|
Yeah, why are you selectively reading? This is after he admitted what I said was true. His only contention is that he thinks it's hard to know what the PCR values should be to fake, so he calls that "security". You are being extra ordinarily disingenuous here. The actual admission (requires a login): https://forum.qubes-os.org/t/how-exactly-is-heads-pureboot-s... His words, not mine: > The goal of Heads is to bring reasonably trustworthy firmware on reasonably open platforms to boot reasonably secure OS, enforcing best effort user controlled atteststion, compartmentalization and prevention. Never is it written anywhere that the firmware is tampering resistant or tampering proof: we lack open source implementation in hardware to have root of trust in hardware. Heads is best approach on what is available, the anchor of trust being in the bootblock, not in hardware. The chain of trust lies there. Of course an evil maid could craft a firmware that would lie about its measurements in the bootblock, raminit, romstage and the payload. But as today, no PoC has even been made public, showing it being actoinnable, and by nature of TPM extend operations is nothing easy to realize, while possible. I am just gonna highlight the critical part here one more time, since I sent you the same thing before and you didn't read: > *Of course an evil maid could craft a firmware that would lie about its measurements in the bootblock, raminit, romstage and the payload.* Yeah, I wouldn't call heads "best approach on what is available" and I do think Boot Guard is better, but at least he is honest about the actual mechanism and the very obvious attack vector. |