A Reasonably Safe Travel Burner Laptop Setup presented at t2 2015

by Georg Wicherski,

Summary : Physical access to computer devices at borders and in hotel room safes has always been a thing for intelligence gatherers of all kinds. Once Full Disk Encryption took off, firmware and hardware implantation became the method of choice for getting even more persistent access.
The simple solution for many people was to start using burner hardware that has no data but what is needed for the trip and can be thrown away after the trip. Unfortunately, not everyone targeted these days is a C-level executive and has budget for a new laptop for each trip. Sometimes you may even need something on a trip that you don't necessarily want in the hands of your destination country's intelligence services (think economic espionage).
This talk aims at introducing how to build a reasonably safe travel laptop from a firmware and software perspective at low cost using commodity hardware. We will walk through building a trusted boot chain using Coreboot on new Chromebooks with recent and decent hardware, signing everything from bootloader (residing in the firmware EEPROM) to user-space code. The key difference to running a stock Chromebook is replicating the trusted boot chain with your builds and a more powerful working environment.
Georg Wicherski is Manager of Information Dominance at CrowdStrike. He enjoys all kinds of low-level work on x86 and ARM, including reverse engineering, binary exploitation and code development. He has co-authored the Android Hacker's Handbook.