On 11/30/2016 08:09 AM, Swâmi Petaramesh wrote:
Hello,I use Qubes 3.2 (recent, default installation) with anti-evil-maid on HP ProBook 6470b. Anti-evil-maid is installed to HD /boot per instructions, TPM is protected by a password, and I use a "secret" image instead of text. So far everything seemed to work. However this morning I had a Xen upgrade in dom0, and, as documented, I was expecting it to break my AEM secret image display at next reboot. So after upgrading Xen in dom0 I rebooted the system and... nothing special hapenned. AEM displayed my "secret" image as usual, without any unusual behaviour or warning whatsoever. So I wonder : Is AEM actually working on my system ?
Apparently not.I made the same experience in the past and couldn't identify the root cause neither (I tested most of the stuff mentioned before).
My old thread: https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-users/xNIiSyJQD0E#!topic/qubes-users/xNIiSyJQD0E https://sourceforge.net/p/trousers/mailman/message/34257631/I'm also not sure about whether or not to trust the Chinese no-name manufacturer... Maybe the TPM just reports everything as valid? At least sounds like a simple implementation that doesn't get noticed 99% of the time.
But if you find anything I'd be interested.In total I'd though say that physical security is a _much better_ counter-measure than TPM usage for AEM scenarios (as long as you're using Qubes and not some monolithic OS). So what about a locked case for your laptop, maybe even with some noisy alarm if not opened correctly? ;-)
Or just always carry it with you...Also helps against hardware attacks. Okay they can still knock you out, but if it has gone that far, you'll have some different problems anyway.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/355b31a0-c677-d3f6-a42c-34cd16855148%40hackingthe.net. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature