On Wed, Mar 04, 2020 at 03:28:35PM +0000, Kevin Chadwick wrote:
> On 2020-03-04 11:38, Ottavio Caruso wrote:
> > Probably not what you were looking for but, back in the days when I
> > was ultra paranoid about my web browsing, I used to use stripped down
> > live usb installations of Linux distros (DSL was one of them that I
> > remember). I ignore if OpenBSD comes with such a solution out the box,
> > but I'm sure it wouldn't be difficult to make your own read-only
> > install. Then, you could either reboot from it or run it through an
> > emulator.
>
> A live cd is read-only and is also something I did for a while in my teenage
> years. Knoppix, Insert were examples and STD was another aptly named one as it
a read only cd don't give you any defense againt uefi rootkit
>
> However, considering OpenBSD replaces it's whole base every upgrade with signed
> binaries, then you get all of that for free. You can even double check the bios
> with flashrom (less so on laptops), bootloader, signing keys, packages etc., if
> you want to.
>
if your kernel is infected with uefi rootkit most probably double check
uefi or bios with flashrom is absolutely not useful.
> If this effort is really worth it, then it probably makes more sense than
> trusting someone else to package up a usb linux distro or CD.
>
the problem is not trusting people that make package, the problem is
the sites you visit.
No comments:
Post a Comment