Feat: additional threat modelling and mitigations

diff --git a/index.md b/index.md
index 74e37f0f190fbd167611fad4d9d9de06191a29cd..451f225445f1e4d84f4252ff1d4cd4978e9193cc 100644 (file)
--- a/index.md
+++ b/index.md
@@ -5,6 +5,9 @@ attached bootloader in order to make more difficult to tamper the initialization
 process. Bootless is a bootloader installed in a removable media and used to
 initialize computers.
 
+It offers partial protection against the so-called [evil maid
+attacks](https://en.wikipedia.org/wiki/Evil_maid_attack).
+
 - [Repository](https://git.fluxo.info/bootless).
 - [Tutorial](tutorial).
 - [References](references).
@@ -86,10 +89,28 @@ Threat Model
 
 3. The USB stick itself is not a static device: it's has a built-in controller that could be exploited to present to your computer a compromised kernel or initramfs ([BadUSB attacks](https://links.fluxo.info/tags/badusb)).
 
+Again:
+
+* Bootless does not remove the threat of an evil tamperer but significantly
+  reduces the attack surface. Exploits in the bootloader's `stage0` would need
+  to be significantly smaller to do their jobs and optionally also load
+  an operating system (in case it's intended not to be noticed).
+
+* Spyware could still be installed in the firware or in specialized harware,
+  which are plentyful in current computers.
+
 ### Additional mitigations
 
-3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter.
+1. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter.
+
+2. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware.
+
+3. Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot).
 
-4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware.
+4. Against additional perimeter attacks, you could combine bootless with a
+   solution like Edward Snowden's [Haven](https://guardianproject.github.io/haven/) or even always stay with your [TPC - Trusted Physical Console](https://web.archive.org/web/20180914153944/http://cmrg.fifthhorseman.net/wiki/TrustedPhysicalConsole).
 
-- Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot).
+5. When turning on your machine, make sure that the ethernet and wireless
+   networks are switched off (this could be done by removing cables, antennas
+   or switching the "rfkill" button in laptops), preventing any bootloader exploit
+   that broadcasts keystrokes.