Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-23 23:01:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

miscellaneous feedback integration

Browse source
This commit is contained in:
anarsec 2023-10-03 21:11:45 +00:00
parent 5755584357
commit 8afa5b96a8
No known key found for this signature in database
9 changed files with 74 additions and 181 deletions
Download patch file Download diff file Expand all files Collapse all files

6
content/posts/tamper/index.md
View file

@ -43,7 +43,7 @@ The Blink Comparison app encrypts its storage to prevent an adversary from easil
## Getting Started
Now that you understand the nuances of applying nail polish to the screws of your laptop case, let's actually do it - this is best done after [flashing HEADS](#tamper-evident-software-and-firmware), so it doesn't have to be removed and repeated. Before you start, you can also take a picture of the inside of the laptop in case you ever need to check if the internal components have been tampered with despite the nail polish protection (keep in mind that not all components are visible). Use a nail polish that has different colors and sizes of glitter, like the one shown above.
Now that you understand the nuances of applying nail polish to the screws of your laptop case, let's actually do it - if you are going to [install HEADS](#tamper-evident-software-and-firmware), do that first so the nail polish doesn't have to be removed and repeated. Before you start, you can also take a picture of the inside of the laptop in case you ever need to check if the internal components have been tampered with despite the nail polish protection (keep in mind that not all components are visible). Use a nail polish that has different colors and sizes of glitter, like the one shown above.
* First, take a photo of the bottom of the computer and use a program like GIMP to number the screws to make it easier to verify. For example, the ThinkPad X230 shown above has 13 screws that need to be numbered so that in the future you know which screw the photo `3.jpg` refers to.
* Apply the glitter nail polish directly to each screw, making sure there are enough glitter elements without being too thick.
@ -114,7 +114,9 @@ Haven is an Android app developed by the Freedom of Press Foundation that uses t
So far, we have only looked at making hardware compromise tamper-evident. It is also possible to make software and firmware tamper-evident. "Defense in depth" requires this - to trust an electronic device, you must trust the hardware, firmware, and software. Software or firmware compromise can occur [remotely](/glossary/#remote-attacks) (over the Internet) as well as with physical access, so it is especially important. Tamper-evident software and firmware are compatible with our [recommendations](/recommendations): Qubes OS or Tails on laptops, or GrapheneOS on a smartphone.
For GrapheneOS, [Auditor](/posts/grapheneos/#auditor) is an app that allows you to be notified if firmware or software has been tampered with - you will receive an email when Auditor performs a remote attestation. For Tails or Qubes, [HEADS](https://osresearch.net/) can do the same before you enter your boot password (on [supported devices](https://osresearch.net/Prerequisites#supported-devices)). Keep the HEADS USB security dongle with you when you leave the house, and have a backup hidden at a trusted friend's house in case it ever falls in a puddle.
For GrapheneOS, [Auditor](/posts/grapheneos/#auditor) is an app that allows you to be notified if firmware or software has been tampered with - you will receive an email when Auditor performs a remote attestation.
For Tails or Qubes OS, [HEADS](https://osresearch.net/) can do the same before you enter your boot password (on [supported devices](https://osresearch.net/Prerequisites#supported-devices)). However, installation is advanced. Keep the HEADS USB security dongle with you when you leave the house, and have a backup hidden at a trusted friend's house in case it ever falls in a puddle. For more information, see [Tails Best Practices](/posts/tails-best/#to-mitigate-against-remote-attacks).
# Wrapping Up