Delivery-Date: Tue, 01 Sep 2015 08:29:54 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 67DD81E0CF4;
	Tue,  1 Sep 2015 08:29:52 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 043FD36BD7;
	Tue,  1 Sep 2015 12:29:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 97BE836A94
 for <tor-talk@lists.torproject.org>; Tue,  1 Sep 2015 12:29:42 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id YvE7zZ_HjWej for <tor-talk@lists.torproject.org>;
 Tue,  1 Sep 2015 12:29:42 +0000 (UTC)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com
 [IPv6:2a00:1450:400c:c05::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 50709367A7
 for <tor-talk@lists.torproject.org>; Tue,  1 Sep 2015 12:29:42 +0000 (UTC)
Received: by wicmc4 with SMTP id mc4so31280089wic.0
 for <tor-talk@lists.torproject.org>; Tue, 01 Sep 2015 05:29:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=20120113;
 h=from:subject:to:references:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=eCdTxOex5iwDQKs6GFfH0iQrRu3fvAjhHga7baEbm9g=;
 b=lU+jOM68WIgz9Flj1tSAE2T5JEvtx6KXfKkQN4uM+WSQ2KV3CE+XEwIswPR2i69ALE
 o8/lV34Mg7zPoqMy+oX/K2SuLIgdok8B3yF1/Syf+rLmaCLEsvAn+nvL3uO6Y2wkHKYU
 DM39UtvXQNSnJKUS5Pe6zKyOwXEhU/OryU5/buNPJ+raSEDmGVIirtWlhIqwS3Yl8SF9
 wxhm7LFZD7MLfagdXen1j20gfyymJzlgrQrCcYj4FcuR1RR218uJKMKJtoBU3GmtiW4d
 5P9EkbBON3bnoBq3YQHpwHKRilOgI6Xf78/bUnd25JyCaPEF1vzAiKEaqcJhWX3Zfr4y
 WB9A==
X-Received: by 10.180.37.33 with SMTP id v1mr3267169wij.88.1441110578457;
 Tue, 01 Sep 2015 05:29:38 -0700 (PDT)
Received: from [172.16.41.91] (195-154-136-42.rev.poneytelecom.eu.
 [195.154.136.42])
 by smtp.googlemail.com with ESMTPSA id xs1sm26956319wjc.7.2015.09.01.05.29.37
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Tue, 01 Sep 2015 05:29:37 -0700 (PDT)
From: aka <akademiker1@googlemail.com>
X-Google-Original-From: aka <akademiker1@gmail.com>
To: tor-talk@lists.torproject.org
References: <55E17366.1050205@openmailbox.org>
 <CAFggDF0pMYEWjEgLxAA10wumDLOLsx-Hhc9G0eV4Nfr8Veg0Kw@mail.gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <55E599E5.7050008@gmail.com>
Date: Tue, 1 Sep 2015 14:28:21 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <CAFggDF0pMYEWjEgLxAA10wumDLOLsx-Hhc9G0eV4Nfr8Veg0Kw@mail.gmail.com>
Subject: Re: [tor-talk] hardware recommendations
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Some mainboards also contain drivers in their firmware. One MSI board I
had injected 32 and 64bit drivers into a running windows, they were
intel chipset drivers. Many mainboards and notebooks do that. Some of
them use documentated UEFI features where windows searches for those
blocks in memory, verifies signature and loads them. Other patch the
windows kernel on the fly via interrupt vector hooks like a bootkit.
ARM CPUs are more fragmented, everyone can rent their blueprints and
print their own CPUs, backdoors are less likely than from a single
manufacturer.

Use a x86/64 mainboard without EFI or an ARM embedded board. Also don't
forget to epoxy your PCI slots, it's possible to execute unverified code
at boot and at runtime by sticking something in your PCI.

Another advice: Add some notification to your setup for hardware changes
of any kind. In /etc/udev/rules.d/ you can define what to do if certain
hardware is inserted or detached, it even works for kernel modules and
ethernet. You can define a rule for all changes and make it email you a
PGP encrypted kernel log. If someone inserts a new USB device you get
notified. If someone replugs the ethernet cable at the server you get
notified. If malware somehow loads a kernel module you get notified.
Spies hate that!

Jacob Appelbaum wrote:
> On 8/29/15, blaatenator <blaatenator@openmailbox.org> wrote:
>> Hi all,
>>
>> The talk of Jacob at DebConf (especially the Citizen Four Q&A) got me
>> thinking about hardware. I know that hardware rng's are suspect, and
>> probably AES cpu extensions as well. And if Lenovo openly puts stuff in
>> the BIOS, who knows what else might be in there. Also someone there
>> mentioned ARM cpu's might be a better bet regarding backdoors (but what
>> is that opinion based on?).
> 
> Intel has AMT and opaque microcode updates, other CPU vendors have
> similar fun hardware features.
> 
> Further reading regarding AMT from the FSF:
> 
>   https://www.fsf.org/blogs/community/active-management-technology
> 
>>
>> There was a mention of a 'sort of' open source smart card product and a
>> certain type of laptop brand (but I didn't catch the names unfortunately).
>> Are there more recommendations regarding this sort of stuff? Like a
>> 'best buy' guide for secure hardware, or ways to work around insecure
>> hardware.
>>
> 
> This is the hardware and software that I mentioned regarding GnuPG:
> 
>   http://www.seeedstudio.com/wiki/FST-01
>   http://www.fsij.org/category/gnuk.html
> 
> This the base of a reasonable Debian ARM system that requires no
> non-free software:
> 
>   http://www.kosagi.com/w/index.php?title=Novena_Main_Page
> 
> All the best,
> Jacob
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

