taii...@gmx.com:
> Ideally you would want a blob free coreboot system with no Intel ME or AMD 
> PSP type backdoors.
> https://www.coreboot.org/Binary_situation
> Intel is actively trying to nerf free software with Boot Guard/ME, if you buy 
> a computer with those features it isn't really your computer.
> 
> A backdoor in a modem is irrelevant, it is post WAN and should be considered 
> part of the "internet".
> 

Right, I've always followed the advice to secure each pc as if it were 
connected directly to the internet and not to rely on the router for any 
security.

But now I'm interested in actually building a secure router. One reason is what 
you mentioned regarding Intel ME. Since Qubes 4.0 will require VT-d (and 
unavoidably Intel ME) and the fact that it's cool to use new hardware, I'd like 
to place a physical barrier to block ME signals.

I had always imagined repurposing a Qubes PC to serve as a router, especially 
because of the flexibility it has with chaining and branching multiple 
transparent proxy VMs. But obviously now, it doesn't make any sense to use an 
ME equipped machine as a router.

So if I had a budget (for argument's sake) of $2000 to build a secure router 
for 10-15 clients in a small business environment where maximum throughput is 
not really an issue, what would you all advise? A libreboot machine? but then 
what kind of OS could it run that could meaningfully isolate sys-net and 
provide similar routing capabilities?

TIA.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/651811bc-0423-bae3-5949-7ae67d781fb8%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to