3

Edward Snowden suggests to have the bootloader on a USB stick to prevent evil maid attacks and to dump the BIOS, hash it and compare it everytime.

  1. Is using Tails from a USB stick means the bootloader is on the USB stick or how do I get the bootloader on a USB stick?
  2. How do I dump the BIOS, hash it and compare everytime?
user9
  • 31
  • 1
  • If the adversary controls the BIOS, they could probably make it appear as if nothing has changed. Checking the hash may reveal less complex replacements however. – multithr3at3d Oct 21 '18 at 18:24
  • 1
    Frankly, Snowden doesn't really understand what he's talking about here. It would be easy to fool this. What you want is TPM-based SRTM. – forest Nov 21 '18 at 04:25

1 Answers1

-1

Yes, booting from a USB stick on a system which has BIOS implemented means that the bootloader is on the USB stick. The start of the stick will have a bootable partition (containing a MBR) which the BIOS calls to load the OS.

Here's a question asking how to dump the BIOS.

Daisetsu
  • 5,120
  • 1
  • 16
  • 25