You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
That means all the firmware on your add-in cards and miscellaneous perioherals has to be signed and measured at boot. Everything must have anti-rollback protection. Yes, that includes your Ethernet and USB3 and SAS controllers. And your GPU. And a zillion other things.
And I hope you're running with a full IOMMU implementation. And you've certainly audited all the drivers to make sure they aren't trivially exploitable (hint: most are). And you're using a TPM to hold all your keys outside the CPU.
And of course you've audited your BIOS and found all the bugs in the UEFI reference implementation, all the bugs added by the BIOS OEM, all the bugs added by your CPU vendor, all the bugs added by your motherboard vendor, and all the bugs in any modules and OS loader.
What, you're not doing half of those things? Congrats, the NSA and anyone else who bothers to invest the time already has a half dozen malware persistence vectors for your hardware and there's squat you can do about it.
Keep people away from root on your machine and hope for the best. At least AMD doesn't stick a webserver with a huge attack surface in there, unlike Intel. If you want real security, you need to design your own motherboard where *you* control and sign and validate flash.
I don't think any distro (other than maybe Qubes) even enables the IOMMU by default. Kind of a rude discovery when I was trying out vfio.
And this is how IOMMU support never improves. I had to send in a patch to make my FireWire controller work with IOMMU (hardware bug workaround), and I still get random crap-outs that break Ethernet once in a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
