Hi, long time QubesOS user here.
I use a very portable laptop and I noticed secure boot doesn’t work, any way to make it work?
other than that
I’ve been leaving my laptop in my hotel rooms over the years and recently this month my rooms have been getting inspected so to say, any way or tips on how to tell if my laptop was tampered with while I was out or how could I detect a physical keylogger or so?
would qubesos sys-usb protect from physical keylogger or extraction?
Hi @blackgoverning ,
nice to see you here.
Some of that topics was discussed/described by the founder of Qubes OS, Joanna Rutkowska.
Maybe you like to read her blog entry about that Anti Evil Maid | The Invisible Things Blog.
Incidentally, detecting a physical keylogger is impossible for every operating system or software, as such a keylogger can emulate all captureable keystrokes or keyboard parameters.
While there are notebooks with a physical switch that detects when the case is opened (thus allowing the insertion of malicious devices), even this does not offer absolute security. This is especially true against attackers with unlimited resources (which, in the worst-case scenario, must be assumed).
No:
Heads, mentioned in the above quote.
Qubes OS can contain the hardware keylogger or exfiltration tool in the sys-usb AppVM if the tool itself is connected to a USB port, but cannot protect against hardware keyloggers installed via other means, such as an attached circuit on the motherboard.
The above answers help detect software tampering. To detect hardware tampering, use glitter on the screws. https://novacustom.com/product/anti-tamper-glitter-substance/
If your running android or grapheneos, heres an to help you check the glitter. GitHub - proninyaroslav/blink-comparison: Simplifies comparing photos of tamper-evident seals and patterns using your eyes · GitHub