe, compare the sticker with the photo. The key is that glitter polish has a lot of minute detail and is thus hard to replicate.

This only gives tamper protection, but evil maid attacks require interaction so it suffices for security.

[zzzcpan]

Booting into linux from usb and wiping your disk in 3 minutes is not a real threat. It's not even a hypothetical threat. Why not just steal the thing instead or physically destroy it if you want to wipe the disk for some reason? And what reason would that even be, why would anyone want to wipe the disk given physical access? As losing data is something we already expect from mere hardware failures, software failures, operational mistakes, etc., no attackers necessary.

So, no, the whole secure boot thing is just bullshit security theater and more lock in.

[_jal]

Digression alert: I'm not talking about MBP-related stuff at all.

> So, no, the whole secure boot thing is just bullshit security theater and more lock in.

Only if you're only thinking about laptops, desktops, maybe phones and tablets. There are lots of types of machines out there physically exposed to users whom the machine-owners trust to varying degrees, ranging from "not at all" on up.

Think UPS package scanners, HVAC systems, various control systems in everything from warehouses to prisons, sensors and signage controls...

Now, Secure Boot doesn't address anywhere near anything close to "sufficient" in any of those environments, but it is one component of raising the costs of attacking them to a point to make the systems economically viable, or at least apparently so.

[21]

Against the evil maid you are supposed to use SecureBoot together with full disk encryption and TPM.

If someone disables SecureBoot, then the encryption keys become inaccessible and you will notice that something is wrong.

I don't quite understand your wipe the disk thing, since that will leave a trace, the attacker could just smash your computer or take out your drives.

[saagarjha]

Wiping a disk is not a security threat; I can do that from the recovery OS without booting into Linux. What is a security threat is modifying the operating system to contain a backdoor so that it can read from your hard drive when you unwittingly enter your password to unlock the disk.

[Klathmon]

Don't most bios have a password protect option? That alone makes evil maid attacks significantly harder.

[sanlyx]

That's the way to go I guess. But secure boot has obvious advantages in comparison. As a rule of thumb I do not trust any client-side "authentication" or passphrase input as long as there's no crypto involved. In legacy BIOS this passphrase can be bypassed easily, for instance

[Klathmon]

Yes, but it's not either-or, both can be used.

Combined with a TPU that wipes keys when secure boot is enabled/disabled gives a pretty secure system, that still allows you to "eject" to an unsigned boot when needed.