> Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).
Which is the same thing that happens with secure boot, because they just steal the whole device and leave you one that looks the same to enter your password into so it will send it to them.
Meanwhile if you're using tamper-evident materials then you don't need secure boot, because then they can't undetectably remove the cover to get physical access to remove your UEFI password or image the machine.
Thank you for prompting attention to the switcheroo.
This angle of attack is generally unheard of, but should be considered. I can think of some mitigations that can work.
Tamper-evident materials are well-known by the crowds that will target users. There are many criminals among us, so many that those who don't have criminal psychology have a hard time wrapping their mind around it. Given this, I am cynical, and every defense within reasonable cost should be leveraged.
Which is the same thing that happens with secure boot, because they just steal the whole device and leave you one that looks the same to enter your password into so it will send it to them.
Meanwhile if you're using tamper-evident materials then you don't need secure boot, because then they can't undetectably remove the cover to get physical access to remove your UEFI password or image the machine.