[qubes-users] Does restoring automatically verify integrity?
Does restoring automatically verify integrity? Or are we suppose to run an integrity check before restoring? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cf4062bb-aa00-966d-b1bb-22e5ed91c046%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Full encryption in Qubes OS
'npdflr' via qubes-users: Hi, Full disk encryption is enabled by default in Qubes OS. But what about BIOS, Bootloader and kernel (or kernels as different VMs would have different kernels associated with them) Coreboot (if used as a replacement for BIOS) does not have a password verification feature: https://www.coreboot.org/Security#Existing_security_features I am not sure of other BIOSes. There is already a topic on github for consider encrypting /boot by default https://github.com/QubesOS/qubes-issues/issues/2442 I think /boot here represents GRUB bootloader. As for encrypting kernel, I am not sure how one can do so. Also, there would be different kernels one may be using: classic Xen kernel, pvops kernel etc. More importantly, is it advisable/required to encrypt BIOS, bootloader and kernels as a security measure? Thank you. Some people have accomplished encrypting their entire drive by storing the bootloader in flash along with Coreboot. You can't encrypt everything including BIOS, or you have no decryption program! You might enjoy reading https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf. Whether it's advisable or required depends on your threat model. Some meet their usage needs with no encryption at all. If you want a basic hardware level password, TCG OPAL drives can help meet that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5acbe1fa-f59f-8504-8cd0-388fa2dc6224%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Full encryption in Qubes OS
'npdflr' via qubes-users: Hi, Full disk encryption is enabled by default in Qubes OS. But what about BIOS, Bootloader and kernel (or kernels as different VMs would have different kernels associated with them) Coreboot (if used as a replacement for BIOS) does not have a password verification feature: https://www.coreboot.org/Security#Existing_security_features I am not sure of other BIOSes. There is already a topic on github for consider encrypting /boot by default https://github.com/QubesOS/qubes-issues/issues/2442 I think /boot here represents GRUB bootloader. As for encrypting kernel, I am not sure how one can do so. Also, there would be different kernels one may be using: classic Xen kernel, pvops kernel etc. More importantly, is it advisable/required to encrypt BIOS, bootloader and kernels as a security measure? Thank you. Some people have accomplished encrypting their entire drive by storing the bootloader in flash along with Coreboot. You can't encrypt everything, or you have no decryption program! You might enjoy reading https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf. Whether it's advisable or required depends on your threat model. Some meet their usage needs with no encryption at all. If you want a basic hardware level password, TCG OPAL drives can help meet that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1bc1a3fe-edaa-b2da-581f-a84b63091c08%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] CVE-2019-11477
On Tue, 18 Jun 2019, Dominique St-Pierre Boucher wrote: > Good day Qubes user, > > Is qubes affected by CVE-2019-11477? AppVMs depending on kernel (most likely yes). But this attack is limited to DoS (triggering a BUG_ON assert that stops the kernel) from the peers (+on-path attackers) you're communicating with (that is, some random source cannot just send a "magic packet" to trigger it. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1906182012230.24383%40whs-18.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
[qubes-users] CVE-2019-11477
Good day Qubes user, Is qubes affected by CVE-2019-11477? Thanks Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6dfee182-2d3b-4b27-b3d0-7d6c08584fba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How does dropbox know that I‘m using qubes?
On 6/18/19 12:39 PM, cycle via qubes-users wrote: > recently I logged in into dropbox with a browser from my qubes box and > had to confirm my login. Afterwards I got a mail saying that there was > an login attempt from: > > *Desktop-Client Linux 4.14.116-1.pvops.qubes.x86_64 > > *How can I avoid that this information is send to servers? Is it part of > the http header? My guess: You have the Dropbox sync client installed. "4.14.116-1.pvops.qubes.x86_64" is part of the kernel id - you can see it for yourself using "uname -a". Stefan. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c56ebc8c-1e7e-61f2-f03b-516a7394ebbe%40ploing.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] CPU overheating issues, pulsating fan, recommendations?
On Tue, 18 Jun 2019 04:44:04 + ome...@firemail.cc wrote: > Hey all, > > Over the last week I've noticed my laptops CPU keeps peaking @ 80-85 > every now and then, even when I'm not doing any resource intensive > tasks. > > I run 11-12 VMs @ a time which barely scratches the 34GB RAM on a P51 > Thinkpad with a i7 7820HQ running in a standard temperature room > environment majority of the time. > > Have thought of getting a cooling pad to resolve this, but would > prefer to see if there are any tweaks which can be made within dom0 > or the BIOS to put an end to this. > > Also of note, I'm getting similar pulsating fan noise as posted here > https://github.com/QubesOS/qubes-issues/issues/3599. > > Many thanks, > om > Run xentop in dom0 to see which of your VMs are using cpu the most. Web browsers can use lots of cpu on some pages! Mike. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190618123942.5f08559f.mike%40keehan.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Full encryption in Qubes OS
Hi, Full disk encryption is enabled by default in Qubes OS. But what about BIOS, Bootloader and kernel (or kernels as different VMs would have different kernels associated with them) Coreboot (if used as a replacement for BIOS) does not have a password verification feature: https://www.coreboot.org/Security#Existing_security_features I am not sure of other BIOSes. There is already a topic on github for consider encrypting /boot by default https://github.com/QubesOS/qubes-issues/issues/2442 I think /boot here represents GRUB bootloader. As for encrypting kernel, I am not sure how one can do so. Also, there would be different kernels one may be using: classic Xen kernel, pvops kernel etc. More importantly, is it advisable/required to encrypt BIOS, bootloader and kernels as a security measure? Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16b6a332d6f.1291ea2fa2452.3879846567999400906%40zoho.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How does dropbox know that I‘m using qubes?
Hi, recently I logged in into dropbox with a browser from my qubes box and had to confirm my login. Afterwards I got a mail saying that there was an login attempt from: Desktop-Client Linux 4.14.116-1.pvops.qubes.x86_64 How can I avoid that this information is send to servers? Is it part of the http header? Txs - Eva -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/IsTFC5a7IQruf6St8gCurmUhXEa8PgfFCovHdK4N4aaIMyi9QnUzSwnGi6Fu02_TdhE38H5NRgt1vCz-uegb_9sezRqDX7whdbfCZ6od6aI%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.