On 09/16/2018 02:51 AM, 'awokd' via qubes-users wrote: > On Sat, September 15, 2018 10:30 am, [email protected] wrote: >> Hi, during my email conversation with the Todd Weaver
That liar comes out of nowhere with his super slick marketing and sets the computing freedom movement back 10 years. At first I thought it was just being naive but now as he persists it seems more like malice. puri.junk does NOT respect you, it is fully blobbed and the ME is not at all disabled. Todd weaver is a lying fraudster. >> in the >> pre-IME-disabled time, he told me they will fully disable the IME and AMT >> within next week. After about a week they announced they did just that. >> Are this links a lie? >> https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-compu >> ter/ >> <https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-com >> puter/> >> https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-mana >> gement-engine/ >> <https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-man >> agement-engine/> > > "Lie" depends on your definition of "completely". Skylake onwards > processors can have much of ME disabled. I believe Purism with Heads and a > handful of other manufacturers are using the technique here: > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html, but as you can > see there are still some modules required for initialization before the > HAP bit takes effect and skips the remainder. Additionally, there is an > FSP blob needed for init. Currently shipping AMD CPUs are no better. Skylake kernel still runs, that is not disabled and there is more than enough ability to play dirty tricks like SMM rootkits or what not. HAP is asking politely. > >> Talking about alternatives: how the Qubes 4.0 stand with RYF certified >> X200? Like for example this one: https://tehnoetic.com/laptops/tet-x200s >> <https://tehnoetic.com/laptops/tet-x200s> and others like T400 and T500, >> which can be found there as well. Working well? Any issues known? Thank >> you > > At present, RYF has not certified any laptops with hardware capable of > running Qubes 4.0, but there are a couple older AMDs that can. A scale of > hardware openness/owner control from most to least would be something > like: > > 10: OpenPOWER, RYF certified x86 with all blobs replaced- Qubes 4.0 can't > run on either Since you mention power and there aren't currently any laptops do you mean laptops or desktops? In terms of desktops there are a variety that qubes 4.0 can run on. The future is POWER for all... > 8: older AMD like A10-5750M- a couple blobs required but Qubes 4.0 works > on these and the rest listed > 6: pre-Skylake Intel with ME/HAP tweaks- a few more blobs and 2 ME modules > required > 4: Skylake+ Intel with ME/HAP tweaks, AMD Ryzen with PSP disabled in UEFI > config- more blobs and modules required That doesn't disable it! you are simply asking nicely for it to shut off and hoping that it does so. It is not at all equivilant to say pre-core intel systems where one really could disable it or even better one that doesn't have any black boxes like the talos. > 0: Intel/AMD x86 with no tweaks- most shipping volume today > > ARM (& possibly RISC) is a special case in that the integrator can decide > where on the scale they want to deliver their product, but neither support > Qubes 4.0. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c8670cee-80f5-1b08-0a82-8ffb60641867%40gmx.com. For more options, visit https://groups.google.com/d/optout.
