Hacker News new | ask | show | jobs
by TommyTran732 56 days ago
The developer of Heads admitted that if someone tampers with the boot block and falsifies the measurements Heads cannot protect the device right on the Qubes forum. Why won't you listen to him then? Is he not trustworthy enough for you?
1 comments
fsflover 56 days ago
@TommyTran732, you are going to a great length to downplay everything about devices/companies promoting freedom, including Librem 5, Purism, and laptops with Heads. And you are promoting proprietary staff instead. This looks like trolling or astroturfing. For observers, here is the actual quote from the heads developer, not in the (incorrect) interpretation of TommyTran732:

As I pointed before @TommyTran732 and to anyone thinking compromising measured boot is trivial, I layed down the tooling for anyone wanting to further protection / prove measured boot not enough to understand and break it once and for all under WiP: introspection - replicate TPM PCRs measurements directly from measured content (TCPA/TPM Event log) by tlaurion · Pull Request #1568 · linuxboot/heads · GitHub

Just use it for the bad to faster the development of something good/better.

Until then, it was proven non trivial.

https://forum.qubes-os.org/t/discussion-on-purism/2627/187

link
TommyTran732 56 days ago
Yeah, why are you selectively reading? This is after he admitted what I said was true. His only contention is that he thinks it's hard to know what the PCR values should be to fake, so he calls that "security". You are being extra ordinarily disingenuous here.

The actual admission (requires a login): https://forum.qubes-os.org/t/how-exactly-is-heads-pureboot-s...

His words, not mine:

> The goal of Heads is to bring reasonably trustworthy firmware on reasonably open platforms to boot reasonably secure OS, enforcing best effort user controlled atteststion, compartmentalization and prevention. Never is it written anywhere that the firmware is tampering resistant or tampering proof: we lack open source implementation in hardware to have root of trust in hardware. Heads is best approach on what is available, the anchor of trust being in the bootblock, not in hardware. The chain of trust lies there. Of course an evil maid could craft a firmware that would lie about its measurements in the bootblock, raminit, romstage and the payload. But as today, no PoC has even been made public, showing it being actoinnable, and by nature of TPM extend operations is nothing easy to realize, while possible.

I am just gonna highlight the critical part here one more time, since I sent you the same thing before and you didn't read:

> *Of course an evil maid could craft a firmware that would lie about its measurements in the bootblock, raminit, romstage and the payload.*

Yeah, I wouldn't call heads "best approach on what is available" and I do think Boot Guard is better, but at least he is honest about the actual mechanism and the very obvious attack vector.

link
fsflover 53 days ago
He said it was possible but not easy at all. Doesn't it even require opening the device and breaking the nail polish pattern?
link