On 12/29/2016 02:25 AM, HiringQubesExperts wrote:
Hi all,
I am planning on buying a 13.3 - 15.6 laptop that I will specifically
use for running qubes, and containing lots and lots of highly
sensitive files.
I will also be using tor allot, and for me the main things I care
about is being able to get my setup as secure as possible.
Things i've thought about so far;
OPAL SED SSD for HW based drive encryption. (Second FDE ofcourse)
USB PGP-Key for authentication and stuff., also contains (hidden) storage.
Keypad encrypted USB for hardware encrypted USB with
bootfiles/keyfiles etc.
Hi,
FYI, OPAL should be considered inferior to regular LUKS encryption that
is protected by something like Qubes AEM. I'd say don't rely on it.
A USB drive with a keypad is fine as an extra measure, but the security
it offers is limited.
Now for the laptop itself;
Is TPM worth it? Im hearing mixed opinions... Also, I definately do
not want to put all my eggs in one basket, so would using TPM be
possible in a way that it is just one of several parts of the whole
security-chain ? I would hate it if someone has a TPM backdoor and
compromises my whole system that way, any way to design something with
2 or better yet; 3 way authentication ?
TPM is probably worth it, given the role Qubes Anti Evil Maid gives to
it: Stopping quick or mediocre attempts to subvert the boot process. It
raises the bar for tampering quite a bit.
What about the processor and bios? Are there any secure/open bioses
that work with recent intel processors?
Libreboot appears to work fine with some models from the Ivy Bridge (c.
2012) generation, and probably later. But AEM doesn't work with it.
As for the processor; are the SGX and other new features that skylake
CPU's offer any good? Would it be possible to make use of these
features in Qubes?
Joanna (Qubes founder) has written articles on SGX, which can be
summed-up with this:
https://twitter.com/rootkovska/status/821298935834824704
OTOH, the TXT feature is already used in Qubes AEM.
If not, what processor would you guys recommend? I guess Intel right?
Are there any laptops out there that have onboard security-hardware
that offers any real solid security benefits? I've read allot of posts
from Joanna where she kinds of debunks the Cortex M-3 security chip,
so I am wondering; are there any other chips like these that are truly
open source, and really add some security?
Not really venturing into alternative architectures, a Qubes user can
try their luck with AMD. Not many have been trying, but most of them
seem successful.
However, I am a believer in the eventual necessity of an open hardware
platform for personal computing. And that probably means non-x86. OTOH,
I think the POWER8 effort was a lark... a very poor fit for potential
users and poorly conceived.
What kind of laptop comes to mind when I'm asking for this kind of
features? I'm having a very very hard time finding a laptop that I can
setup in a way that would make me feel truly secure. I hope you guys
can share some advice on these matters.
I heard the Thinkpad P series offers Xeon as an option.
In the near term for use with Qubes, I suggest not getting hung up on
raw power and instead look to the business class offerings of the
top-tier laptop makers (excluding Apple). These will tend to have a good
mix of power and security features that are properly implemented
(instead of messed-up by a bug-ridden BIOS) and have decent open-source
support. Intel i5 and i7 processors are the mainstays. Apps don't get
GPU access in Qubes, so Iris graphics won't really help. Don't pay more
than $600-700 overall.
Mobile Xeon processors are not very mobile as they require larger
housings and generate lots of heat. IMO, the one attractive feature they
have for a Qubes user is parity ECC RAM support which is more resistant
to rowhammer-type attacks.
Finally, remember that Qubes 4.0 will have additional hardware
requirements that most Qubes 3.x laptops supposedly already support, but
its generally untested. This is the main reason why I wouldn't spend a
lot on a Qubes laptop until R4 comes out.
P.S.
I'm using the PGP-key stick, and USB-keypad-usb as my "extra
security-weapons" are there any other reliable open source hw-security
devices out there that you guys would recommend?
Would it be possible to add say some biometric security hardware and
then have the full disk encryption work in such a way that 3 way
authentication would be needed ?
It may be possible to setup 3 way auth with biometrics. You will find
that most/all business laptops that offer a TPM also include the
fingerprint reader.
Also, we have the software based full disk encryption, and also the HW
based OPAL full disk encryption, even though I trust the software
based one the most, I would still like to also maximize the security
of the samsung SED based one. Would it be possible to have 3-way
authentication for both, while having unique keys each?
What would be the best way to implement 3-way authentication? Most
people advise me on using the combined output of all 3 hw keys, maybe
even with some mechanism which unlocks a keyfile or something like
that. But to me these things sound like they are not really thought
trough; there has to be a better way to implement 3-way (or even 2
way) authentication, at-least for the software based FDE, and maybe
even for the samsung OPAL one , right ?
Also, what would you guys recommend me to use as encryption method?
LVM-LUKS won't let me encrypt the boot partition, and it wont really
allow me to use 2-way authentication aswell.
The default Qubes method (IIRC using the default LUKS cipher), combined
with AEM, is probably the best right now. But multi-factor is a slightly
different story.... possible with AEM but not yet implemented. Here is a
regular Linux example of 2FA with LUKS:
https://twitter.com/rootkovska/status/821298935834824704
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/4103c223-240f-aa45-8080-5393270f80b3%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
