Le lundi 22 juillet 2019 11:40:44 UTC-4, Chris Laprise a écrit : > > On 7/21/19 5:44 PM, Lorenzo Lamas wrote: > > Very nice to finally have a certified Qubes laptop! > > > > Personally, for me it would be nice if there was a more powerful > > alternative in the future. I'm currently using something with about the > > same resource power and I find myself often wishing I had something > > faster because Qubes is quite heavy compared to a standard OS. It would > > be great to have a quad core CPU(and a proper one, not one of those > > power-saving U line from Intel), 32GB RAM or more and a NVMe SSD instead > > of SATA. > > Also, there is the issue of the CPU being a 3rd gen Intel i CPU. Maybe > > this is specifically chosen because later CPU's are harder to get blob > > free, I don't know the details. However, Intel had quite a few side > > channel vulnerabilities over the past year, and this year they dropped > > microcode update support for 1st gen CPU's, so there is a pretty high > > chance they will drop 2nd gen support next year and 3rd gen support the > > year after that. > > There is even one statement from Intel out there that they've > tentatively already dropped support for 3rd gen (which is what the X230 > and its 'sister' the T430s uses). > I didn't find such statement. Would love to find confirming/infirming information for i7-3520M. Microcode updates were released for Windows: https://support.microsoft.com/en-us/help/4494451/kb4494451-intel-microcode-updates They do not seem to have been injected them in Intel repository, though: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
No idea if they are included in Fedora, to be applied by dom0 in QubesOS. > > The Lenovo G505s should be slightly more powerful than the X230, and its > AMD A10 processor is significantly less prone to attack. > > The only problems with it are that HEADS doesn't work (not a big > disadvantage, given how vulnerable X230's older TPM is), TPM was not vulnerable to weak RSA cert generation of 2017: https://web.archive.org/web/20190203222631/https://support.lenovo.com/us/en/product_security/len-15552 And since the TPM is used under Heads as one of the first modified instructions of Coreboot, I don't see how boot measurements could be impacted by S3 resume vulnerability of 2018: https://github.com/kkamagui/napper-for-tpm and to install > Qubes you need to flash it with a Coreboot config that requires you to > add an un-signed graphics driver (I think if enough people posted SHA256 > hashes of the driver it wouldn't be a big problem). > > It also accepts ECC RAM, which reduces the DDR3 side-channel > vulnerabilities somewhat. > For the side-channel attacks, I would love to see a PoC, since from my understanding, it is not possible to access other's qubes memory and those timing attacks are even weaker in virtualized environments: https://security.stackexchange.com/questions/127806/are-virtualized-environments-vulnerable-to-the-row-hammer-attack/130762 For the G505S: I can only redirect to the work needing to be done on that model to reduce size so it could support Librem Key and its external measurements without a TPM (the G505s doesn't have a TPM). After which GPG, cryptsetup-reencrypt and other tools can be injected in the ROM to support a trustworthy "root of trust" on which QubesOS can securely be preinstalled/used: https://github.com/osresearch/heads/issues/453#issuecomment-514652215 > > So the alternative to the 2012 laptop is the 2013 laptop. A bit > underwhelming. > > - > > The overall problem here is none of these open source OS projects are > true integrators or designers, not when it has anything to do with > hardware. The path to resolve this becomes clearer. We need open source hardware supported by QubesOS. ppc64 support is our best bet IMHO: https://github.com/QubesOS/qubes-issues/issues/4318 Meanwhile, actual best solutions needs to be upstreamed, and this is the path i've decided to take which got funded: https://github.com/osresearch/heads/issues/540 > This is why Qubes project will identify USB controller > isolation as a major issue, but then do nothing about it (note the X230 > is lacking a secondary USB controller). That was adressed by unman in a precedent answer. > They'll say Intel or X86 is > fundamentally insecure, but won't begin to describe what a good > alternative would look like at the component level; without that, > there's nothing into which the hardware people to sink their teeth or > even notice Qubes. > ppc64 laptops are in the pipeline by RaptorEngineering. Those will need virtualization support, IOMMU and Open Source Firmware. Better would be to have encrypted memory from each VM to leverage side-channel theoretical attack impacts. Best would be to completely externalize internal SPI flash or design an equivalent. Something that could be hacked on on already existing hardware, or designed from scratch. Interesting work by Trammel Hudson that can be transferred to this: https://github.com/osresearch/spispy There are funds available for such projects. NL, OpenTech funds. We only need to organize :) But you're right. I'm not a hardware designer. I cannot take that lead. But I think we should all collaborate on this to make it reality. Cheers, Thierry Laurion / Insurgo Open Technologies > > -- > > Chris Laprise, tas...@posteo.net <javascript:> > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > Le lundi 22 juillet 2019 11:40:44 UTC-4, Chris Laprise a écrit : > > On 7/21/19 5:44 PM, Lorenzo Lamas wrote: > > Very nice to finally have a certified Qubes laptop! > > > > Personally, for me it would be nice if there was a more powerful > > alternative in the future. I'm currently using something with about the > > same resource power and I find myself often wishing I had something > > faster because Qubes is quite heavy compared to a standard OS. It would > > be great to have a quad core CPU(and a proper one, not one of those > > power-saving U line from Intel), 32GB RAM or more and a NVMe SSD instead > > of SATA. > > Also, there is the issue of the CPU being a 3rd gen Intel i CPU. Maybe > > this is specifically chosen because later CPU's are harder to get blob > > free, I don't know the details. However, Intel had quite a few side > > channel vulnerabilities over the past year, and this year they dropped > > microcode update support for 1st gen CPU's, so there is a pretty high > > chance they will drop 2nd gen support next year and 3rd gen support the > > year after that. > > There is even one statement from Intel out there that they've > tentatively already dropped support for 3rd gen (which is what the X230 > and its 'sister' the T430s uses). > > The Lenovo G505s should be slightly more powerful than the X230, and its > AMD A10 processor is significantly less prone to attack. > > The only problems with it are that HEADS doesn't work (not a big > disadvantage, given how vulnerable X230's older TPM is), and to install > Qubes you need to flash it with a Coreboot config that requires you to > add an un-signed graphics driver (I think if enough people posted SHA256 > hashes of the driver it wouldn't be a big problem). > > It also accepts ECC RAM, which reduces the DDR3 side-channel > vulnerabilities somewhat. > > So the alternative to the 2012 laptop is the 2013 laptop. A bit > underwhelming. > > - > > The overall problem here is none of these open source OS projects are > true integrators or designers, not when it has anything to do with > hardware. This is why Qubes project will identify USB controller > isolation as a major issue, but then do nothing about it (note the X230 > is lacking a secondary USB controller). They'll say Intel or X86 is > fundamentally insecure, but won't begin to describe what a good > alternative would look like at the component level; without that, > there's nothing into which the hardware people to sink their teeth or > even notice Qubes. > > -- > > Chris Laprise, tas...@posteo.net <javascript:> > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/abacc82c-3463-4526-b754-2b1d78a41bd5%40googlegroups.com.
