Or even better... While booting, using either grub or systemd-boot, enter a uefi shell and change the kernel parameters to include 'init=/bin/bash rw'. Boot like that and you'll get a rw root shell.
The point is.. a system someone has physics access to is never secure. One thing that helps a little bit is using LUKS full disk encryption.
Apple has made significant progress in terms of developing evil-maid-resistant systems.
"No system is secure when you have physical access" is one of those canards that was true ten or so years ago, but was not an iron law even then and has been falsified by recent developments. Kinda like "there's no such thing as unbreakable DRM" in an era when the Xbox DRM is indeed, for all intents and purposes, unbreakable.
> Apple has made significant progress in terms of developing evil-maid-resistant systems.
Definitely, but a couple of the high end forensic data extraction companies have largely kept up with them. It's no longer something which can be done by someone who doesn't have access to expensive commercial exploit tools or government-developed tools. Most of the forensic companies can't keep up anymore but the demand is there for a couple options which do and they're not unsuccessful.
Cellebrite Premium is widely available and used by law enforcement and governments around the world. https://grapheneos.social/@GrapheneOS/112826067364945164 is their leaked documentation on their capabilities from July 2024.
Recent iPhones and Pixels are successfully preventing brute force attacks via Cellebrite Premium for Before First Unlock devices via their secure elements. They aren't successfully prevented the OS being exploited either Before First Unlock or After First Unlock. Pixels being able to run a more hardened OS is a major advantage in this regard. iOS lockdown mode and USB restricted mode exist, but don't appear to defend against Cellebrite Premium. Lockdown mode mainly reduces browser and Apple service attack surface.
> The point is.. a system someone has physics access to is never secure.
this is an article of faith among certain tech circles but it's not actually true. The entire point of the xbox security model is defending against an attacker who has unlimited physical access to the console, and it was not breached during the lifetime of the xbox one nor does xbox series S/X appear to be any different.
like literally the title of the presentation is "Guarding Against Physical Attacks". And they succeeded, despite an intense amount of effort from the modding community.
If you do get ADB access, a filesystem write vulnerability or exploit the device to get code execution then this app is irrelevant since you already have more access. A real attack vector has not been presented, which is why Google determined that it wasn't valid security vulnerability. That's their standard operating procedure. That doesn't mean they won't fix a bug or remove attack surface. They removed Showcase from Android 15, which is visible in the Android 15 Beta.
However, you do need more than physical access with a Pixel to enable this and set it up. They have full verified boot with a specific per-device key (which is how key rotation gradually happens) and anti-rollback fuses to prevent downgrade attacks to old vulnerable versions. The OS images are completely verified with anti-rollback via the secure element which has authenticated encryption between it and the main SoC. The data partition for the OS has every block encrypted, although it's not authenticated encryption yet. The firmware is quite locked down and reset attack mitigation for firmware boot modes was added in April based on a vulnerability report from us in January. RAM isn't fully encrypted yet but it's quite difficult to tamper with modern RAM or even dump it without controlling the OS / SoC firmware unless there's debugging functionality left enabled in production. Fully encrypted RAM is the main thing they're missing aside from a more hardened OS.
Cellebrite can successfully exploit up-to-date Android and iOS devices with physical access as part of their Cellebrite Premium product, but it's increasingly not easy for them. They often fall behind with updates, but they consistently catch up again. Leaked July 2024 documentation showing the current capabilities is available here:
For GrapheneOS, our aim is defending the device long enough for our auto-reboot timer after locking to activate combined with zero-on-free and firmware reset attack mitigation. They haven't been very successful at exploiting GrapheneOS but did develop exploits for older versions from 2022 and earlier. Physical access is not an entirely lost cause, the goals just need to be well defined. Defending the device for 18 hours since it was locked (our default auto-reboot timer) is our goal. Users can set auto-reboot as low as 10 minutes but then they'd be missing notifications.
When the motherboard fails, everything is gone. There is no way around this.
You either accept that your data is irretrievably tied to your motherboard, or accept that your data can be viewed/modified by someone who can replace your motherboard.
No? All you need to do is install to a standard LUKS partition with a good password. Then your data is secure but not irretrievably tied to your motherboard. Granted, that's not UKI, but it's a functional solution.
Yes, TPM is just one way to access your disk. The only reason to use it is in my opinion to not have to enter a super long password on every boot. An extra key if your mobo fails is the way to go. Or if you can't boot after an update, and you don't sign your recovery OS with the same key.
The point is.. a system someone has physics access to is never secure. One thing that helps a little bit is using LUKS full disk encryption.