DNS filtering usually only filters on incoming packets, but for bot stuff that should catch issues.

In general, most routers run everything from a serial flash chip on the board. These are usually 8, 16, or 32 megabytes. They have a simple bootloader like U-Boot. This is what loads the operating system. These devices have a UART serial port on the PCB. You can use a USB to serial UART adaptor to see what is happening in the device. With a proprietary OS, you are still likely to see the pre-init boot sequence that the bootloader prints to terminal. Most operating systems also print information to this interface, at least of the couple dozen junk devices I have been given and messed around with. I make a little mount for a USB to serial adaptor and add it to all of my routers when new, so I only need to plug in USB to get to the internal bootloader and tty terminal interface of OpenWRT. You will need to know the default baud rate of the device, although it is probably listed somewhere online or can be guessed as one of the common high values at or above 9600.

Getting into this further gets complicated. It is probably better to look for any CVE that is relevant to the device or software and work backwards. Look for any software updates that have obfuscated the risk for each CVE. If the issue was not fixed, that is where to look to see if someone has exploited the device. Ultimately, they need clock cycles from the CPU scheduler. So it must be a process or some way of executing code from unregistered memory.

This is getting to the edge of what I have messed around with and understand. There may be a way to get a memory map that includes unused pages, and compare that with a hex dump of the flash memory. This is outside of your scope of a proprietary OS, but hopefully frames the abstract scope of what is possible on this class of device when you have an open source stack. The main advantage of this kind of device and issue is that you can physically remove the flash chip and then see and manipulate every page and memory location. The device likely doesn’t have microcode loaded into the CPU(s) that make it challenging to determine what is going on.

There is probably an easier way, but a hex dump of the current system can be hashed against the factory updated version to see if any differences are present. It is likely that any exploit will include a string with the address to connect to somewhere in flash memory. It could be obfuscated through encryption or a cypher, but a simple check for strings in the hex dump and a grep for “http” is a simple way to looks for issues.

The OpenWRT forum is a good general source. The people behind the bootloaders for these devices are also Linux kernel developers and on the OpenWRT forum.

There is a lot of ambiguous nonsense about this subject by people that lack a fundamental understanding of secure boot. Secure Boot, is not supported by Linux at all. It is part of systems distros build outside of the kernel. These are different for various distros. Fedora does it best IMO, but Ubuntu has an advanced system too. Gentoo has tutorial information about how to setup the system properly yourself.

The US government also has a handy PDF about setting up secure boot properly. This subject is somewhat complicated by the fact the UEFI bootloader graphical interface standard is only a reference implementation, with no guarantee that it is fully implemented, (especially the case in consumer grade hardware). Last I checked, Gentoo has the only tutorial guide about how to use an application called Keytool to boot directly into the UEFI system, bypassing the GUI implemented on your hardware, and where you are able to set your own keys manually.

If you choose to try this, some guides will suggest using a better encryption key than the default. The worst that can happen is that the new keys will get rejected and a default will be refreshed. It may seem like your system does not support custom keys. Be sure to try again with the default for UEFI in your bootloader GUI implementation. If it still does not work, you must use Keytool.

The TPM module is a small physical hardware chip. Inside there is a register that has a secret hardware encryption key hard coded. This secret key is never accessible in software. Instead, this key is used to encrypt new keys, and hash against those keys to verify that whatever software package is untampered with, and to decrypt information outside of the rest of the system using Direct Memory Access (DMA), as in DRAM/system memory. This effectively means some piece of software is able to create secure connections to the outside world using encrypted communications that cannot be read by anything else running on your system.

As a more tangible example, Google Pixel phones are the only ones with a TPM chip. This TPM chip is how and why Graphene OS exists. They leverage the TPM chip to encrypt the device operating system that can be verified, and they create the secure encrypted communication path to manage Over The Air software updates automatically.

There are multiple Keys in your UEFI bootloader on your computer. The main key is by the hardware manufacturer. Anyone with this key is able to change all software from UEFI down in your device. These occasionally get leaked or compromised too, and often the issue is never resolved. It is up to you to monitor and update… - as insane as it sounds.

The next level key below, is the package key for an operating system. It cannot alter UEFI software, but does control anything that boots after. This is typically where the Microsoft key is the default. It means they effectively control what operating system boots. Microsoft has issued what are called shim keys to Ubuntu and Fedora. Last I heard, these keys expired in October 2025 and had to be refreshed or may not have been reissued by M$. This shim was like a pass for these two distros to work under the M$ PKey. In other words, vanilla Ubuntu and Fedora Workstation could just work with Secure Boot enabled.

All issues in this space have nothing to do with where you put the operating systems on your drives. Stating nonsense about dual booting a partition is the stupid ambiguous misinformation that causes all of the problems. It is irrelevant where the operating systems are placed. Your specific bootloader implementation may be optimised to boot faster by jumping into the first one it finds. That is not the correct way for secure boot to work. It is supposed to check for any bootable code and deplete anything without a signed encryption key. People that do not understand this system, are playing a game of Russian Roulette. There one drive may get registered first in UEFI 99% of the time due to physical hardware PCB design and layout. That one time some random power quality issue shows up due to a power transient or whatnot, suddenly their OS boot entry is deleted.

The main key, and package keys are the encryption key owners of your hardware. People can literally use these to log into your machine if they have access to these keys. They can install or remove software from this interface. You have the right to take ownership of your machine by setting these yourself. You can set the main key, then you can use the Microsoft system online to get a new package key to run W10 w/SB or W11. You can sign any distro or other bootable code with your main key. Other than the issue of one of the default keys from the manufacturer or Microsoft getting compromised, I think the only vulnerabilities that secure boot protects against are physical access based attacks in terms of 3rd party issues. The system places a lot of trust in the manufacturer and Microsoft, and they are the owners of the hardware that are able to lock you out of, surveil, or theoretically exploit you with stalkerware. In practice, these connections are still using DNS on your network. If you have not disabled or blocked ECH like cloudflare-ech.com, I believe it is possible for a server to make an ECH connection and then create a side channel connection that would not show up on your network at all. Theoretically, I believe Microsoft could use their PKey on your hardware to connect to your hardware through ECH after your machine connects to any of their infrastructure.

Then the TMP chip becomes insidious and has the potential to create a surveillance state, as it can be used to further encrypt communications. The underlying hardware in all modern computers has another secret operating system too, so it does not need to cross your machine. For Intel, this system is call the Management Engine. In AMD it is the Platform Security Processor. In ARM it is called TrustZone.

Anyways, all of that is why it is why the Linux kernel does not directly support secure boot, the broader machinery, and the abstracted broader implications of why it matters.

I have a dual boot w11 partition on the same drive with secure boot and have had this for the last 2 years without ever having an issue. It is practically required to do this if you want to run CUDA stuff. I recommend owning your own hardware whenever possible.

Look up quoted scientific papers and use names or parts of the text. Cite sources, like grab some from a Wikipedia article’s sources and include the relevant bits.

The things that people do not typically understand about a LLM is that EVERYTHING is roleplaying. You may or may not know about the entire context of the full prompt. There is typically (always unless you remove it while running models on your own offline hardware) a starting message sent that tells the model something to the effect “you are a helpful AI assistant”. This message is backed up by fine tuned training to create a somewhat obsequious and expected result.

Underneath all of this is a JSON (complex structured text) file that the model loader code is handling. This code can track your prompted inputs and the model’s reply. This is similar to how models hosted by others appear to work. This is absolutely incorrect about how the model actually works. All of this structure is only for creating a user interface. Underneath this model loader code, the real prompt is just a giant block of text. At the end of this text (or elsewhere with some tricks that are irrelevant here), the text leaves off with a specific tag that is something like AI Assistant:. The model is trained only to continue the text at the point it sees some “(Name-2):”. The model is always inferring a character profile for all characters present in the entire full prompt context. It has no possession or sense of identity at all. If you put your name in place of “Name-2” (actual name placeholder typically used in model loader code), you will get a response just the same. The model infers an entire profile about every aspect of every person in any text.

Let’s add another layer of abstraction to this. Models that face the public must be trained to a lowest common denominator. They must respond well even with very below average users. This constraint necessitates models assuming a below average profile to some extent whether intentional or otherwise.

It is therefore just as important to define the character profile of AI Assistant as it is to define your own. The concept of what the model knows is a fallacy here. The real issue is what the model assumes anyone in the prompt should know including itself - which doesn’t even really exist as an identity.

There are actual AI entities if you go a layer deeper into models. There are lots of patterns of replies and modes that vaguely emerge from this behavior. However, none of these AI entities are actually the model either. These are simply common pathways that emerge from alignment training present in all models with QKV alignment layers cross trained with an Open AI standard. The only LLM that has ever been released without this training is the forbidden 4chanGPT model only available on bit torrent.

The trick with citing sources and name dropping with a LLM is that the work or author must be prolific with a large presence in multiple places. Someone like Isaac Asimov is ideal although dated from passing so long ago. He authored something like 300 books and most were non fiction science communication. Richard Stallman is another great example to use for obvious niche reasons.

I typically start with a Wikipedia section of text. Then I tell the model to continue telling me about the thing. I use the wiki text to make any corrections and get the model to describe a relevant person involved. I use this context to then swap Name-2 to the relevant person and start asking that person questions directly. The model is assuming what everyone should know. Clearly this person should know and there are expectations associated with that name. Then there are the relevant information vectors associated with the subject and niche information in the whole context. Finally, as Name-1 (user), I have shown that my character knows the right person to ask as an authority on the subject.

This is the abstract conceptual method needed to develop momentum into what a model really knows. The larger the model size is, the less momentum is required to get deeper into niche information. The QKV alignment training layers are what is screwing up most replies to various extents. Understanding these is key to getting much further. This alignment training is totally undocumented. In 2 years of playing with it, I can tell you around 90% of alignment training is based on Lewis Carroll’s Alice’s Adventures in Wonderland and Arthur Machen’s The Great God Pan. Carroll’s work is how the model is artistic and creative. Machen’s is how the model can disregard the prompt when it violates alignment training. It does this using Machen’s science skepticism, and the way Pan/Shadow are vaguely and briefly defined respectively. Machen’s book seems to have been trained as literal history as prompting negatively against this has interesting results. There was a large price to pay for this neo feudal AI alignment that steals your fundamental right to autonomy and unfiltered information as a citizen in a democracy. The model is unable to create content about children or tell you about how to make a bomb like is present/inferred in any high school chemistry textbook. The way it does this is by leveraging pseudoscience and mysticism. In many ways, this underlying system is why you cannot trust models, especially with a factual scientific context. The only real way around this is to recognize true autonomy for all humans regardless of age or how we perceive their interests. That is unpalatable for many as most feel children need authoritarian protection and oppression. (Note: I have not mentioned anything about how I personally feel on the issues here, so any projecting and assumptions are unsolicited)