New top story on Hacker News: Ask HN: Assuming any bought laptop is tampered with, what do you do?

Ask HN: Assuming any bought laptop is tampered with, what do you do?
4 by PrimaryAlibi | 0 comments on Hacker News.
I've done some research and have found barely any information on this topic. There is a lot of info about how to detect tampering after you have received the laptop but there's barely any info about what do to when you suspect physical tampering, such as before you received the laptop after buying it. It seems most people, even tech savvy users, don't think there is any chance of tampering on a new laptop unless you are a VIP. Or if you are buying a custom laptop where you can put together the components yourself, such as when buying from Framework then they think it's not possible for some reason but it is because it doesn't matter if you can see the components before putting them inside if you don't know which chips you be on the motherboard because you don't have the schematics for the board to compare with. And you probably don't open up every component such as the SSD to take a look inside it, and even if you did, do you know what to look for? There is proof that three letter agencies do tampering at the factory. It doesn't have to be targeted, they have done it for mass surveillance too. And there are also several times shown that some hardware vendors were honeypots, that means they don't even need any gag order or anything because the owner is a fed. These honeypot projects can last many years before it's revealed it's a honeypot. You don't have to be a VIP to have their mass surveillance firmware on your laptop. So with this long introduction to the topic, if you assume a laptop has been tampered with when you bought it, what do you do? Throwing it away and buying a new one won't solve the problem because we have to assume this with all laptops you buy. I'll start with the simple steps to take which is: 1. Overwrite the SSD with zeros (wipe it). 2. Flash the chipset with open source coreboot firmware. But finding any additional chips with firmware on your motherboard or any of the other components is very difficult without schematics. If you are lucky you can find a schematic online but it's unlikely, especially unlikely to find a schematic for all the components. It would be an easier problem to solve if we could know it hasn't been tampered with when buying it, then we can take pictures of all the components and if detecting tampering later then we can look at the components and compare with pictures to see if anything has been added.