Backdoor



I have heard that hardware manufacturers put backdoors in all machines at the hardware level, but there is nothing I can do about it. I hope the software have no intended weaknesses, I can't blame them for unintended weakness which they exists, I just want them to do what they can. What you heard and opened this thread?
 
@Terminal Velocity took it out of my mouth, you can have perfectly clean Linux install but that won't help with hardware based backdoor.

Hardware security is measured in HSI:

Terminal command is:
Bash:
fwupdmgr security

Which will tell you how secure your hardware is.
 
@Terminal Velocity took it out of my mouth, you can have perfectly clean Linux install but that won't help with hardware based backdoor.

Hardware security is measured in HSI:

Terminal command is:
Bash:
fwupdmgr security

Which will tell you how secure your hardware is.
Below the result HSI test on my Linux Computer:
$ fwupdmgr security
WARNING: UEFI firmware can not be updated in legacy BIOS mode
See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information.
Host Security ID: HSI:0! (v1.9.26)

HSI-1
✔ Platform debugging: Not supported
✔ SPI write: Disabled
✔ Supported CPU: Valid
✔ UEFI bootservice variables: Locked
✘ SPI lock: Disabled
✘ SPI BIOS region: Unlocked
✘ TPM v2.0: Not found

HSI-2
✔ Platform debugging: Not supported
✘ Intel BootGuard: Not supported
✘ IOMMU: Not found

HSI-3
✘ CET Platform: Not supported
✘ Pre-boot DMA protection: Invalid
✘ Suspend-to-idle: Disabled
✘ Suspend-to-ram: Enabled

HSI-4
✘ Encrypted RAM: Not supported
✘ SMAP: Not supported

Runtime Suffix -!
✔ fwupd plugins: Untainted
✔ Linux swap: Disabled
✔ Linux kernel: Untainted
✘ Linux kernel lockdown: Disabled
✘ UEFI secure boot: Disabled

This system has a low HSI security level.
» https://fwupd.github.io/hsi.html#low-security-level

This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix

Upload these anonymous results to the Linux Vendor Firmware Service to help other users? [y|N]: N
Ask again next time? [Y|n]: Y

P.S. In my opinion the result is unreliable.
 
Last edited:
Have you ever thought about having a backdoor on your Linux distribution?

I think you're getting confused with windoz which defiantly has one.
1732161726274.gif
 
Below the result HSI test on my Linux Computer:
$ fwupdmgr security
WARNING: UEFI firmware can not be updated in legacy BIOS mode
See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information.
Host Security ID: HSI:0! (v1.9.26)

HSI-1
✔ Platform debugging: Not supported
✔ SPI write: Disabled
✔ Supported CPU: Valid
✔ UEFI bootservice variables: Locked
✘ SPI lock: Disabled
✘ SPI BIOS region: Unlocked
✘ TPM v2.0: Not found

HSI-2
✔ Platform debugging: Not supported
✘ Intel BootGuard: Not supported
✘ IOMMU: Not found

HSI-3
✘ CET Platform: Not supported
✘ Pre-boot DMA protection: Invalid
✘ Suspend-to-idle: Disabled
✘ Suspend-to-ram: Enabled

HSI-4
✘ Encrypted RAM: Not supported
✘ SMAP: Not supported

Runtime Suffix -!
✔ fwupd plugins: Untainted
✔ Linux swap: Disabled
✔ Linux kernel: Untainted
✘ Linux kernel lockdown: Disabled
✘ UEFI secure boot: Disabled

This system has a low HSI security level.
» https://fwupd.github.io/hsi.html#low-security-level

This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix

Upload these anonymous results to the Linux Vendor Firmware Service to help other users? [y|N]: N
Ask again next time? [Y|n]: Y

P.S. In my opinion the result is unreliable.
Yep. Have you tried editing it? I did mine using gparted.
 
Are you asking about hardware or software backdoors?
Both are possible.
If you want secure hardware check Qubes hardware requirements and list of Qubes hardware compatibility.
Whole distros were compromised/backdoored including most popular.. (checksums too).
 
Maybe off-topic but I remember a panel with several linux developers including Linus Torvalds, they were asked if some goverment agency ever asked to put a backdoor in linux at kernel level. Linus say No! ,while nodding up and down
 
Last edited:
This video is why I don't like Torvalds, there are more but this is on top

To forgive him he has to apologize for that ''joke'', to give a new decent answer to the same question and admit that he has no sense of humor
 
Last edited:
To forgive him he has to apologize for that ''joke'', to give a new decent answer to the same question and admit that he has no sense of humor

To be fair, that presumes he cares about your forgiving him.
 
Of course he does not care but we are in this weird situation where we have to choose between his OS, Bill's OS or Steve's OS, between 3 evils with other words and he chooses to be one of the 3 evils where he could be a freedom fighter. He could lead the army. Such a waste

To be fair the fact that Linux works at all with the commercial hardware is evidence that he cooperates with the authorities and whoever that is in control of the world's information. Otherwise there would be only two choices at this point, so maybe he never had a choice
 
Last edited:
One really doesn't need to add a back door to Linux. The greatest vulnerability a system can have is direct access to the system hardware. One can easily reboot, mount the file systems from another running system, and directly access whatever they want. This more or less allows full root access to everything. Your passwords and security keys become useless. Such security only works when the system is running as it should be, rather than allowing someone to mount your hard drive file systems into another running system.

Signed,

Matthew Campbell
 
we have to choose between his OS, Bill's OS or Steve's OS,

BSD has come a long way. Look into GhostBSD if you want a lovely (and easy) BSD. You can even install Linux software fairly easily these days - or so they claim. Whenever I've used BSD I didn't feel a need to use software that wasn't already available in the repos.
 
BSD has come a long way. Look into GhostBSD if you want a lovely (and easy) BSD. You can even install Linux software fairly easily these days - or so they claim. Whenever I've used BSD I didn't feel a need to use software that wasn't already available in the repos.
Jumping from Linux to BSD reminds me the step from Windows to Linux, only now it is a tier deeper, I may actually try it
 
This more or less allows full root access to everything. Your passwords and security keys become useless. Such security only works when the system is running as it should be, rather than allowing someone to mount your hard drive file systems into another running system.
That's what hard drive encryption is for, ie: LUKS.

One can easily reboot, mount the file systems from another running system, and directly access whatever they want.
This was also still possible last time I ran Windows as my main os and this is probably the same for BSD, but as stated above that's what file-system encryption is for.
 
Last edited:
Are you asking about hardware or software backdoors?
Both are possible.
If you want secure hardware check Qubes hardware requirements and list of Qubes hardware compatibility.
Whole distros were compromised/backdoored including most popular.. (checksums too).
Software. I'm running Qubes on my old laptop. Not really smooth but it feels secure. It's hard to believe that checksums are compromised.
 

Members online


Top