1

Do I have to enter operatingsystem in order to access BIOS settings on a raspberry pi? I am thinking about installing ubuntu on a raspberrypi and I see that linux has equvalent to windows 10 safemode. You can boot into recovery mode by pressing "esc" over and over at startup, see link, https://www.maketecheasier.com/boot-recovery-mode-ubuntu/ . On this post they say you have to access your account and then access the bios settings, see link, What BIOS does Raspberry Pi use? .

I want to create a raspberrypi doorlock and was thinking about adding 2fa authentication for logging in to ubuntu, but im worried somone can hack the maching with access to the usbport cable. Maybe boot from their own device or insert badUsb. The machine itself is behind the locked door. Only usbport cable, 1, and a keypad, not usb, attached to pins, will be accessable. I was thinking about nfc, rfid reader, but it looks like it is possible to clone the card with physical access.

It says here that you are able to add 2fa login to ubuntu with the yubikey, see link, https://www.youtube.com/watch?v=pfVhAtJt5_o&t=137s. But I guess this doesnt help if you are able to access recovery mode and change the bios from there and swap the bootorder or something. then they can open the lock because they can make their own program for the lock in their own bootdrive.

I have also looked into USBguard, https://usbguard.github.io/. If I am able to make the usbport only accept my hardwarekey and the integrated serialnumber is recognised and block everything else.

GabeNewel
  • 11
  • 1
  • 4
    to access BIOS settings on a raspberry pi? What bios? the pi doesn't have a bios – Dirk May 31 '22 at 05:27
  • 1
    Ditto. I did not read your links, but note that there is a "safe" mode implemented by the linux kernel, and there is a rescue mode implemented by the grub2 bootloader -- which is the norm for most systems, but it cannot (easily) be used on a Pi and is not part of any distro for it. I mention this so you do not confuse the two things in your research. That said, I do not think there is any way to secure a Pi against physical access without gluing in the SD card and, for models which can boot from USB, remove or plug the USB ports. – goldilocks May 31 '22 at 14:54

1 Answers1

0

In order to hack/boot the RaspberryPi when you only have access to one of the usb ports u need to be able to plug in a storage device MSD (mass storage device). Technically the Yubikey is not a storage device, it is not a MSD atleast. If I use this, "Want to block USB Storage? Here we go UBUNTU", https://www.youtube.com/watch?v=ar7nZvQxqWc&t=151s . Then a hacker should not be able to run a script to reboot or use his own disk, but maybe the yubikey can still work? Keep in mind that the RaspberryPI itself is behind the looked door.

I would also like to add a keypad to enter a pin for the second factor authentication using the GPIO pins. it is maybe possible to use this to hack the pi too, a keyboard would never be registrated as a storage device so it would be possible to just plug in a keyboard in the gpio pins or in the usbport itself and type in the commands by hand. Dont need a storage device. NFC reader, wireless would probably be the safest method.

Ive heard Rfid cards and nfc units can be cloned from within close range. But in order to clone the yubikey you need to clone it before it is activated because of timestamp or something.

GabeNewel
  • 11
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center. – Community Jun 01 '22 at 11:07