On 04/09/2019 08:53 AM, unman wrote: > On Mon, Apr 08, 2019 at 02:32:04PM -0400, [email protected] wrote: >> On 02/25/2019 04:02 PM, John Mitchell wrote: >>> If I may ask what OS do you use for the host? >>> >> >> Devuan, it is debian without systemd. >> >> I compile most of the related packages though like libvirtd, qemu etc >> cause the ones from the distro are way too outdated to support what I need. >> >> You should get a new non-gmail email btw. >> > > Do you run Qubes? Of course.
> On what hardware? > * Lenovo X220 with coreboot * KCMA-D8 with Opteron 4284 cpu and coreboot-libre. I have a bunch of computers so much that I need a server rack soon :D On 04/10/2019 03:13 PM, [email protected] wrote: > To be concrete and transparent, the mobo with PS/2 is a Gigabyte X299 >Designare ex with four USB controllers and a header for a hardware TPM, >which I’ve populated. >The other mobo is an ASUS X299 Prime Deluxe II >with no PS/2, five USB controllers and only supports a firmware TPM. >Both are fantastic boards, They are propriatary with ME and no libre firmware so I wouldn't put them in the great board area. > but one is going back. If isolating USB kb and mouse to one controller >that dom0 has exclusive access to is actually more secure than native >PS/2 then I would lean > toward keeping the ASUS and do without TPM. > TPM's are proprietary black boxes and to my consideration pointless it would be better to do your own code signing deal with coreboot and grub signing your owner kernels and having a write-locked flash chip load grub which loads your signed kernels only, you would then lock the computer case with a high security lock. I also suggest using keyboard and pointing device without re-writable firmware, to my knowledge only the (usa made!) Unicomp keyboards fit that bill and they have ones with pointing devices both a trackball and a laptop style trackpoint. Anyone who thinks that chinese made and usa made electronics are equal on a security footing is naive, china gets caught implanting backdoors in hardware all the time whereas to my knowledge with US made hardware that has never happened and here you can say no without getting put in prison. RaptorCS/RaptorEngineering was doing some cool work with an open foss us made security product like a TPM called FlexVER if anyone is interested in an alternative, no idea when it will be released though and it will probably only work on the OpenPOWER stuff. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7962b1c-f32d-19ae-df81-705866c68973%40gmx.com. For more options, visit https://groups.google.com/d/optout.
