-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 03/29/2018 04:49 PM, Zrubi wrote:
> Any suggestion how to solve this?
Try this:
sudo qubes-dom0-update --action=downgrade [kernel packages]
> And if I succed, how can I lock my system to this kernel version?
Add the following line into
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hey,
I've opened a pull request [1] to the AEM repository.
Again, enormous thank you to Rusty Bird for being a wonderful GSoC
mentor and helping me clean up the patches for submission. You are
awesome!
Cheers,
Patrik
[1]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/16/2017 05:51 PM, Rusty Bird wrote:
> Patrik Hagara:
>> Rusty: do you think it's ready to be built and pushed into R4
>> testing repos?
>
> Almost ready IMO. I have some more line comments, can you open a PR
> on my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi!
I've updated the README a bit [1] to (hopefully) make some things
clearer. Also added a section on how to recover from compromises.
Rusty: do you think it's ready to be built and pushed into R4 testing
repos?
Cheers,
Patrik
[1]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/13/2017 07:28 PM, Rusty Bird wrote:
> Patrik Hagara:
>> Finally managed to track down why unlocking disk with unsealed
>> and decrypted LUKS key file didn't work on a clean Qubes OS
>> installation.
>
>> While st
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/02/2017 07:05 PM, Patrik Hagara wrote:
> On 07/26/2017 03:21 PM, Patrik Hagara wrote:
>> On 07/25/2017 08:48 PM, Rusty Bird wrote:
>>> Patrik Hagara:
>>>> Would it be OK if I squashed all the commits so far
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/25/2017 08:48 PM, Rusty Bird wrote:
> Patrik Hagara:
>> Would it be OK if I squashed all the commits so far into a
>> single large one (as there's already quite a lot of reverts and
>> design changes anyway).
>
> Y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/24/2017 04:40 PM, Rusty Bird wrote:
> Hi Patrik!
>
>> Thinking about RO/RW AEM media gave me quite a headache. We want
>> to allow creating a RO AEM media that would ignore freshness
>> tokens -- but then the attacker can trivially downgrade
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/20/2017 03:24 AM, Patrik Hagara wrote:
> I've got most of the code written already, just need to finish the
> -unseal script bits and test it, then I'll push it to my fork --
> should be in the following day or two, depending on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/20/2017 09:08 AM, Andrew Morgan wrote:
> On 07/20/2017 12:03 AM, Andrew Morgan wrote:
>> On 07/19/2017 11:56 PM, Patrik Hagara wrote:
>>> On 07/20/2017 07:42 AM, Andrew Morgan wrote:
>>>> I'm currently
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/20/2017 07:42 AM, Andrew Morgan wrote:
> I'm currently trying to work out a bug where inotify_watch calls
> will fail around the 8000th folder that's created or moved in. I'm
> assuming this probably has to do with a limit coded somewhere so
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hey!
First off, sorry for the delayed report this week! I was doing
"drawing board" work almost exclusively for the past ~three weeks
trying to wrap my head around all the outstanding issues and figuring
out some decent avenues for fixing them, so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/05/2017 05:30 PM, Rusty Bird wrote:
> Patrik Hagara:
>> On 07/04/2017 12:28 AM, Rusty Bird wrote:
>>> Hi Patrik!
>>>> OK, let's go with the freshness token then.
>>>
>>> To avoid implementat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/04/2017 12:28 AM, Rusty Bird wrote:
> Hi Patrik!
>
> I just noticed that qubes-devel seems to break your PGP/MIME
> signatures. Inline PGP works better on Google Groups based mailing
> lists. (The CCs have all been fine, of course.)
Thanks
On 06/19/2017 12:43 PM, Rusty Bird wrote:
> Patrik Hagara:
>> On 06/18/2017 05:51 PM, Rusty Bird wrote:
>>> Rusty Bird:
>>>> Patrik Hagara:
>>>>> Single-use key file code committed
>>>
>>>> Whee, I finally get it... Seeing how it
On 06/18/2017 05:51 PM, Rusty Bird wrote:
> Rusty Bird:
>> Patrik Hagara:
>>> Single-use key file code committed
>
>> Whee, I finally get it... Seeing how it all fits together, it looks
>> really cool!
>
>> What do you think about making replay prot
On 06/16/2017 09:32 PM, Patrik Hagara wrote:
> I will push those changes to my fork after
> some cleanup and a re-test (most likely tomorrow).
Single-use key file code committed [0] and I'm going to check whether
clearing the TPM invalidates PCR-sealed data or not. If it does, then
gene
On 06/13/2017 12:45 AM, Patrik Hagara wrote:
> Unfortunately, it seems monotonic counters are designed to only be
> manipulated (create/increment/destroy) by the OS and thus the TrouSerS
> project chose not to provide any APIs to perform those operations. This
> trousers-users mailing
On 06/10/2017 08:10 PM, Rusty Bird wrote:
> Patrik Hagara:
>> Any and all code reviews are welcome! The changes I made are stored in
>> my fork of AEM repository [1].
>
> - Please don't feel obligated to read this on a weekend :) -
:)
> One thing I noticed is that a c
On 06/10/2017 05:47 AM, Andrew Morgan wrote:
> Another way to mark files is to just list and later read their
> filepaths, line-by-line. However if one is marking a folder of thousands
> of files as untrusted, that tracking file can quickly become very long.
> Perhaps a database option would
On 06/09/2017 05:22 AM, Rusty Bird wrote:
> Rusty Bird:
>> In the current WIP version, the keyfile is encrypted before sealing
>> and decrypted after unsealing. (Using scrypt - if we trusted the TPM
>> to handle the raw keyfile, we could just use SRK password protection
>> instead.)
>
> Sorry, I
On 06/08/2017 03:48 PM, Rusty Bird wrote:
> Marek Marczykowski-Górecki:
>> On Thu, Jun 08, 2017 at 11:19:22AM +0200, Patrik Hagara wrote:
>>> How about storing the key file itself inside the TPM? This may (or may
>>> not) open some new possibilities while, apparently, n
On 06/08/2017 01:56 PM, Marek Marczykowski-Górecki wrote:>>> - if
someone copy AEM stick _before_ observing proper successful boot,
>>>he/she can replay it, because copy of AEM will still have "old" OTP
>>>valid (a keyfile encrypted with it)
>
>> This weakness is impossible to prevent in
On 06/08/2017 12:45 AM, Marek Marczykowski-Górecki wrote:> I was
thinking for some time about a scheme where user enters
> also something dynamic - OTP (not necessary TOTP) - either in addition
> to normal passphrase or, instead of. But it's tricky how to do it
> properly.
> One idea is to have
On 06/07/2017 09:45 PM, Rusty Bird wrote:
> Hi Patrik,
>
> Sorry that it took me a while to respond to your first "offical" :)
> progress report. This email has some general stuff, but I'll post more
> here or on GitHub later this week.
>
>> Right now, I would say the first version of my code
Hi!
As some of you may already know, I have been accepted into the Google
Summer of Code program to work on improving Qubes' Anti Evil Maid suite
to provide resistance against shoulder surfing and/or video
surveillance. The project proposal I submitted can be found archived on
this (qubes-devel)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Jun 1, 2017 at 2:55 PM, Pablo Di Noto wrote:
> Hello,
>
>> 1) Hardware that used to work with 4.4 or 4.8 no longer works with 4.9.
>
> Using it on a Lenovo X250 (i3-5010U), and other desktops.
>
> Experiencing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, May 29, 2017 at 4:45 PM, Peter Todd wrote:
> On Sun, May 28, 2017 at 05:46:22AM -0700, pixel fairy wrote:
>> > Are you suggesting that VM's no longer have internal ipv4 addresses? You
>> > mean
>> > via the ipv4-in-ipv6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, May 16, 2017 at 03:32:41PM +0200, Marek Marczykowski-Górecki wrote:
> Unfortunately, as new GSoC org, we didn't get as many slots as we
> requested, so we were forced to reject some, even good proposals.
Ah well. I hope you get more and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi!
First off, thanks to whoever was responsible for me
being accepted into the GSoC program and congrats
to both Andrew and Paras for getting in, too! :)
On Fri, May 05, 2017 at 08:27:34AM -0700, John Casey wrote:
> Unfortunately, my Qubes
/ CEST).
Contact information:
* name: Patrik Hagara
* e-mail: patriha...@gmail.com
* GPG: 09AFE672 E513B8A3 ED35643B 5C1E71DF 031F9AE5
* [GitHub][3] and [LinkedIn][4]
[0]: https://www.qubes-os.org/gsoc/
[1]: https://github.com/QubesOS/qubes-issues
[2]: https://github.com/QubesOS/qubes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Mar 29, 2017 at 1:39 PM, Rusty Bird wrote:
>>> In case you deem the probability of software-based (but requiring prior
>>> physical access) multi-stage evil maid attacks much higher than
>>> hardware-based ones, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi!
I'm thinking about applying to the GSoC program and working on
the Anti Evil Maid shoulder surfing and video surveillance
resistance project idea.
However, I've got a question regarding the proposed
solution which requires implementing both
33 matches
Mail list logo