0 sats \ 1 reply \ @vlx OP 30 Dec 2022 \ parent \ on: How to know if laptop has been tampered with? bitcoin
Secure Boot allows to detect evil maid attacks, I can also employ my own key in the laptop firmware and sign my self-compiled kernel with it (maybe not on every laptop but the ones I came across offered this). Learning more on this topic I understand that it may also mean depending on Microsoft and proprietary firmware which I clearly do not want. I want to make sure that noone changed any software on my computer while I was away.
Even the best "really secure open source operating system" can be replaced by a rootkit without you noticing.
I have to admit, using Secure Boot requires trusting the UEFI software but you have to do that anyways. Open Source firmware implementations might be the answer. The reply by @ln123 offers great advice in this direction.
If you have secure boot on, you're almost guarantied to already have some piece of malware on your computer. :-)
reply