Comment by TacticalCoder
4 years ago
> If the computer is powered off, moved or confiscated, there is no data to retrieve.
Don't forget to add insta-shutdown when any USB device is connected to the system!
4 years ago
> If the computer is powered off, moved or confiscated, there is no data to retrieve.
Don't forget to add insta-shutdown when any USB device is connected to the system!
And a tilt sensor that cuts power if the chasis is moved
Or disable usb in bios entirely
Disabling USB in BIOS only disables the emulation of classic PS2 keyboards and IDE storage so that old OSes or bootloaders without USB stacks can work with modern equipment. As soon as the OS kernel initializes the PCI bus, USB will work again - however they could go and remove the xHCI modules from the kernel and image.
Mullvad has a custom-built bare metal UEFI implementation based on coreboot, I assume stboot is an evolution of that, which means it takes as close as you can get to full responsibility for initialization of all system components like processor, chipset, Ethernet, USB, everything.
As a result they can absolutely disable USB entirely by never exposing those parts of the device tree to Linux.
1 reply →