On 12/17/2017 03:23 PM, 'Chris' via qubes-users wrote:
It seems as if Qubes OS is useless in protecting against hardware
access. Even with TPM, I am not sure how realistic it is. Will AEM be
triggered when changing USB controllers or adding hostile USB devices to
the one whilelisted controller that manages the AEM device? If not, what
is the point of AEM? How is AEM any better than simply putting the
bootloader on a separate disk? Okay, it gives a bit better piece of mind
that really MY bootloader was used, but that is about it, right? It
won't help against someone adding compromised devices to a PCI-E slot or
USB?!
Any links or help here? Btw, its really hard to find any useful
information via Google about most topics regarding Qubes OS. Is Qubes OS
somehow downranked intentionally?
Welcome to Qubes, circa 2012. :)
If you dig into old listgroup posts, you'll see this topic covered over
and over again. Much of the discussion is based-on or references
Joanna's (@rootkovska) blog posts:
https://blog.invisiblethings.org/index.html
TL;dr - AEM protects you only within a margin where an attacker (e.g.
Evil Maid) isn't terribly skilled and has only a brief window of time to
attack. Beyond that, we are *still* talking about physical access here.
Another data point is the HCL. If you look for entries by "Qubes core
developers" you should notice all of those systems are Laptops! Qubes is
rather laptop-centric because they are more integrated and more
difficult to subvert in a piecemeal fashion. IIRC Joanna has recommended
PC laptops as preferable because of keyboards that are not only
integrated, but also PS/2 (non-USB).
Add to that a sprinkling of discussion about making motherboards more
tamper-evident.
So there is a certain level of pragmatism when it comes to physical
security. The fact that Qubes was released for PC hardware should not be
taken as a sign that the Qubes community regards current PC architecture
as having very good security. Qubes tries to make the best out of a bad
situation, and even the core devs want better-designed hardware.
Finally, there is the notion that if someone is resourceful enough to
trick your TPM, then "you probably have bigger problems than PC security
anyway". Its sort of an infosec cop-out, but there's some truth to it.
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d31014d4-94a5-222f-7489-c98e274a05f5%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
