Comment by Theodores
3 days ago
It is interesting how laptops, whether running a consumer operating system or Linux, are poorly protected from theft. There is the Kensington lock hole that nobody uses and that is about it. Really, any laptop needs to be a brick without the magic password or bio-id, if the owner has configured it to be so when stolen, as identified by a change of power source or other cause.
As it is, all you need is a screwdriver to take out the disc, put it in another box, format it and put it back. Then you have a machine good to sell on eBay.
NFC could be another way of protecting a PC so you need your phone to unlock it.
PCs used to have a low grade lock on them originally, that locked the power button and disks behind a flimsy piece of plastic. This feature was soon dropped.
Clearly the market does not demand theft proofing. Otherwise we would have a little bit more than noble efforts like this udev script.
There's much much better Secure Boot and encrypted disk options than there used to be, which is good!!
But it does feel like the security regime is pretty lax. I feel like some BLE tracker system is a natural fit for laptops. I'd love a motion sensor alarm built in.
Framework laptop's embedded controller is open source, run Zephyr. I don't think there's a ton of peripherals it has access too, but I love the idea that one could potentially make their own firmware that has their own security designs built in.
M1 Macs are more theft-proof than most: it's useless if it's attached to someone else's iCloud account.
It even has parts pairing, so the e.g. the screen has some features disabled if you swap it.
Problem with theft-proofing is it inherently comes at the cost of both repairability and recyclability. If every part is cryptographically locked to its parent machine, you can't scrap devices for parts.
Sometimes there's "unlock before recycling" flows but generally people are pretty unlikely to know they should do that, and even less likely to remember to do it.