Lets try to keep this topic around a basic-intermediate level when you try to explain things.
What I mean in the most simple words is a way for me to know if my laptop or any of the accessories such as charger, mouse, keyboard, camera, mic, etc, have been tampered with while I left them in my hotel room while I went out on some tourist attractions.
Adversary could be a local gang with hackers hired as hotel maid, or the adversary could be a corrupt/over reaching authority/intel who thinks citizens and tourists shouldn't have privacy and if they put a lot of effort into privacy then that means they are extremists and must mean they have something to hide.
I know of 3 ways to check for tampering:
- AEM or Trenchboot or Heads.
- Glitter nail polish.
- A device which monitors your room for intrusion.
If there is proof of tampering then the solution is to destroy the hardware and throw in the trash because it's practically impossible with 100% certainty remove any tampering that was done. Better to buy new hardware.
Now to elaborate on each of the 3 ways...
1, Trenchboot is better than AEM or at least it will become better when it supports TPM 2. The plan is for it to replace AEM completely. So to make this simpler we can keep this discussion about trenchboot vs Heads and leave out AEM.
TPM 2 is good and something we should want depending on how important this method of tamper proof is. Because TPM 1.2 is old and weak encryption.
But I've read so many arguments about Trenchboot vs Heads, it's very difficult to understand everything and requires very deep and advanced knowledge and I just don't know, maybe I just have to keep on reading and learning until I eventually begin to understand more of it.
Glitter nail polish is supposed to make it practically impossible to open up the laptop (removing screws) to access the ROM chip and any other hardware. That makes this method of tamper proof perfect and simple and works on all laptops. But there are vulnerabilities:
USB is not protected by glitter nail polish. And if any malware compromises your system it could flash the ROM.
I don't think the malware is much of a threat if we are using QubesOS because it's too unlikely for the malware to escape the Qube, it would mean a 0-day vulnerability in Xen hypervisor.
But an adversary could easily use a bad usb when they have physical access to the computer and glitter nail polish doesn't detect that. I guess that this is why nail polish isn't sufficient on its own and why we need also either trenchboor or Heads.
One downside of Heads is that it's Static Root of Trust for Measurement (SRTM) which means it only checks for tampering when you boot the computer. But I think if the only threat is a bad usb attack because glitter nail polish protects against everything else that can tamper with the hardware, then this Heads downside of being SRTM doesn't matter.
This could be an app on the smart phone which uses the sensors to check for sound, movement and light changes, vibrations. Or it could be a more professional device as a surveillance camera or motion detector.
This way of tamper proof solves all problems if you assume that someone entering the room means that the hardware has been tampered with. But unfortunately this is not a good assumption to make if you are traveling or sharing accommodation. There are plenty of dumb people who would enter your room even if you told them not to even if they have no malicious intentions and are not an adversary. That means this method would give a lot of false alarms.
But if you are using video surveillance the you would know exactly what they did while in your room and you can clearly see if they even touched your hardware. So, with video surveillance you maybe don't need trenchboot or Heads and glitter nail polish.
Another reason to have this tamper method is in case they put any camera in your room to watch what you're doing or watch your enter passwords. If you have for example a motion detector giving an alarm, you can spend some time looking for hidden cameras. There are cameras that are good for this, I think they are called infrared cameras, they can find the heat which a hidden camera would give.
Summary: You probably want all 3 methods because they complement each others weaknesses. Question remains regarding trenchboot vs Heads in the scenario I've explained here I suspect Heads is a better choice but I am mostly guessing. Maybe I'm not as lost in this rabbit hole as I feel like I am. I hope the more advanced and experienced people can give some comments and help.
Another point I almost forgot to make: This whole scenario is meant to be practical, a realistic lifestyle. For example, it's not realistic for most people to be able to bring all their hardware with them everywhere they go such as work. It also makes you a big target to be robbed if they get a hint of how much valuable equipment you have in your backpack. So this means we are leaving the hardware at home which could be a hotel room or a shared accommodation.
Also last point which I forgot to make as well: The accessories need to be tamper proof as well. I don't know if trenchboot or heads is capable of doing that, such as if they replace the charger or something. Maybe the only way to protect against this is one of two ways:
- Bring the accessories with you but leave the computer at "home". This isn't great though because you might not be able to keep your eyes on your backpack at all time.
- Have a box filled with lentils which you put the accessories inside when you leave your room. Then you can take before and after picture and compare them to see if the lentils have moved around or not. This would mean we actually have to use 4 methods to keep all hardware tamper proof. It's not so fun to have to pack all accessories into a lentils box every time you leave your room, and check pics of both glitter nail polish and lentils. It's a lot of work but maybe that's the only way?
I'm kinda familiar with that rabbit hole :P . Though, I didn't quite consider your 3rd and 4th methods. So kudos to you for that!
While writing up a draft, I actually stumbled upon an (unfinished) article that goes over this subject in way more depth than I could.
Though, the author doesn't mention NovaCustom that intends to combine Boot Guard, Heads and QubesOS certification on their devices.
It was a good read, thanks for the link.
Problem for me is which experts do I listen to? The article you linked to says a lot of the experts in the privacy community are wrong (common misinformation). But how do I know who's actually wrong? If two experts are arguing with each other, how do I know who's right? I would have to become an expert as well before I can know that, or I have to go with the majority and hope they're right.
There's so much going on at boot, pre-boot, post-boot and everything, it's tough to learn. Boot guard, intel txt, TPM, heads, etc. They all sound like they are doing same thing. And sometimes people use words like SRTM but they are talking about intel txt because txt is srtm or something like that. I'm just saying it's difficult to learn about all this.
I guess there's just no shortcut really. I am just going to have to keep reading and slowly and steadily keep learning about this until I become an expert as well.