How to protect computer from physical attacks

Skatoskatosimos · March 25, 2024, 4:02pm

I have qubes installed and i am afraid that an adversary might install spyware. How can i protect my computer from that and if i cant i need to atleast know that it has been compromised. I saw on yt that an adversary can change bios settings and somehow install malware or other stuff.

boreas · March 25, 2024, 7:28pm

You probably already expect some work coming your way.

A feature that might interest you is AEM (Anti Evil Maid):

Also how Qubes handles devices:

Do you (have to) use an external keyboard?
You could of course set a BIOS password but this can be easily bypassed by disconnecting the power source (a battery) for the bios in your laptop.
A basic requirement is of course that you use disk encryption, otherwise the attacker can simply write to your hard drive and change files.
Do you have other OS’s installed (dual / multi boot)? Those can (AFAIK) change the boot partition and therefore how QubesOS starts. (However, an attacker that is physically present can change the boot partition on his own very likely)
A rather drastic option that might also work (not tested by me) is to just disable the usb ports in BIOS. This should hinder an attacker that tries to plug in a usb that mimics e.g. your keyboard.

Maybe to make it easier for other users to answer:
Can you outline your thread model a bit more?
E.g.:

Are you often taking your laptop to public spaces and is it easily accessible?
Have you a specific reason to fear such an attack?

boreas · March 30, 2024, 6:13pm

Please be aware that I surely didn’t mention every aspect and if you have serious concerns you should definitely question professionals in this area…

catacombs · March 31, 2024, 5:17pm

You might find it entertaining to read from the websites, that offer for sale “Qubes Certified Computers.”

Many here have the same goal in mind as the goal of your post.

Usually the first consideration is to do a “Threat Assessment?” or as one person said, "What Hunts You.?

One of the ways I would describe Qubes OS, is that it is a “Tool Kit.” How you build it and use it is up to you.

There is a lot of Documentation in Whonix,and accompanying documentation with the Tails OS.

catacombs · March 31, 2024, 10:42pm

I should have been more clear. The websites for Whonix, and Tails OS, emphasize privacy as well as Security.

If you, for reasons of location, or money want to buy a laptop and modify it to be similar to a Qubes “Certified Laptop” we have some folks who are focused on providing information on how to do that.

In my thoughts, I live in the US, If the US government group (National Security Agency) NSA decides they want to “get into my life,” I suspect whatever I try will not matter much. The NSA has such resources that my efforts will not work. However, I can make them exert themselves, and I doubt I am very important to them anyway. So they are not going to try.

But I can get rid of the annoying Ads like I have received.

Others on the forum, more technically knowledgeable than myself will answer more detailed questions that you might ask. So , If you want to know about something. Ask.

You may know a great deal than myself already. I just answer supposing a raw beginner is asking for information.