"Perfection is the enemy of good" also applies here, imho. If you need one specific machine and cannot work without it, well I guess there's not much more you can do than the nail polish trick. But if you "just" need a safe compute environment and store your sensitive data off site (in whatever secure way you prefer), burner machines probably work best. Don't travel with your data at all, buy a cheapo early Secure Boot laptop on arrival (an X220-era Thinkpad or something like a C720P Chromebook), install whatever distro you prefer with your own Secure Boot keys enrolled and a signed kernel and feel free to access your remote data from your freshly installed secure 100$ laptop. A ton of early Chromebooks can be Corebooted for extra purity (with an easy script from MrChromebox) so you can go from vanilla Chromebook to Coreboot + custom keyed Secure Boot + distro of choice in half an hour!
PrimaryAlibi|1 year ago
Or do you mean to encrypt your data and upload to the cloud? Then download the data when you need to use it? And how are you managing all the passwords and encryption keys? I think you would need to keep quite a bit of sensitive data on that travel computer so you would need tamper evidence on it as well.
Or I think I must be completely missing out on something here what you are saying. Maybe you can elaborate a bit? It sounds interesting.