On Thu, 9 Mar 2017 07:41:37 AM Jookia wrote:
I don't plan to make my system resistant to a full-scale CIA attack, but I do like having a BIOS that isn't a complete and buggy operating system in itself. I think reducing the attack surface is always a worthy goal.
I agree that reducing the attack surface is good, but I doubt that dealing with BIOS bugs actually achieves that goal. To get to the BIOS an attacker has to either compromise the kernel/acpid or gain physical access to the system. It's well known that there are a variety of ways of intercepting key presses that an attacker could use to get the passphrase to your encrypted filesystems, GPG key, etc after they made a copy of your disk. It's easy to imagine how EFI attacks could be useful in attacking a corporate desktop PC standard running Windows with signed kernel etc. But I can't imagine how it could be the most effective attack against the typical people who are involved in groups like this.
http://laforge.gnumonks.org/blog/20160920-openmoko_10years/
This is worth reading.
Yeah, the state of things is really bad. I did the initial port of Replicant 6 to the i9100 last year, so I'm running that on my phone. It works well enough but I still use the compromised wi-fi blobs out of convenience. It's such a headache that at this point I'm considering avoiding using a phone for things other than calls and messages.
It seems to me that one of the biggest factors in developing free software on PCs is the ability to change floppy disks and hard drives between systems. If you mess up the configuration of Linux on a PC you can install that hard drive in another PC to fix it. Phones have images that are specific to the CPU and chipset, you can't boot an image for your Nexus 7 in a Nexus 5 for test purposes. The images are loaded in storage soldered to the motherboard so you can't switch images. If you convinced me that some new Linux distribution was worth trying I could easily install a spare hard drive in one of my PCs and test it out. I can't install a SD card in one of my phones for testing a different Android build. Android is theoretically free software (ignoring the binary driver issue) via the AOSP. But in practice it's too difficult for me to install one of the other versions, and I was using Linux in 1992! -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/