On Tuesday, August 29, 2017 at 11:38:59 AM UTC-4, Patrik Hagara wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 08/29/2017 04:50 PM, [email protected] wrote: > > Leo Gaspard, > > > > I have read about AEM but have never used it, it seems like it is > > geared towards protecting from USB's with malicious firmware on > > them. > > > > Does AEM actually verify the integrity of /boot before using? This > > is what I am looking for, either a method of encrypting /boot or > > even better, a secure method to verify its integrity during boot > > > > AEM does verify the integrity of /boot using the TPM seal/unseal > operation. If any of the boot components change, AEM falls back to > regular, unmeasured boot -- the user is expected to notice this and > cease using the potentially-compromised system (the lack of explicit > indication of failed AEM boot is deliberate, see the last FAQ item at > [1]). > > The security provided by AEM is much more stronger than encrypted > /boot could ever offer, because as already pointed out, there is > always a little first-stage bootloader stub on the disk unencrypted > and it would be easy to overwrite it with a malicious version that > would intercept the encryption passphrase and exfiltrate it using eg. > unused disk sectors. > > If someone did the above with AEM, the TPM would refuse to useal the > AEM secret as the platform state would be different. > > The feature protecting dom0 from malicious USB devices [2] serves a > different purpose and is not related to AEM. Plus, you always need to > disconnect all untrusted USB devices while rebooting Qubes, regardless > of whether you have USB qube set up or not. > > > Cheers, > Patrik > > > [1] https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html > [2] https://www.qubes-os.org/doc/usb/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJZpYp/AAoJEFwecd8DH5rlYLsP/iV4ZHkYPAzWp8aNHMXaZ4sc > 1yZaYE4v2jvdnVdOV2Y7Rxny+4wKAhv3W/XDgW+PDc5HkM41+OyA516/rzapZk/t > /Qa3og/ciZwT0DTMaB31mJ+1mj6IYyPfxOk0tKfK8zNp6UwzlNPrE0mhkT8nTt32 > M85Bcju5ighXVPyMD8c1v+y6eRLrFTPN9tsfMTH/PUOP/ogPjNbLByz/W3zAoVyO > CvylzRiJM2XfGDdYrAF1qcOQi3bkgxiL29Wy3C8fDbfkBcDMz3Br7NOpYtZSpetH > umpEp0RcRybmlXszp2i2GItzRCIdPNAd1QtWCK6lT41CbiNlm+QHwd9Z3mzWZgRN > JaikqWN6haLRORZO5r+vhFb5mRrV5y9uWblXFPQrsgkkUCM7UtmK9jfnFqFSQbO2 > yP6ork3mUuGzHZzt7oc2PfpjYE55CU/wxM6C10QErZvA0+eDYzhkx+Rh/Eaoporz > Ad2zF0G0BBUjJ0mt4HPpomL5fTAZoZnoqEFK1Xe7m7VYDklINIgVGYjhi4Ektbma > VSW6PfXTUs9Be816pxFSCg9n8GlU0fsdp/1xFitRWCUv69aV7jFs+YsCn+XhuZzF > vjqLp97hDDElv8Gzd5/R/tuQmmdmvXmJN3olp++mnjLCceIHq6JTlT3KTAgX/sFB > jKp0HqjSdwU7USBWIo7B > =nrKy > -----END PGP SIGNATURE-----
my problem is unfortunately i can't keep buying new pc's. SO maybe its all for naught for me.. Also AEM does not seem as reliable as secureboot. Alot of issues on threads with some people. It seems complicated. even false alarms. But I really do think they are supposed to compliment each other. trusted boot and measured boot yes? AEM definitely comes in handy for people who would find it nescessary to buy new equipment. But I would still want an encrypted boot, if I was going to use aem, and key on a external usb disk, which unfortunately means I could not use a sys-usb. Am I wrong about this? Does this change in 4.0? So this is where the what fits into you "security model" What are you more concered about. I assumed we had to choose between aem vs sys-usb? For people travelling with laptops in strange places where physical compromise is more likely aem is a good option. Some people would prolly not just buy a new laptop but know when to destroy theirs too lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5148d2df-885a-4484-862f-93b679fc81b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
