hacktheworld
Active Member
Have you ever thought about having a backdoor on your Linux distribution?
fwupdmgr security
That only works for UEFI machines does not work on Legacy BIOS@Terminal Velocity took it out of my mouth, you can have perfectly clean Linux install but that won't help with hardware based backdoor.
Hardware security is measured in HSI:
FwupdPlugin: Host Security ID Specification
Reference for FwupdPlugin-1.0: Host Security ID Specificationfwupd.github.io
Terminal command is:
Bash:fwupdmgr security
Which will tell you how secure your hardware is.
Below the result HSI test on my Linux Computer:@Terminal Velocity took it out of my mouth, you can have perfectly clean Linux install but that won't help with hardware based backdoor.
Hardware security is measured in HSI:
FwupdPlugin: Host Security ID Specification
Reference for FwupdPlugin-1.0: Host Security ID Specificationfwupd.github.io
Terminal command is:
Bash:fwupdmgr security
Which will tell you how secure your hardware is.
Have you ever thought about having a backdoor on your Linux distribution?
There's one on Kali.Have you ever thought about having a backdoor on your Linux distribution?
Yep. Have you tried editing it? I did mine using gparted.Below the result HSI test on my Linux Computer:
$ fwupdmgr security
WARNING: UEFI firmware can not be updated in legacy BIOS mode
See https://github.com/fwupd/fwupd/wiki/PluginFlag:legacy-bios for more information.
Host Security ID: HSI:0! (v1.9.26)
HSI-1
✔ Platform debugging: Not supported
✔ SPI write: Disabled
✔ Supported CPU: Valid
✔ UEFI bootservice variables: Locked
✘ SPI lock: Disabled
✘ SPI BIOS region: Unlocked
✘ TPM v2.0: Not found
HSI-2
✔ Platform debugging: Not supported
✘ Intel BootGuard: Not supported
✘ IOMMU: Not found
HSI-3
✘ CET Platform: Not supported
✘ Pre-boot DMA protection: Invalid
✘ Suspend-to-idle: Disabled
✘ Suspend-to-ram: Enabled
HSI-4
✘ Encrypted RAM: Not supported
✘ SMAP: Not supported
Runtime Suffix -!
✔ fwupd plugins: Untainted
✔ Linux swap: Disabled
✔ Linux kernel: Untainted
✘ Linux kernel lockdown: Disabled
✘ UEFI secure boot: Disabled
This system has a low HSI security level.
» https://fwupd.github.io/hsi.html#low-security-level
This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix
Upload these anonymous results to the Linux Vendor Firmware Service to help other users? [y|N]: N
Ask again next time? [Y|n]: Y
P.S. In my opinion the result is unreliable.
Maybe off-topic but I remember a panel with several linux developers including Linus Torvalds, they were asked if some goverment agency ever asked to put a backdoor in linux at kernel level. Linus say No! ,while noddoing up and down
To forgive him he has to apologize for that ''joke'', to give a new decent answer to the same question and admit that he has no sense of humor
we have to choose between his OS, Bill's OS or Steve's OS,
Jumping from Linux to BSD reminds me the step from Windows to Linux, only now it is a tier deeper, I may actually try itBSD has come a long way. Look into GhostBSD if you want a lovely (and easy) BSD. You can even install Linux software fairly easily these days - or so they claim. Whenever I've used BSD I didn't feel a need to use software that wasn't already available in the repos.
That's what hard drive encryption is for, ie: LUKS.This more or less allows full root access to everything. Your passwords and security keys become useless. Such security only works when the system is running as it should be, rather than allowing someone to mount your hard drive file systems into another running system.
This was also still possible last time I ran Windows as my main os and this is probably the same for BSD, but as stated above that's what file-system encryption is for.One can easily reboot, mount the file systems from another running system, and directly access whatever they want.
Software. I'm running Qubes on my old laptop. Not really smooth but it feels secure. It's hard to believe that checksums are compromised.Are you asking about hardware or software backdoors?
Both are possible.
If you want secure hardware check Qubes hardware requirements and list of Qubes hardware compatibility.
Whole distros were compromised/backdoored including most popular.. (checksums too).