Yep, that's fair. In our case it would probably be "anything that can access system memory without being constrained by the GPUVM page tables" since those are under driver control.

As I don't know anything about how GPUs work, I'll have to take your word for it. Also that that parts which are not constrained by the same GPUVM tables are sufficiently isolated from parts that are, so the latter are unable to attack the former (e.g. by uncontrolled writing into their memory before they write to system memory). And that there is sufficient atomicity in the security checks to prevent TOCTTOU style attacks.

The Evil Maid attack could be combined with a Blue Pill attack. No need for a second visit if you have network access, no need to target some specific encryption or boot scripts - just use the blue pill, then have the rogue hypervisor/interpreter inject a backdoor kernel module. You could log every keystroke, and present the exact binary data from the original drive so all checksums match. Even without a network, you can hide the encryption key and key log on a hidden area of the disk for later retrieval.. but if you have physical access, it makes sense to add your own network implant while you're there.

Physical security is hard, you have to trust the people guarding your system.. your attacker can use an undercover agent or flip one of your co-conspirators and that's it. Most people will turn on you if they think you are a threat to national security, or to their security, or their freedom, or just for profit. The only people who won't turn are the ones who are commited to the cause and willing to lose everything, and, ultimately, die for it. Outside of certain groups, those kind of people are very rare.

As Snowden said, encryption works, but security is difficult. IMHO, it isn't realistic to think that you can secure yourself against a nation state unless you have systems that aren't on a network, and can be physically guarded 24 hours a day by 100% trustworthy people. Any hardware, USB drives, etc. that interface with the system also need to be protected. It would be very hard.

If nobody is watching you, then it's probably not because it isn't possible, but because you aren't interesting enough to justify the effort and expense.

using a network to exfil >3TB of video files?

Even the simplest security is enough to stop most of the bulk monitoring the US and UK are now famous for. HTTPS alone is probably enough to lock your ISP out of your data, and Torbrowser will defeat Google's tracking (and thus subpeonas for your Google history) even on your home computer. As of now https is also said to block Verizon Mobile's infamous tracking header from being inserted. There a hell of a lot of dangerous, low level monitoring that is easily stopped.

The more difficult and expensive you make it to attack your computers, the more "interesting" you can be without it being worth it to deploy the attacks. If you are arrested with an unencrypted computing device of any kind, I can almost guarantee it will be searched, legally or otherwise. If encrypted they almost certainly will not be to conduct a "routine" search. I've even heard of them holding machines and offering them back in return for the passphrase! If they otherwise give it back, that's when all the firmware-related attacks are to be presumed to be in use, especially against something common. Still, you are right that snitches, not hardware attacks, are the usual threat here.

Speaking of using the network to covertly exfil the take, it would be almost funny if the police tried to exfiltrate my over 3TB collection of video clips over a network of any kind. This would be equivalent to torrenting about 750 full length DVD movies at once. No way in hell that would go unnoticed. If I think there is a danger of a remote search for files from a particular date, changing the file creation times will block the search, and without knowing file and folder filenames there is no other way to search for them. Camera metadata I strip off.

I find it interesting that the US was never able to catch Mr Snowden, he was able to defeat his own former employers at their own game.

That's why I prefer devices supported by OpenWRT and 1st thing I would do for router is to install my own firmware. If I need 3G/4G, I would rather use usb modem which can only do limited harm to rest of systems, even if it turns badass-usb. Not like if one can type on bad-kbd if my device lacks HID USB modules

Actually there are chances USB device could have backdoored firmware from factory or it could be patched later. Why not? And there were at least some reports of powerful malware capable of patching HDD firmware. Sure, it only supported limited range of devices. OTOH it could be exceptionally persistent. It can eventully get extended to some USB devices with popular controllers I guess.

Sure, these attacks are blind. Yet, they can be successful. Especially against unsuspecting users using Default OS with default settings. I think OSes should develop some resistance against devices which suddenly changing their class, etc.

To some degree its true. Yet it can be tempting to, say, mass-upload backdoored firmware at factory and it happened historically at least few times. This is hard to detect and can give considerable amount of victims.

You see, to start computer you should have software which starts computer. When first computers were created, there was no such software, obviously. Yet it got solved. Do you honestly think other challenges are harder than that?

Of course, if you will use your own custom network device, AMT firmware is far from full-fledged OS bringing hundreds megs of drivers for every network card around. This way it would fail. But you see, 9 of 10 nuts would not even suspect that plugging wire to built-in network card could be something bad.

Sure, but on other hand it also means certain complications since it implies you shouldn't use remote management at all.

Somehow when they tell smth about security, they usually mean "vendor should have ability to securely pwn user". Since most of these countermeasures turn out to be either marketing bullshit in best case or potential tool to conduct covert attacks on these valuable enterprise targets, etc. Making sure target haves hard time to escape these attacks. And sure, some brainwashing about security is a part of plan. But as long as one refusing to show source and unwilling to allow to replace their SW, IMO it is logical to assume its just some brainwashing, not anythnig securty related at all.

Sure. Under most scenarios blackhats are less organized. Though if it, say, industrial espionage or so and competitor pays a lot to learn trade secrets, one can expect professional and strong attacks. Say, there were some "barbarian bad-usb style" attacks years and years ago.

And I'm one who understands how digital things are working. Somehow I'm able to imagine worstcase attitude of various firmwares, etc. Hopefully it explains why I'm fed up with all this treachery from Intel & co.

Sounds reasonable. Though I prefer not to use unwanted RF devices at all. Say, if I do not need 3G modem, let's switch it off. Ideally at electric level, by cutting power down through dedicated FET. Or even unplug it from socket. It's not like if unpowered device can emit something, etc.

I would rather consider vendor and their BIOS/UEFI to be malicious. I fail to see any good reasons for all this treachery.

I guess it should just boot. Though I'm not really sure if coreboot will do proper early chipset/board specific HW init, etc. Then I can imagine EC could potentially interfere in some cases. When it is proprietary firmware, you just issue ACPI call and rely on BIOS to do the rest. If you got rid of blob, that's obviously not an option anymore and software have to do it directly instead, being aware of platform specifics.

Modern hardware comes with IOMMU and it would catch any access which was not previously enabled in explicit way. While primary use is to allow safe PCI(-e) devices passthrough to VM, it also good countermeasure against DMA attacks in general.

IOMMU sounds like a good idea in theory, in practice the situation is much less rosy.

An IOMMU would be good, if

1. they work correctly
2. the operating system knows about their existence
3. the operating system has a driver for them
4. the operating system actually uses them (and not e.g. turns them off by default because they cause stability problems or other issues)

Neither of these is a given, as was demonstrated multiple times in the past.