taii...@gmx.com: > Ideally you would want a blob free coreboot system with no Intel ME or AMD > PSP type backdoors. > https://www.coreboot.org/Binary_situation > Intel is actively trying to nerf free software with Boot Guard/ME, if you buy > a computer with those features it isn't really your computer. > > A backdoor in a modem is irrelevant, it is post WAN and should be considered > part of the "internet". >
Right, I've always followed the advice to secure each pc as if it were connected directly to the internet and not to rely on the router for any security. But now I'm interested in actually building a secure router. One reason is what you mentioned regarding Intel ME. Since Qubes 4.0 will require VT-d (and unavoidably Intel ME) and the fact that it's cool to use new hardware, I'd like to place a physical barrier to block ME signals. I had always imagined repurposing a Qubes PC to serve as a router, especially because of the flexibility it has with chaining and branching multiple transparent proxy VMs. But obviously now, it doesn't make any sense to use an ME equipped machine as a router. So if I had a budget (for argument's sake) of $2000 to build a secure router for 10-15 clients in a small business environment where maximum throughput is not really an issue, what would you all advise? A libreboot machine? but then what kind of OS could it run that could meaningfully isolate sys-net and provide similar routing capabilities? TIA. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/651811bc-0423-bae3-5949-7ae67d781fb8%40gmail.com. For more options, visit https://groups.google.com/d/optout.