I have to say, while im happy to see people are actually trying to get a constructive discussion here, im missing facts, sources and numbers.
The only blob in an X230 which could be security relevant imo is the embedded controller. The EC will most likely be liberated in the near future, and even if it isnt, that is just no comparison to the amount of attack-surface and security-relevance of the blobs a Librem contains. But thats a personal opinion, there are some who consider stock-bios not a problem at all, because their threat-model does not contain such highly-skilled attacks or they trust the vendor. However, UEFI-exploits from non-state-actors have already been found in the wild, and will become a lot more common imo. Example: https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ About the Intel-ME: The other blob in an x230 is be the "ROMP/BUB"-module (which is the only part left from the Intel ME), roughly around ~90 kB after me-cleaner (~ 1.5 MB without), and, very important, the me is shut down before the kernel initializes. The Me-version Generation 3 like they are used in a Librem, however, are after applying ME-cleaner "rbe", "kernel" , "syslib" AND "bup" , and the minimum firmware-size is at best ~ 300 kb, and is not shut down at all. BTW, i feel like people overestimate the relevance of the Intel Managment Engine. THere is so much fake-news about the ME, its ridiculous. That being said, i personally would never use a device for sensitive stuff with ME-generation 3 ore higher, and certainly not one with a prop BIOS ore a significant amount of dangerous blobs.Again, these are personal choices, bashing without even providing any sources to fact-check for the reader wont help anybody. While i would love to have the option of buying a completely free Laptop directly from a vendor, i have serious doubts about how this would be possible with x86 architecture, and i wanst able to find any specific information on how pursim is planning to achieve that. Freeing a Librem isnt simply a matter of more work and development, without having Intels signing keys, it is flat-out technically impossible. And i would love to believe that Intel will provide Purism those keys, but given the fact that they didnt do it even for Google, i doubt it even more. Some more information on this matter would be really great, maybe im missing something? If any of these information are incorrect please tell me so, and most important, please provide sources. On 11/12/18 12:15 PM, unman wrote: > On Mon, Nov 12, 2018 at 09:58:25AM +0000, Holger Levsen wrote: >> On Sun, Nov 11, 2018 at 03:45:21PM +0000, unman wrote: >>> lenovo x230s are still widely available, and great for Qubes. >> while I agree with that, I want to point out that they contain several >> non free blobs which cannot be changed. >> >> just because there was so much purism bashing in this thread. :-D >> >> >> -- >> cheers, >> Holger, who is happy that his keyboard, memory and battery works > Try, but 22rip didnt have that as a criteria in his choices. Also, the > x230 keyboard,memory and battery all work. ;-) > -- Kind Regards Jonathan Seefelder CryptoGS IT-Security Solutions Hofmark 43b D-84564 Oberbergkirchen Phone: +49 8637-7505 Fax: +49 8637-7506 Mail: i...@cryptogs.de www.cryptogs.de -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a94c36f7-ecee-caa4-ba93-381acde1a6c0%40cryptogs.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature