-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> Rusty, Matt rightly just pointed out to Qubes Security Team that the
> current behaviour of AEM could be misleading. AEM should refuse to work
> if TXT isn't really working - otherwise it's easy to not notice it and
>
To the original point of this thread (figuring out /why/ the measured
boot isn't working):
The way I found to do this is to configure tboot to log to the screen
by setting (for example) "logging=vga vga_delay=10" on the "multiboot
/tboot.gz" line in grub.cfg. The Qubes default setting is
On 01/12/2017 03:51 PM, Matt McCutchen wrote:
> On Thu, 2017-01-12 at 13:42 +0100, Marek Marczykowski-Górecki wrote:
>> On Thu, Dec 01, 2016 at 04:32:50PM +0100, Swâmi Petaramesh wrote:
>>> Hi Rusty Bird, and thanks for your help,
>>>
>>> Please see below.
>>>
Is the SINIT module working? Run
On Thu, 2017-01-12 at 13:42 +0100, Marek Marczykowski-Górecki wrote:
> On Thu, Dec 01, 2016 at 04:32:50PM +0100, Swâmi Petaramesh wrote:
> > Hi Rusty Bird, and thanks for your help,
> >
> > Please see below.
> >
> > >
> > > Is the SINIT module working? Run the "find" command from step 2b of
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Dec 01, 2016 at 04:32:50PM +0100, Swâmi Petaramesh wrote:
> Hi Rusty Bird, and thanks for your help,
>
> Please see below.
>
> >
> > Is the SINIT module working? Run the "find" command from step 2b of
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Rusty Bird:
> Does /proc/cmdline in dom0 contain "rd.antievilmaid" at the end? If not:
>
> In the GRUB boot menu, do you choose the entry "AEM Qubes, with Xen
> hypervisor"? If there is no such entry, you may have to rerun the
>
Hi again,
On 12/04/2016 03:54 PM, Rusty Bird wrote:
Maybe your system still doesn't boot into AEM mode for some reason.
Does /proc/cmdline in dom0 contain "rd.antievilmaid" at the end? If not:
Yes, it does.
In the GRUB boot menu, do you choose the entry "AEM Qubes, with Xen
hypervisor"? If
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Swâmi Petaramesh:
> I now have downloaded 3rd_gen_i5_i7_SINIT_67.BIN from Intel, installed
> it per instructions, completely redone everything (including resetting
> the TPM chip in BIOS, uninstalling and reinstallind the AEM RPM...
>
> But still,
Hi Rusty, Hi all,
Le 01/12/2016 à 20:23, Rusty Bird a écrit :
>> Uh... Lines 17-19 are all FF
> Well, the good news is we've definitely narrowed down the problem. :)
>
> Are you sure you've successfully copied the *right* SINIT blob for your
> system to /boot? (Intel's download page is... not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Swâmi Petaramesh:
> Hi Rusty Bird, and thanks for your help,
>
> > Is the SINIT module working? Run the "find" command from step 2b of
> > /usr/share/doc/anti-evil-maid/README, but look at the lines for PCRs
> > 17, 18, and 19 instead: They should
On 11/30/2016 08:09 AM, Swâmi Petaramesh wrote:
Hello,
I use Qubes 3.2 (recent, default installation) with anti-evil-maid on HP
ProBook 6470b.
Anti-evil-maid is installed to HD /boot per instructions, TPM is
protected by a password, and I use a "secret" image instead of text.
So far
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Swâmi Petaramesh:
> So after upgrading Xen in dom0 I rebooted the system and... nothing
> special hapenned. AEM displayed my "secret" image as usual, without any
> unusual behaviour or warning whatsoever.
Some things you can check:
Is the SINIT
On 11/30/2016 02:09 AM, Swâmi Petaramesh wrote:
Hello,
I use Qubes 3.2 (recent, default installation) with anti-evil-maid on HP
ProBook 6470b.
Anti-evil-maid is installed to HD /boot per instructions, TPM is
protected by a password, and I use a "secret" image instead of text.
So far
Hi,
On 11/30/2016 09:40 AM, Jean-Philippe Ouellet wrote:
Check if the latest xen version installed is actually the xen version running.
[root@dom0 ~]$ xl dmesg | head -1
Xen 4.6.3-24.fc23
[root@dom0 ~]$ rpm -q xen-hypervisor
xen-hypervisor-4.6.3-24.fc23.x86_64
[root@dom0 ~]$ rpm -qi
Check if the latest xen version installed is actually the xen version running.
I had an issue where the update did not modify the appropriate EFI
variables and I was still running the old version after the update.
This issue has been addressed, but perhaps not completely.
You can check the
15 matches
Mail list logo
