Re: [qubes-users] HDMI-related threats in Qubes OS

2017-05-07 Thread Chris Laprise
On 05/07/2017 02:14 PM, Vít Šesták wrote: After some while of inactivity, I've made an experiment and successfully created an HDMI “condom”. It is the most universal variant intended for connecting a laptop to some HDMI male. Ingredients: HDMI-male to DVI-female short cable + DVI-male to

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-05-07 Thread Vít Šesták
After some while of inactivity, I've made an experiment and successfully created an HDMI “condom”. It is the most universal variant intended for connecting a laptop to some HDMI male. Ingredients: HDMI-male to DVI-female short cable + DVI-male to HDMI-female adaptor, both are passive. Price:

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-11 Thread cooloutac
On Monday, April 10, 2017 at 3:28:05 PM UTC-4, Vít Šesták wrote: > > what about vga or dvi wires? > > Frankly, my main interest is HDMI. But I have briefly looked at VGA and DVI > pinouts. It seems that the only input channels are hotplug (if you count > this) and DDC (for resolutions etc.).

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-10 Thread Vít Šesták
On Sunday, April 9, 2017 at 8:49:47 PM UTC+2, Jean-Philippe Ouellet wrote: > On Sun, Apr 9, 2017 at 9:42 AM, Vít Šesták > <…@v6ak.com> > wrote: > > > > * DDC (PIN 15+16) – needed for getting the resolution etc., present even in > > current version of VGA. While there is some attack surface, it

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-10 Thread Vít Šesták
> what about vga or dvi wires? Frankly, my main interest is HDMI. But I have briefly looked at VGA and DVI pinouts. It seems that the only input channels are hotplug (if you count this) and DDC (for resolutions etc.). Plus older VGA seems to have some pre-DDC mechanism called “Monitor ID”. For

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-09 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-04-01 13:58, Vít Šesták wrote: > Hello, > I've realized that HDMI offers not only graphical/sound output, but also many > inputs. Well, some inputs are expected (listing of available output modes > etc. works AFAIK even with VGA), but

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-09 Thread Jean-Philippe Ouellet
On Sun, Apr 9, 2017 at 9:42 AM, Vít Šesták wrote: > > * DDC (PIN 15+16) – needed for getting the resolution etc., present even in > current version of VGA. While there is some attack surface, it seems to be > rather small. Note

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-09 Thread Vít Šesták
Well, there seems to be a cheaper way to do roughly the same. In a nutshell, you just ensure there is no wire for those two things: * HEAC+ (audio return channel plus ethernet). HEAC+ is optional and thus safe to remove. * CEC (remote control input) – This one is a bit more tricky. While CEC is

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-06 Thread Andrew
Chris Laprise: > On 04/02/2017 03:42 AM, Vít Šesták wrote: >> Yes, disabling those features can prevent thise threats. But I wonder >> if Qubes does this by default or if I can disable it manually. > > We may want to open an issue for this, or at least a thread in > qubes-developer. > > >> >> I

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-02 Thread Vít Šesták
> We may want to open an issue for this, or at least a thread in qubes-developer. IMHO not at this time: * Now, we don't know the current state. There might be nothing to change. * AFAIR users/devel distinction is mostly based on stable/devel versions. Since this question does not address any

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-02 Thread haaber
> I think having a graphics driver that disables any auxiliary modes (on > the GPU) would be a reasonable first step in addressing the issue. It > may also be possible to disable HDMI ports in favor of simpler ones like > VGA. I'm not sure how much input DVI and Displayport allow, but I think >

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-02 Thread Chris Laprise
On 04/02/2017 03:42 AM, Vít Šesták wrote: Yes, disabling those features can prevent thise threats. But I wonder if Qubes does this by default or if I can disable it manually. We may want to open an issue for this, or at least a thread in qubes-developer. I have also an idea how to

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-02 Thread Vít Šesták
Yes, disabling those features can prevent thise threats. But I wonder if Qubes does this by default or if I can disable it manually. I have also an idea how to disable it, but I am unsure if it will work properly: Connect laptop HDMI port -> HDMI to DVI -> DVI to HDMI -> TV HDMI port. But

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-01 Thread Chris Laprise
On 04/01/2017 04:58 PM, Vít Šesták wrote: Hello, I've realized that HDMI offers not only graphical/sound output, but also many inputs. Well, some inputs are expected (listing of available output modes etc. works AFAIK even with VGA), but others can be more or less surprising: * audio return

[qubes-users] HDMI-related threats in Qubes OS

2017-04-01 Thread Vít Šesták
Hello, I've realized that HDMI offers not only graphical/sound output, but also many inputs. Well, some inputs are expected (listing of available output modes etc. works AFAIK even with VGA), but others can be more or less surprising: * audio return channel * CEC * ethernet (!) * maybe even