On Thu, Mar 09, 2017 at 06:41:00PM +1100, Russell Coker wrote:
I agree that reducing the attack surface is good, but I doubt that dealing with BIOS bugs actually achieves that goal. To get to the BIOS an attacker has to either compromise the kernel/acpid or gain physical access to the system. It's well known that there are a variety of ways of intercepting key presses that an attacker could use to get the passphrase to your encrypted filesystems, GPG key, etc after they made a copy of your disk.
It's easy to imagine how EFI attacks could be useful in attacking a corporate desktop PC standard running Windows with signed kernel etc. But I can't imagine how it could be the most effective attack against the typical people who are involved in groups like this.
I look at it more as investing time and effort than threat models. It took me maybe a week or two to set coreboot up on my T400, and now it's much less exposed than its previous BIOS. In addition I've removed ME, so I have a mostly free boot system running.
Android is theoretically free software (ignoring the binary driver issue) via the AOSP. But in practice it's too difficult for me to install one of the other versions, and I was using Linux in 1992!
You tend to have to get the phone that you know will work with a ROM.