On 12/29/2016 04:02 PM, Rusty Bird wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Trammell Hudson:
On Tuesday I presented my work on the Heads firmware at 33C3 and
gave Qubes OS (and Joanna's 32C3 tallk) a shout-out. You can watch
the video, titled "Bootstrapping a slightly more secure laptop":
This looks really nice, I hope to finally be able to try it soonish.
With Qubes already moving towards open firmware (which probably means
coreboot in the foreseeable future?), Heads seems like it could be a
kind of natural successor to AEM and get rid of all the tboot/SINIT
related headaches.
Has there been any progress in upstreaming the hypervisor patch, now
that you have a rock solid use case?
I'd really like to figure
out how to pass the secret key from the Heads bootloader to Qubes'
initrd in a supported fashion.
If I understand it right, [rd.]luks.key= isn't working as it should?
I've played around with that a tiny bit and systemd-cryptsetup-generator
was indeed behaving weirdly, some "out of memory" nonsense.
Rusty
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYZXnKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrf1/YP/R7PqGlsQIE5vrcnGpg/6vm5
udi9Hb629B0sTi1IPK0rHQqJxRJiVvVUQkciMab+KSbzwfxMTFD7A0eufa73ujiE
dYEOKajP0Avwa8nUMYx9TRpj5S0KqmUmPLBGEGnQbvt3Qg0itsbaAqJsZN9SOM/f
zDPeYzudR3Bm0H/ExzQ2wKGS0tQ4DWNVi7tOu/j4uW8UBZS2ifF1BX7GjRTA/CWR
mYI9bx0QcC9XmMeb+gJHznPGR8N9XXjOh1RjqRZu/Db3e5kB7Jet10NQaaM1hO+2
Ou3PW4/P35RX232l0EqPq/PwXwoVwx7JIRIVBctX755siTDV1reP4piHYdmn6O9Z
m8WpfDaPTDSDp73+7NosZE9oydb30iNIBeGaKf4/c7MWfKgh1Y8M0GPMQYWIAxQL
QxFzIH/gkJ/vWlmtARrgiSrMmMNsOFe1TiXksJc1vnVzXS5nlKV8RQAcREURCb43
tSii74nWW11qxPsDa211wl6nH5xV5zS+D4z3/t5l0VjoIR/JB/LmjPuRGvuMWrsW
2g/Mtn1qYUS4KiK0zsT/qsebstTz0EXqiokaNhAX50e+BG4nDljftTo8MZzOpndl
vL9CJ15NwG415KW0tv8gclx6HEUMwnXOEM9mXbNiDjNTKIJ49ZtQSliG6WWhymhO
P9VL8vcktNT+xDJX6TAZ
=iDY+
-----END PGP SIGNATURE-----
Qubes isn't "moving to open firmware", new x86-64 intel and (now) AMD
(ZEN+FM2) processors make real libre firmware impossible with more and
more "security" measures such as FSP, boot guard, ME/PSP, etc.
And before anyone says "but purism", they're lying and entirely full of
it as they will never be able to convince intel to open source anything
at all, if google can't pull it off nobody can.
Blobbed firmware isn't open firmware.
You have impressive skills, but x86 is dead - even if you manage to
somehow turn a recent x86 device in to a libre firmware platform
intel/amd will simply issue a "fix" with the next hardware release.
My next laptop will be a custom build, stick a non-laptop motherboard in
a DIY case as there aren't any other real options for mobile workstations.
The only legitimate option for open source firmware machines at this
point is POWER and (some) ARM, just ultra high end servers and low power
devices (like the novena)
IBM sells servers only, presumably you could insert a graphics card
however there is also the TALOS project which aims to produce a fully
open (including hardware) POWER8 workstation motherboard (I assume you
already know, but here it is for everyone else)
https://www.crowdsupply.com/raptorcs/talos
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/b0893b6e-3737-82e4-9d7e-d2292b277fca%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
