Every time I read stuff about secure boot, "evil maid" attack scenarios come up. And every time, they fail to mention the easiest one.
The attack described here involves dismantling the victim's hard drive. I have an attack that isn't defeated by secure boot, and doesn't even require dismantling anything.
Steal the original laptop. Take another physically identical unit. Replace it. Copy the login screen of original laptop on a brand new laptop, and have it log the password when the victim types it to you over wifi.
There. I stole your data. Without any security flaw. In the exact same threat model described.
Replicating the chassis (including the scratches, etc.) and other laptop parts is the hardest part of your attack. I assume you don't know about the nail-polish with glitter based protection?
Even "copying the login screen" is not necessarily easy.
You know the scratches on the chassis of your laptop? I definitely don't. If someone replaces my laptop with a brand new one, I'll notice something is off, but I wouldn't be surprised I'd notice /after/ typing my password. If rather than brand new, it's replaced another laptop with approximately same age/usage, I would most definitely not notice.
> I assume you don't know about the nail-polish with glitter based protection?
Nope, can you explain?
But okay, you may extend my attack by saying that you exchange the motherboard between the victim and the attacker laptop, so that you don't need to replicate the chassis.
> Even "copying the login screen" is not necessarily easy.
Personally my login screen is ubuntu's default FDE screen untouched, so there is literally no work involved to attack me there. I have absolutely no idea how to customize FDE screen. But even if I did, I'd expect that it would be pretty easy to plug in an HDMI capture to have a close-enough duplicate of the screen.
Modern computers has tamper detection and if you open them you'll need to type the BIOS password.
However, replacing the motherboard is going to replace the TPM. This is easily detectable with something like tpm2_totp in the bootchain.