>1) What happens if I replace the cpu. Am I now magically left unprotected. >Intel Boot Guard does not stop you attacker ripping out your cpu and putting in another one
Right - what's to stop the attacker from switching the CPU for one that trusts their modified firmware? Is it only intended for systems where the CPU is soldered to the motherboard?
It sounds like this scheme is intended for the ultra-paranoid against a targeted attack, but an attacker that resourceful could always swap out as much of the machine's hardware as they like.
Consequently this form of protection seems to have a fairly narrow threat model that it will protect against (an attacker sufficiently dedicated that they are targeting you and get physical access to the machine, but not to the extent that they will actually replace any hardware), which makes me highly doubt that the pros will be worth the cons.
Re: I don't see the benifits I just see trouble.
>Intel Boot Guard does not stop you attacker ripping out your cpu and putting in another one
Right - what's to stop the attacker from switching the CPU for one that trusts their modified firmware? Is it only intended for systems where the CPU is soldered to the motherboard?
It sounds like this scheme is intended for the ultra-paranoid against a targeted attack, but an attacker that resourceful could always swap out as much of the machine's hardware as they like.
Consequently this form of protection seems to have a fairly narrow threat model that it will protect against (an attacker sufficiently dedicated that they are targeting you and get physical access to the machine, but not to the extent that they will actually replace any hardware), which makes me highly doubt that the pros will be worth the cons.