←back to thread

Show HN: Tripwire: A new anti evil maid defense

(github.com)

81 points DoctorFreeman | 1 comments | 11 Dec 25 09:46 UTC | HN request time: 0s | source

If you have heard of [Haven](https://github.com/guardianproject/haven), then Tripwire fills in the void for a robust anti evil maid solution after Haven went dormant.

The GitHub repo describes both the concept and the setup process in great details. For a quick overview, read up to the demo video.

There is also a presentation of Tripwire available on the Counter Surveil podcast: https://www.youtube.com/watch?v=s-wPrOTm5qo

Show context

sandworm101 ◴[12 Dec 25 12:59 UTC] No.46243708[source]▶

>>46229437 (OP) #

This isnt a tripwire. This is a canary. You have to actively check a canary. A tripwire would send notifications in real time without the user needing to check.

An evolution of this would be to put a server on a different network, a remote location, and have it pump out warnings the moment movement was detected and/or contact with the "tripwire" system was lost.

But the best way of preventing evil maid attacks remains knowing your hardware. Anyone trying to swap out my laptop, or open it, is going to have a problem replicating my scratch marks, my non-standard OS boot screen, or prying out the glue holding in the ram modules (to prevent cold boot attacks).

replies(4): >>46243982 #>>46244154 #>>46245115 #>>46245449 #

hurturue ◴[12 Dec 25 15:37 UTC] No.46245115[source]▶

new CPUs have built in memory encryption with random key. activate it for an additional layer on top of your glue

it's called TSME on AMD

replies(1): >>46245429 #

1. justincormack ◴[12 Dec 25 16:06 UTC] No.46245429[source]▶

Or "memory guard". Its only available on "Pro" CPUs though, not all of them.