pull down to refresh
20 sats \ 2 replies \ @ln123 30 Dec 2022 \ parent \ on: How to know if laptop has been tampered with? bitcoin
^^ exactly
You need a laptop with the Intel Management Engine (IME) disabled. The following vendors can help:
- https://minifree.org/
- https://puri.sm/
- https://starlabs.systems
- https://shop.nitrokey.com/shop
Next you need to pick a setup that has a USB key to verify that your bootloader wasn't modified (Measured Boot). This will require PIN entry to load your OS after every upgrade.
And for a final layer of protection, if you're comfortable with linux, consider Qubes!
Thanks, great resources, I did only know of purism so far. I will look into it. I've made no distinction between Secure Boot and Measured Boot so far.
But by now it's obvious to me that an open source firmware is a key requirement.
reply
No doubt about it. If your main board is supported by one, your'e much better off replacing it.
reply