On Sat, September 15, 2018 10:30 am, qubes-...@tutanota.com wrote: > Hi, during my email conversation with the Todd Weaver in the > pre-IME-disabled time, he told me they will fully disable the IME and AMT > within next week. After about a week they announced they did just that. > Are this links a lie? > https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-compu > ter/ > <https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-com > puter/> > https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-mana > gement-engine/ > <https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-man > agement-engine/>
"Lie" depends on your definition of "completely". Skylake onwards processors can have much of ME disabled. I believe Purism with Heads and a handful of other manufacturers are using the technique here: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html, but as you can see there are still some modules required for initialization before the HAP bit takes effect and skips the remainder. Additionally, there is an FSP blob needed for init. Currently shipping AMD CPUs are no better. > Talking about alternatives: how the Qubes 4.0 stand with RYF certified > X200? Like for example this one: https://tehnoetic.com/laptops/tet-x200s > <https://tehnoetic.com/laptops/tet-x200s> and others like T400 and T500, > which can be found there as well. Working well? Any issues known? Thank > you At present, RYF has not certified any laptops with hardware capable of running Qubes 4.0, but there are a couple older AMDs that can. A scale of hardware openness/owner control from most to least would be something like: 10: OpenPOWER, RYF certified x86 with all blobs replaced- Qubes 4.0 can't run on either 8: older AMD like A10-5750M- a couple blobs required but Qubes 4.0 works on these and the rest listed 6: pre-Skylake Intel with ME/HAP tweaks- a few more blobs and 2 ME modules required 4: Skylake+ Intel with ME/HAP tweaks, AMD Ryzen with PSP disabled in UEFI config- more blobs and modules required 0: Intel/AMD x86 with no tweaks- most shipping volume today ARM (& possibly RISC) is a special case in that the integrator can decide where on the scale they want to deliver their product, but neither support Qubes 4.0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d1f1f0e208a53b0c585d8808a1b9cfc6.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
