On 1/29/19 8:59 PM, Frank Beuth wrote:
Can someone explain the interaction between Anti Evil Maid/HEADS and the
Intel Management Engine to me?
I read an article which stated that disabling Intel ME also prevents
installing AEM (and related technologies), but I am not sure why (or if
this is really true). Is ME needed to access the TPM?
Someone correct me if I'm wrong... IIRC the ME processor is needed to
operate the TXT feature which verifies code present at boot. TXT
utilizes a TPM but is separate.
https://en.wikipedia.org/wiki/Trusted_Execution_Technology
Newer systems also have the TPM built into the CPU and I believe these
integrated TPMs also rely on ME to function.
-
Qubes is essentially based on the premise that you have to trust the CPU
manufacturer, but hopefully (someday) _only_ the CPU manufacturer. IOW,
reducing the number of trusted parties as much as possible. However,
many of us believe there needs to be progress beyond even this goal and
that fully open source CPUs should be used as the main component in PCs;
this would have the effect of bolstering trust and accountability.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/3a36c461-eae6-d00e-13d3-4b4f9467f6d2%40posteo.net.
For more options, visit https://groups.google.com/d/optout.