On Tuesday, August 29, 2017 at 12:25:51 PM UTC-4, cooloutac wrote: > On Tuesday, August 29, 2017 at 11:38:59 AM UTC-4, Patrik Hagara wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > On 08/29/2017 04:50 PM, [email protected] wrote: > > > Leo Gaspard, > > > > > > I have read about AEM but have never used it, it seems like it is > > > geared towards protecting from USB's with malicious firmware on > > > them. > > > > > > Does AEM actually verify the integrity of /boot before using? This > > > is what I am looking for, either a method of encrypting /boot or > > > even better, a secure method to verify its integrity during boot > > > > > > > AEM does verify the integrity of /boot using the TPM seal/unseal > > operation. If any of the boot components change, AEM falls back to > > regular, unmeasured boot -- the user is expected to notice this and > > cease using the potentially-compromised system (the lack of explicit > > indication of failed AEM boot is deliberate, see the last FAQ item at > > [1]). > > > > The security provided by AEM is much more stronger than encrypted > > /boot could ever offer, because as already pointed out, there is > > always a little first-stage bootloader stub on the disk unencrypted > > and it would be easy to overwrite it with a malicious version that > > would intercept the encryption passphrase and exfiltrate it using eg. > > unused disk sectors. > > > > If someone did the above with AEM, the TPM would refuse to useal the > > AEM secret as the platform state would be different. > > > > The feature protecting dom0 from malicious USB devices [2] serves a > > different purpose and is not related to AEM. Plus, you always need to > > disconnect all untrusted USB devices while rebooting Qubes, regardless > > of whether you have USB qube set up or not. > > > > > > Cheers, > > Patrik > > > > > > [1] https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html > > [2] https://www.qubes-os.org/doc/usb/ > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2 > > > > iQIcBAEBCAAGBQJZpYp/AAoJEFwecd8DH5rlYLsP/iV4ZHkYPAzWp8aNHMXaZ4sc > > 1yZaYE4v2jvdnVdOV2Y7Rxny+4wKAhv3W/XDgW+PDc5HkM41+OyA516/rzapZk/t > > /Qa3og/ciZwT0DTMaB31mJ+1mj6IYyPfxOk0tKfK8zNp6UwzlNPrE0mhkT8nTt32 > > M85Bcju5ighXVPyMD8c1v+y6eRLrFTPN9tsfMTH/PUOP/ogPjNbLByz/W3zAoVyO > > CvylzRiJM2XfGDdYrAF1qcOQi3bkgxiL29Wy3C8fDbfkBcDMz3Br7NOpYtZSpetH > > umpEp0RcRybmlXszp2i2GItzRCIdPNAd1QtWCK6lT41CbiNlm+QHwd9Z3mzWZgRN > > JaikqWN6haLRORZO5r+vhFb5mRrV5y9uWblXFPQrsgkkUCM7UtmK9jfnFqFSQbO2 > > yP6ork3mUuGzHZzt7oc2PfpjYE55CU/wxM6C10QErZvA0+eDYzhkx+Rh/Eaoporz > > Ad2zF0G0BBUjJ0mt4HPpomL5fTAZoZnoqEFK1Xe7m7VYDklINIgVGYjhi4Ektbma > > VSW6PfXTUs9Be816pxFSCg9n8GlU0fsdp/1xFitRWCUv69aV7jFs+YsCn+XhuZzF > > vjqLp97hDDElv8Gzd5/R/tuQmmdmvXmJN3olp++mnjLCceIHq6JTlT3KTAgX/sFB > > jKp0HqjSdwU7USBWIo7B > > =nrKy > > -----END PGP SIGNATURE----- > > my problem is unfortunately i can't keep buying new pc's. SO maybe its all > for naught for me.. Also AEM does not seem as reliable as secureboot. Alot of > issues on threads with some people. It seems complicated. even false alarms. > But I really do think they are supposed to compliment each other. trusted > boot and measured boot yes? AEM definitely comes in handy for people who > would find it nescessary to buy new equipment. > > But I would still want an encrypted boot, if I was going to use aem, and key > on a external usb disk, which unfortunately means I could not use a sys-usb. > Am I wrong about this? Does this change in 4.0? > > So this is where the what fits into you "security model" What are you more > concered about. I assumed we had to choose between aem vs sys-usb? For > people travelling with laptops in strange places where physical compromise is > more likely aem is a good option. Some people would prolly not just buy a > new laptop but know when to destroy theirs too lol.
Doesn't everyone destroy hdd's and phones when they bricked our outdated and you done with them like Hillary? I always tell myself i'm going to and just have them stacked in a box, cause nothing really that sensitive on there. But I feel it should be good common practice. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b5421ba2-b301-4851-87f0-4e5ca698c8bf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
