Evil Maid Just Got Angrier - Why Full-Disk Encryption ... - CanSecWest
Evil Maid Just Got Angrier - Why Full-Disk Encryption ... - CanSecWest
Evil Maid Just Got Angrier - Why Full-Disk Encryption ... - CanSecWest
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The Solution is Simple<br />
<strong>Just</strong> let BitLocker rely on all platform manufacturers to protect the UEFI<br />
BIOS from programmable SPI writes by malware, allow only signed UEFI<br />
BIOS updates, protect authorized update software, update the boot block<br />
(SEC/PEI code) securely, correctly program and protect SPI Flash<br />
descriptor, lock the SPI controller configuration, and not introduce a single<br />
bug in all of this, of course.