To make this topic easier to discuss, assume that Intel does not have any backdoor and does not co-operate or give out their keys to anyone. Pretend they are trustworthy just for this topic’s sake. Also pretend that all the OEM/ODMs implemented the bootguard firmware correctly because I know that has been recently in the news as a vulnerability because they didn’t implement it correctly.
Bootguard (PCR 0) can’t be flashed over. Does bootguard verify exactly all firmware on the computer? even firmware on things like the hardwired cam, Embedded Controller and Bluetooth? Meaning there’s no place at all for a hacker to flash some bad firmware without being detected by Bootguard?
If the answer is yes then what exactly is the threat with letting an adversary have covert physical access to your laptop for a few hours? There’s nothing they can do which Bootguard won’t detect? The only threat is malware in userspace from your own bad opsec actions, no threats in firmware?
Or maybe they can still do: Put a keylogger on the keyboard? Put a new chip onto the board which has their firmware on it? Entirely replace the Motherboard and CPU? Would Bootguard detect those 3 threats as well or not?
Here is one example of a threat/adversary: An adversary with covert physical access to someones laptop would probably would by default start the computer and see if it’s running Coreboot/Bios/UEFI. Check if there’s a password on the bios. Check if there’s full disk encryption.
After that it depends on what the result is. If there’s no full disk encryption then it’s super simple to get all data and infect with malware. If there’s no bios password then it’s still simple to restart the computer and boot from a bad usb which infects the computer and flashes bad firmware to it. It makes no difference if computer uses coreboot/bios/uefi except if there is Bootguard then maybe it’s not possible to flash bad firmware with a bad usb? In that case the hacker would need to replace the entire motherboard and cpu but this time there is no bootguard so the hacker can flash the firmware and the victim would have no way to know.
Coreboot Heads might interest you: https://osresearch.net/
I believe you might be correct: there is no perfect on-device solution to protect against all hardware level attacks.
Heads attempts to solve the problem by using an external security key device to validate the hardware for you. This way, the challenge is easier: reducing the problem to protecting one small USB device instead of a whole computer.
Can you explain in short bullet points how heads is better than bootguard? I’ve read people saying that Heads can be defeated by flashing the boot rom with external programmer. But that wouldnt be possible with bootguard because its in pcr0 and fused and can’t be modified again. Pros and cons of bootguard vs heads?
First, I’m not expert.
My understanding is if someone reflash your devices you can detect it using your external security devices which utilize HOTP, TOTP & PGP.
Maybe this also good resource for you: https://tech.michaelaltfield.net/2023/02/16/evil-maid-heads-pureboot/