Re: [qubes-users] vPro and Qubes
Some Intel processors have Intel TXT without vPro. https://ark.intel.com/products/93339/Intel-Core-i7-6785R-Processor-8M-Cache-up-to-3_90-GHz And the GitHub page also says "http://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html (Note that this article is somewhat outdated, e.g. AEM uses Intel TXT now.)" So, does AEM use Intel TXT, but not vPro? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa1f4277-9eee-426d-95e4-530cf1da279a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
I hope the authors of https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README would say something here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e62c470f-6541-4064-8217-37465c6bcc5e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
I hope the authors of https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2FQubesOS%2Fqubes-antievilmaid%2Fblob%2Fmaster%2Fanti-evil-maid%2FREADME&sa=D&sntz=1&usg=AFQjCNHdTSlMQuiFYmS9hEEQkF8C_fwjIQ would say something here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83140359-3706-465f-81d7-91e91e1d9cea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
vPro is a set of ME programs for insecure remote management (vs the secure owner controlled remote management of OpenBMC) but ME is always on, always capable of remote access and impossible to disable no matter what - possibly the best industrial espionage utility ever invented and not really your computer anymore. There are a variety of 4.0 compatible computers that are owner controlled without any black boxes what are you looking for/what are your needs? ADW: You can have a TPM without vPro so I suggest changing the manual to remove it, TXT is also a silly intel gimmick - a better solution is owner controlled hardware enforced code signing via coreboot grub (I refuse to endorse heads due to their stance on the purism fake libre frauds) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/681cbd69-f836-7b0b-88b4-cbd23c95bda8%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
On Tuesday, March 13, 2018 at 11:43:21 PM UTC+7, sevas wrote: > vPro = bad. > > That GitHub page does not recommend vPro. It states that AEM uses a feature > of vPro to detect if vPro software (BIOS) has been tampered with while you > were away. Then you can throw your computer in the trash when AEM throws up > a red flag. I searched 'vPro' on the GitHub page. It appears only in this sentence: "In short, AEM relies on TPM and a feature found in Intel's vPro CPUs (TXT) to detect tampering of various boot components." Does the author mean Intel TXT -- not vPro? So, it is a typo in the page? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89b1c0ef-d760-4a35-a936-ec99836bf565%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
vPro = bad. That GitHub page does not recommend vPro. It states that AEM uses a feature of vPro to detect if vPro software (BIOS) has been tampered with while you were away. Then you can throw your computer in the trash when AEM throws up a red flag. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/27270467-3407-4377-a18c-9c14b10cae74%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
On Saturday, November 19, 2016 at 5:47:33 PM UTC+7, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-11-16 00:03, nezna...@xy9ce.tk wrote: > > If i have intel processor with the vPro technology - should i afraid some > > "factory vulnerabilities" of that technology and some manipulation with my > > BIOS. Or security of Qubes is higher of that level? > > > > Short answer: Yes, but it's not just vPro you should be worried about. > > Long answer: > > Read this post: https://blog.invisiblethings.org/2015/10/27/x86_harmful.html > And this paper: https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJYMC29AAoJENtN07w5UDAwvLUP/idIreuywqbUlq8cnaAp7Fxe > I6+JqPxPDeuqtZ6vS/3P6k0OTqBBvsDGBoBJ+O4WdxiJ1yh4HlGVI+87LddIYrl1 > IGOTBKGCHOvZCQzxzMPPmJlKUJX+X81nhhJAKVqngjDcqT/eLlkOuPkemIIO0mYe > edCdm7jiDNeFzn+IwnAgp5lh25LS7lYwWkH4ri45oxux8IP4jwAT0JckaUH0FUU7 > qfTRcxgfdO3UTuKqzz7gBhXFtsTNAHEM/Kubm+4TF/qj2hETS1WKMLUBosNBTWGw > NSdlBUN+SjynGAO9bGUc2uHM2aYbV5b/Hn+o+hCgD7zKzKl7loJyFIe1BCG+z9mo > u2XL7mXdqZ/lOlrFJEZVFWoF0Mc4IrGWwPwfrMDLPIVBPskq2bIxFKO5I8aSaHFK > q2EmceF6eLXeIKOA5WWW3QODgsl4eO69EMi94FZ/bFh9epbtjfaWb0Oc3+prGgPx > tnOzR75+B+Vjvn8TPTiNDVXkD8kJfv0guVGkOo2KnDMBjYAHObNoh54wWQMrD8us > pZ8XsFUXdV66Bwimo8PV1pBo2kuoBSa9oJBSOS/AP0aDwIT3oeruYkiCnip6e8yC > SNJYOk357euBMUTpItH0oxNh8TSO6es+Fn7WQYibKksN0tPxWG7wYheHq0DFQ+oE > h0l6ahsujt158BBT8wlQ > =9afc > -END PGP SIGNATURE- But this, https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README, suggests to have Intel vPro. I confuse. Please update. Is vPro good or not? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3e053ad-fa81-4b59-882d-a0987c5caf68%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-16 00:03, nezna...@xy9ce.tk wrote: > If i have intel processor with the vPro technology - should i afraid some > "factory vulnerabilities" of that technology and some manipulation with my > BIOS. Or security of Qubes is higher of that level? > Short answer: Yes, but it's not just vPro you should be worried about. Long answer: Read this post: https://blog.invisiblethings.org/2015/10/27/x86_harmful.html And this paper: https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYMC29AAoJENtN07w5UDAwvLUP/idIreuywqbUlq8cnaAp7Fxe I6+JqPxPDeuqtZ6vS/3P6k0OTqBBvsDGBoBJ+O4WdxiJ1yh4HlGVI+87LddIYrl1 IGOTBKGCHOvZCQzxzMPPmJlKUJX+X81nhhJAKVqngjDcqT/eLlkOuPkemIIO0mYe edCdm7jiDNeFzn+IwnAgp5lh25LS7lYwWkH4ri45oxux8IP4jwAT0JckaUH0FUU7 qfTRcxgfdO3UTuKqzz7gBhXFtsTNAHEM/Kubm+4TF/qj2hETS1WKMLUBosNBTWGw NSdlBUN+SjynGAO9bGUc2uHM2aYbV5b/Hn+o+hCgD7zKzKl7loJyFIe1BCG+z9mo u2XL7mXdqZ/lOlrFJEZVFWoF0Mc4IrGWwPwfrMDLPIVBPskq2bIxFKO5I8aSaHFK q2EmceF6eLXeIKOA5WWW3QODgsl4eO69EMi94FZ/bFh9epbtjfaWb0Oc3+prGgPx tnOzR75+B+Vjvn8TPTiNDVXkD8kJfv0guVGkOo2KnDMBjYAHObNoh54wWQMrD8us pZ8XsFUXdV66Bwimo8PV1pBo2kuoBSa9oJBSOS/AP0aDwIT3oeruYkiCnip6e8yC SNJYOk357euBMUTpItH0oxNh8TSO6es+Fn7WQYibKksN0tPxWG7wYheHq0DFQ+oE h0l6ahsujt158BBT8wlQ =9afc -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/030c9782-8272-61a4--af31887e3b5e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
Accidentally sent before I was finished, didn't include: https://www.crowdsupply.com/raptorcs/talos - open source hardware, thus making it more difficult for unaccountable hardware backdoors (ME = software supported by hardware VS a true hardware backdoor) There are ARM devices like the Novena that don't have blobs, but they aren't high performance and I don't know of any that have the ARM equivalent of an IOMMU. Get out your wallet for big blue! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/abd0e07a-7dbe-87a9-2df8-dd24a77a516c%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
Intel ME (2006+ systems)/AMD PSP (for FM2/AM4), malicious firmware, exploits for the various devices on your system (the IOMMU is initialized too late on x86 to protect the host from DMA exploits in the pre-OS boot window) The sky truly is the limit. If you want *reasonably* secure computing you have to either buy a blob free coreboot board or spend 4K+ on an OpenPOWER8 system that has open source field re-programmable firmware. Still currently even on coreboot you have the DMA window problem, although theoretically it can be fixed. https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/ https://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/joanna's papers are a great read - she is one of the few elite security researchers that actually understand the problem posed by unaccountable supervisor processors. On 11/16/2016 03:03 AM, nezna...@xy9ce.tk wrote: If i have intel processor with the vPro technology - should i afraid some "factory vulnerabilities" of that technology and some manipulation with my BIOS. Or security of Qubes is higher of that level? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe7a6040-7c4b-f16b-44ff-45e2eb948abc%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] vPro and Qubes
If i have intel processor with the vPro technology - should i afraid some "factory vulnerabilities" of that technology and some manipulation with my BIOS. Or security of Qubes is higher of that level? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/429f277b-6020-4a38-accd-58f1d7bcfaa4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.