On 06/22/2016 02:10 PM, Rusty Bird wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Marcin,
How would Anti Evil Maid detect BIOS/hardware modifications without
sealing to PCR 0-3? By default it seals only to PCR 13,17,18,19.
PCRs 17-19 come from tboot, which uses Intel TXT to protect BIOS etc.
Rusty
Based on what I've seen from BIOS updates not triggering AEM, I think
this is a valid concern. It should at least be explained.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/46fb6ebf-29ea-4875-146d-bb209a9519dc%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
