Re: [qubes-users] Re: Two ways of "true" security.

[Oleg Artemiev]

Hi

On Sat, Feb 4, 2017 at 3:38 PM, Rusty Bird  wrote:
>> > I have successfully castrated ME firmware on 2 Haswell laptops so I'd go 
>> > for something more recent but well supported by Linux, reflash and put a 
>> > non-Intel network card for peace of mind.
>> Could you show the instructions and write here your chipset?
> He's probably referring to https://github.com/corna/me_cleaner
Thanks for link!

Is it possible to make unusable USB-JTAG bridge I've heared about in
modern computers w/ this utility?

I 'd be glad to get rid of intel independent chip abitilty to get
periferal  interface access w/o my pemission, especially network and
usb.

Interesting has anyone made such a surgery operation on asus n56vz w/o
bricking it?

-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6Oy9_uPVp0XwEpeREe_2Oz4UiY-os0SwwXwEf%2BQOxjA4g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Two ways of "true" security.

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

mr.l...@gmail.com:
> четверг, 2 февраля 2017 г., 17:33:46 UTC+5 пользователь Connor Page написал:
> > I have successfully castrated ME firmware on 2 Haswell laptops so I'd go 
> > for something more recent but well supported by Linux, reflash and put a 
> > non-Intel network card for peace of mind.
> 
> Could you show the instructions and write here your chipset?

He's probably referring to https://github.com/corna/me_cleaner

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJYlctFXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfKUUP/iV5kCJrQ24NqB/jGfegqmoI
8dpvkVx3uZALlHjuVYOJK8mMkBbeSsyd85/WigvI/rcvHmwN5+F5aPMiXovVBt0n
WSGFvJb/Mhyv7dkeItW8hn5QdXHbDqXhTDXifd83ZL0VL9JlNkaW/Zp+NwfYeINO
Yl5kH4/3hxviTEhumcjBD1CyqP1Vf+m42+6pJca+jxU/55ulImH+0sOvqAAm1Q8Z
a4z26qhbubXTDdFNYoE7NPZbXr4h3h0IVJX9221llxAHGvaALkaBwL2svRqWyEBU
bHau2msYc2fEjcY79YGA09Aw/NKK/ywPLMGpJlg/kSPWmvK3x4lkNswKafoHxTyd
RLLRTAKKAtXdc/qdZF2C9pSrmI6ikd1DVFRNgrAF4u0ZEdQdJlyBKHPw7bCHKSRq
hs703uIORu6N3dGiOZ5X4WnK1grv/8ZoksEXIbR46ncUFnBAN2jNBj8Nkgmh15wo
UOuumSUqlVQIBfxrr05aYhz0nEfqB4ZRK+ipfbloijioX/NUVp2CKnSOoTcpY+86
/SNFdN3/ux7IsSajS6MhD01Ibh7t9Yi0inDCYOP3A9XmQZRv6Tprz+0yikP+Ps5B
B+MxsSrNJ3evvCkLkCS02ntzIhYPMRUY0bG8FOIKjdXYM+f3QJj4LU+x/EknnTap
RkdeK6HKhXKXcRYpYlqU
=Eht6
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170204123829.GA2245%40mutt.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Two ways of "true" security.

[mr . liks]

I decided to look for information on AMD. And he found a much better version of 
the performance, which is suitable in general for all the requirements rel.4. 
Ruler Trinity processors. From https://libreboot.org/faq/#compatibility it does 
not support the PSP and therefore supports the RVI is the best option of all 
that there is to QUBES rel.4

Conclusion.
Maximum perfomance and safety for qubes rel.4 - AMD A10-5800K.
Maximum perfomance and safety for qubes rel.3 - nForce 790i + xeon e5472.
Other - is unsafe or too slow.

Your opinion?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ec9edc5-7b0f-46e3-b640-ae5e7ac7cc06%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Two ways of "true" security.

[mr . liks]

четверг, 2 февраля 2017 г., 17:33:46 UTC+5 пользователь Connor Page написал:
> I have successfully castrated ME firmware on 2 Haswell laptops so I'd go for 
> something more recent but well supported by Linux, reflash and put a 
> non-Intel network card for peace of mind.
> ideally a free BIOS would be desirable but that restricts the selection to 
> quite old generations of chips where another problem exists - they all have 
> errors that Intel either can't or won't fix...


Could you show the instructions and write here your chipset?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5af1ae23-1fa0-4b3f-b38f-5b7887ee2fd9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Two ways of "true" security.

[Connor Page]

I have successfully castrated ME firmware on 2 Haswell laptops so I'd go for 
something more recent but well supported by Linux, reflash and put a non-Intel 
network card for peace of mind.
ideally a free BIOS would be desirable but that restricts the selection to 
quite old generations of chips where another problem exists - they all have 
errors that Intel either can't or won't fix...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77afe505-4ff9-4e1b-a19c-5413329ee550%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Two ways of "true" security.

[Tim W]

On Thursday, February 2, 2017 at 5:07:08 AM UTC-5, mr@gmail.com wrote:
> This text was written using Google translate.
> As we know, there are two potentially dangerous technology Hardware Trojan: 
> Intel ME and AMD PSP
> I have not seen AMD, so I decided to make the maximum performance and 
> security system based on intel. First, I began to choose the chipset. After 
> reading about the technology intel amt my choice fell on the p965 and n790i. 
> I needed a chipset meets the following conditions:
> 1). No intel amt.
> 2). maximum capacity
> 3) not less than FSB 1333 for the installation of fast xeon
> 4). DDR3
> 
> The chipsets p965 not natively support 1333 FSB CPUs, but there is a 
> development from the company gigabyte allowing the use of this frequency on 
> these chipsets. This is possible on the board (the last revision ONLY):
> GA-965P-DQ6;
> GA-965P-DS4;
> GA-965P-DS3P;
> GA-965P-DS3;
> GA-965P-S3.
> Unfortunately, these boards do not support DDR3.
> 
> But the chipset nForce 790i decide my problems! 1600 MHz FSB, DDR3 2000 MHz! 
> Ideally! Plus, the Intel Xeon E5472 support.
> It seemed, would have found a solution ... But there is no support EPT, and 
> VT-d, required for qubes rel.4.
> 
> Based on the above, there are two ways:
> 1). Use Qubes Release 4.x, and be subject to the influence of Hardware Trojan 
> Intel (AMD?).
> 2). Use Qubes Release 3.x and be subject to the influence of XSA 148 types of 
> errors.
> 
> Which path to choose?

There are bios hardware flash that will disable/uninstall all but 2 packages of 
Intel ME IIRC removing 5 packages.  This is so far the best I have seen for 
getting as close as we can with limiting what amounts to a intel low level OS 
which tech has the power to circumvent anything we do at the user OS level.  No 
longer does the baremetal term apply as it use to in the past.  The CPU and 
chipset manf as wanting and taking more and more control away from the primary 
OS thus locking us down more and more and increasing their control of the 
entire PC.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9532583e-c2ee-4703-8212-b1965c687249%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.