Which hardware to keep the level of trust ?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Which hardware to keep the level of trust ?

Jean-Francois Simon
Dear all,

After having read infos about breaking into bios and other type of
attacks, has anyone info on which hardware best suits OpenBSD to avoid
unpleasanties ?

I was thinking of PIC 32 Microchip but surely difficult to implement an
OS running into it able to handle normal desktop activities.
On the other hand I have absolutely no trust in public brands of
motherboards since they allow bios update.

If one had to find a hardware most difficult to compromize which one
would you take ?

J-F

Reply | Threaded
Open this post in threaded view
|

Re: Which hardware to keep the level of trust ?

Michael McConville-2
Jean-Francois Simon wrote:

> After having read infos about breaking into bios and other type of
> attacks, has anyone info on which hardware best suits OpenBSD to avoid
> unpleasanties ?
>
> I was thinking of PIC 32 Microchip but surely difficult to implement
> an OS running into it able to handle normal desktop activities. On the
> other hand I have absolutely no trust in public brands of motherboards
> since they allow bios update.
>
> If one had to find a hardware most difficult to compromize which one
> would you take ?

OpenBSD isn't generally developed to defend against physical attacks.
Also, most firmware (e.g. BIOS) is, well, firmware, and is therefore
outside the scope of the OS.

Reply | Threaded
Open this post in threaded view
|

Re: Which hardware to keep the level of trust ?

lists-2
In reply to this post by Jean-Francois Simon
Hi J-F,

Please look around a bit more for a micro-controller mailing list,
these need security and quality much more than expected.

Please also do bring the OpenBSD on these platforms and hope for the
best ideas come back here too.

Regards,
A

Reply | Threaded
Open this post in threaded view
|

Re: Which hardware to keep the level of trust ?

Raul Miller
In reply to this post by Jean-Francois Simon
On Sun, Sep 27, 2015 at 4:49 PM, Jean-Francois Simon
<[hidden email]> wrote:
> If one had to find a hardware most difficult to compromize which one would
> you take ?

None.

The hardware most difficult to compromise would be hardware with
nothing on it to compromise. An acceptable second place would be
hardware with nothing on it worth compromising.

Of course, that's not very useful. Then again, one could also say that
about most computers deployed today (possibly even with some degree of
accuracy - though that winds up being a matter of perspective -
different people have very different concepts of "useful").

A more interesting (and perhaps - depending on perspective - more
useful) concept might be compromise detection. For this you need
checks and balances. Good models for this kind of thing might be
"double entry bookkeeping" and/or "pain neuroscience" (the underlying
abstractions are similar).

Of course, that also leaves the issue of: what are you going to do in
response to compromise attempts?

I hope this helps...

--
Raul