On 6 April 2018 at 15:05, Holger Levsen <hol...@layer-acht.org> wrote:

> On Fri, Apr 06, 2018 at 09:22:52AM +0000, 799 wrote:
> > As mentioned I have also drafted a how-to to setup Coreboot on a X230,
> > including building the pi, flashrom and extracting Blobs.
> out of curiosity: does resume work reliably for you? For me it didnt
> with coreboot (and the free VGA bios) but it does with legacy bios...

as described in the howto I have extracted the vga.rom from my own
I can use resume and the laptop reconnects its network adapters as soon as
it wakes up.
So far no issues at all.

I've run into one problem when I tried to start my AppVMs after flashing

Some VMs where unable to boot (sys-net and also some other AppVMs),
Error message:
Get the message PCI device <qubes.ext.pci.PCIDevice object at 0xblablabla>
does not exist

Following the suggestions mentioned here and removing some devices which
doesn't make sense.

qvm-pci ls <APPVM>
qvm-pci detach <APPVM> <DEVICE>

I had to open Qubes Settings for the sys-net VM to assign the Wifi Network
controller back to the VM.
It got lost after flasing coreboot.

> The coreboot config I have used is here:
> > https://github.com/Qubes-Community/Contents/blob/
> master/docs/coreboot/x230-configfile
> thanks, depending on your answer to the above question I probably
> compare yours with mine ;)

Can you share your config file?
I am sure that there is room for improvement in my config.

> > I wrote the how-to as I need to look at several places to get everything
> > together for example how to extract Blobs, how to merge two bios files
> into
> > one etc.
> > It seems to me that if I run Coreboot with grub + encrypted boot, there
> is
> > no need to run anti evil maid, as the boot partition can't be messed
> with.
> > Is this correct?
> mostly. The boot partition cannot be messed up but the components of
> your computer can be changed (eg a keyboard controller recording your
> keystrokes) and anti-evil-maid is designed to also detect those attacks.
> However these attacks are also much more sophisticated and require more
> time and are harder to do that just replacing a kernel image on an
> unencrypted boot partition.

Ok, I have not yet understand all the pieces of anti evil maid and of
course you are right that replacing my keyboard with a keyboard which has a
keylogger installed will make my system reasonable unsecure.
On the other hand, I don't think that I am a high profile target and if
this would change, I guess there are much easier ways to get the
https://en.wikipedia.org/wiki/Enhanced_interrogation_techniques ... :-o


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to