I am wondering how Pureboot could protect itself against the following attack:
- Attacker with root access to local operating system (e.g. through exploitating software bugs).
- Attacker with physical access to the laptop.
In both cases, the attacker has access to flashrom and is able to read/re-flash the BIOS. Then the attacker can re-flash pureboot with backdoored measured-boot and the attacker’s payload. So that the backdoored code “lies” to the TPM about the measurements. In this case, tampering detection is bypassed and the attacker can even achieve persistency.
I think the only solution is the hardware write-protect switch. But seems the latest Pureboot still does not support it.