Re: [qubes-users] Re: Two ways of "true" security.
Hi On Sat, Feb 4, 2017 at 3:38 PM, Rusty Birdwrote: >> > I have successfully castrated ME firmware on 2 Haswell laptops so I'd go >> > for something more recent but well supported by Linux, reflash and put a >> > non-Intel network card for peace of mind. >> Could you show the instructions and write here your chipset? > He's probably referring to https://github.com/corna/me_cleaner Thanks for link! Is it possible to make unusable USB-JTAG bridge I've heared about in modern computers w/ this utility? I 'd be glad to get rid of intel independent chip abitilty to get periferal interface access w/o my pemission, especially network and usb. Interesting has anyone made such a surgery operation on asus n56vz w/o bricking it? -- Bye.Olli. gpg --search-keys grey_olli , use key w/ fingerprint below: Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6Oy9_uPVp0XwEpeREe_2Oz4UiY-os0SwwXwEf%2BQOxjA4g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Two ways of "true" security.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 mr.l...@gmail.com: > четверг, 2 февраля 2017 г., 17:33:46 UTC+5 пользователь Connor Page написал: > > I have successfully castrated ME firmware on 2 Haswell laptops so I'd go > > for something more recent but well supported by Linux, reflash and put a > > non-Intel network card for peace of mind. > > Could you show the instructions and write here your chipset? He's probably referring to https://github.com/corna/me_cleaner Rusty -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJYlctFXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0 NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfKUUP/iV5kCJrQ24NqB/jGfegqmoI 8dpvkVx3uZALlHjuVYOJK8mMkBbeSsyd85/WigvI/rcvHmwN5+F5aPMiXovVBt0n WSGFvJb/Mhyv7dkeItW8hn5QdXHbDqXhTDXifd83ZL0VL9JlNkaW/Zp+NwfYeINO Yl5kH4/3hxviTEhumcjBD1CyqP1Vf+m42+6pJca+jxU/55ulImH+0sOvqAAm1Q8Z a4z26qhbubXTDdFNYoE7NPZbXr4h3h0IVJX9221llxAHGvaALkaBwL2svRqWyEBU bHau2msYc2fEjcY79YGA09Aw/NKK/ywPLMGpJlg/kSPWmvK3x4lkNswKafoHxTyd RLLRTAKKAtXdc/qdZF2C9pSrmI6ikd1DVFRNgrAF4u0ZEdQdJlyBKHPw7bCHKSRq hs703uIORu6N3dGiOZ5X4WnK1grv/8ZoksEXIbR46ncUFnBAN2jNBj8Nkgmh15wo UOuumSUqlVQIBfxrr05aYhz0nEfqB4ZRK+ipfbloijioX/NUVp2CKnSOoTcpY+86 /SNFdN3/ux7IsSajS6MhD01Ibh7t9Yi0inDCYOP3A9XmQZRv6Tprz+0yikP+Ps5B B+MxsSrNJ3evvCkLkCS02ntzIhYPMRUY0bG8FOIKjdXYM+f3QJj4LU+x/EknnTap RkdeK6HKhXKXcRYpYlqU =Eht6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170204123829.GA2245%40mutt. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Two ways of "true" security.
I decided to look for information on AMD. And he found a much better version of the performance, which is suitable in general for all the requirements rel.4. Ruler Trinity processors. From https://libreboot.org/faq/#compatibility it does not support the PSP and therefore supports the RVI is the best option of all that there is to QUBES rel.4 Conclusion. Maximum perfomance and safety for qubes rel.4 - AMD A10-5800K. Maximum perfomance and safety for qubes rel.3 - nForce 790i + xeon e5472. Other - is unsafe or too slow. Your opinion? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ec9edc5-7b0f-46e3-b640-ae5e7ac7cc06%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Two ways of "true" security.
четверг, 2 февраля 2017 г., 17:33:46 UTC+5 пользователь Connor Page написал: > I have successfully castrated ME firmware on 2 Haswell laptops so I'd go for > something more recent but well supported by Linux, reflash and put a > non-Intel network card for peace of mind. > ideally a free BIOS would be desirable but that restricts the selection to > quite old generations of chips where another problem exists - they all have > errors that Intel either can't or won't fix... Could you show the instructions and write here your chipset? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5af1ae23-1fa0-4b3f-b38f-5b7887ee2fd9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Two ways of "true" security.
I have successfully castrated ME firmware on 2 Haswell laptops so I'd go for something more recent but well supported by Linux, reflash and put a non-Intel network card for peace of mind. ideally a free BIOS would be desirable but that restricts the selection to quite old generations of chips where another problem exists - they all have errors that Intel either can't or won't fix... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77afe505-4ff9-4e1b-a19c-5413329ee550%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Two ways of "true" security.
On Thursday, February 2, 2017 at 5:07:08 AM UTC-5, mr@gmail.com wrote: > This text was written using Google translate. > As we know, there are two potentially dangerous technology Hardware Trojan: > Intel ME and AMD PSP > I have not seen AMD, so I decided to make the maximum performance and > security system based on intel. First, I began to choose the chipset. After > reading about the technology intel amt my choice fell on the p965 and n790i. > I needed a chipset meets the following conditions: > 1). No intel amt. > 2). maximum capacity > 3) not less than FSB 1333 for the installation of fast xeon > 4). DDR3 > > The chipsets p965 not natively support 1333 FSB CPUs, but there is a > development from the company gigabyte allowing the use of this frequency on > these chipsets. This is possible on the board (the last revision ONLY): > GA-965P-DQ6; > GA-965P-DS4; > GA-965P-DS3P; > GA-965P-DS3; > GA-965P-S3. > Unfortunately, these boards do not support DDR3. > > But the chipset nForce 790i decide my problems! 1600 MHz FSB, DDR3 2000 MHz! > Ideally! Plus, the Intel Xeon E5472 support. > It seemed, would have found a solution ... But there is no support EPT, and > VT-d, required for qubes rel.4. > > Based on the above, there are two ways: > 1). Use Qubes Release 4.x, and be subject to the influence of Hardware Trojan > Intel (AMD?). > 2). Use Qubes Release 3.x and be subject to the influence of XSA 148 types of > errors. > > Which path to choose? There are bios hardware flash that will disable/uninstall all but 2 packages of Intel ME IIRC removing 5 packages. This is so far the best I have seen for getting as close as we can with limiting what amounts to a intel low level OS which tech has the power to circumvent anything we do at the user OS level. No longer does the baremetal term apply as it use to in the past. The CPU and chipset manf as wanting and taking more and more control away from the primary OS thus locking us down more and more and increasing their control of the entire PC. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9532583e-c2ee-4703-8212-b1965c687249%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.