On 11/13/2016 08:36 PM, Eric wrote:
On Sunday, November 13, 2016 at 5:01:59 PM UTC-8, entr0py wrote:
Just bought a laptop with a Skylake processor for running Qubes, and from
looking around on Intel's website it appears that no Skylake Core-branded
processors support Intel TXT. Any point in running Anti-Evil-Maid at this
point? Can I use a YubiKey to store hashes of the xen/initramfs and use that
for AEM? (probably not, since it's a USB device?)
I was just looking around for information on AMT/ME a minute ago. It appears
that some Skylake Core i5/i7's do support TXT. (On their website, TXT might
fall under the umbrella of vPro.)
Yes, I misspoke. It appears that the processor/chipset on the computer I
purchased does not have/support vPro or TXT (though Intel ME is apparently
disabled, which is a win, I guess?). So hard to find something that checks all
the boxes for me. My threat model currently doesn't include Evil Maids, so I'm
probably ok. Shame, though. Hopefully it doesn't close the door on Qubes 4
compatibility. (It does have SLAT and VT-(d/x).
I hate to point this out now, but AEM is kind of a misnomer. It can
alert you to tampering from *either* physical or remote attacks. So
anyone who wants to guard against a remote exploit that can also priv
escalate against Xen--and from there possibly infect firmware or boot
device--would benefit from using AEM.
When I last shopped around, I was under the impression that TXT was tied
to AMT/ME/Vpro as a package.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.