On Tuesday, September 27, 2016 at 10:31:42 PM UTC-4, johny...@sigaint.org wrote: > > You can get a motherboard that has a removable bios chip that you can just > > snap in to replace, Then call the company and have them send you one or > > two to hold onto for emergency lol. There is also mobos with dualbios, > > most ly this is for bringing a bricked board back to life. > > I actually have one of those motherboards here. It sounded like a very > kick-ass feature, the double-bios to restore in case of problems. And the > board has 8 SATA, a dozen USB, some serious video and audio capabilities, > 32g memory capabilities, IOMMU, etc. > > But it was given to me out of the blue right after I retired a > dodgy/compromised machine, so I'm a little wary. A shame, because it's > one hell of a motherboard. > > I might fire it up with Qubes in a non-critical/non-trusted manner. (Or > set it up in a Windows machine, sell it, and buy a known secure > motherboard. :) ) > > > Also don't forget malware can reside in other firmware also. SO that > > means all pci devices, like gpu, netcard. etc... most experts will > > tell you just to replace everything to be sure if you think you are > > compromised at that level and its important. > > Would you say a motherboard that integrates a lot of that (with the dual > recovery BIOS) would be less prone to compromise (or at least easier to > restore from compromise) than a machine that separate PCI cards providing > that sound/video/net? > > Presumably, if you can trust the vendor and its BIOS, one flashing of the > BIOS (or recovery from the backup) should restore you to a state that > could be trusted. A lot easier than doing the same (if even possible) for > the net/sound/video add-on cards, no? > > Or would it be easier for a threat actor to attack a specific motherboard > and its integrated peripherals, rather than a random set of add-on cards? > > JJ
I'm not sure if whether its integrated matters to how prone to compromise it is. I would imagine being able to replace a component you think compromised is better then not being able to, for example replacing gpu or netcard you think is compromised. But I don't know of many boards that dont' have some pci devices integrated so we probably have no choice. Again, only way to be 100% is probably to replace the whole system. With a laptop it would be more necessary probably. Regarding attacking a specific motherboard or firmware, imo, this would all fall under that category of targeted attack. I think it is still very rare nowadays for some random or automated attack to infect your firmwares and bios. At least I hope it is lmao. Especially on a custom machine. But on the same token it is less rare nowadays for someone to be personally targeted by a persistent actor with lots of resources. So I guess it all depends on how paranoid you are and how much you are willing to spend. IMO I don't think there is much any of us can do against a very persistent attacker, especially if its the government. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/698014d4-ef40-43e6-ab74-bf3dc6c3996b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.