Re: [qubes-users] vPro and Qubes
On Tuesday, March 13, 2018 at 11:43:21 PM UTC+7, sevas wrote: > vPro = bad. > > That GitHub page does not recommend vPro. It states that AEM uses a feature > of vPro to detect if vPro software (BIOS) has been tampered with while you > were away. Then you can throw your computer in the trash when AEM throws up > a red flag. I searched 'vPro' on the GitHub page. It appears only in this sentence: "In short, AEM relies on TPM and a feature found in Intel's vPro CPUs (TXT) to detect tampering of various boot components." Does the author mean Intel TXT -- not vPro? So, it is a typo in the page? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89b1c0ef-d760-4a35-a936-ec99836bf565%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Please help with Qubes 4.0 rc4 on 8th Generation Intel
On Wednesday, February 14, 2018 at 1:22:42 PM UTC+7, Krišjānis Gross wrote: > On Monday, 5 February 2018 14:13:25 UTC, Krišjānis Gross wrote: > > Hi, > > > > I have recently installed Qubes 4.0 rc4 on a new 8th generation Intel > > hardware and have an issue that I would like to get help with. > > > > The issue is that graphics appear to be very very slow. Each time there is > > some visual activity on the screen it is vary 'laggy'. I noticed that > > whenever there is a GUI action, the process called Xorg is using 100% of > > one of the processor cores. > > > > I have made captured a video of how that looks: > > https://drive.google.com/open?id=1vrtVnVLu6WBrMl_6O-R7qs2syyOKypnQ > > > > I have also gathered some logs that might help to resolve this: > > 1) archive of /var/logs folder: > > https://drive.google.com/open?id=171-f2-d3D_CPrSFJKFwcuIrQgZXYf5L3 > > 2) result of "sudo journalctl -b > journal.log" : > > https://drive.google.com/open?id=1eOJMT4uGAQyatXFcQvF9ElGRpbdTTQSp > > > > Hardware details: > > MB: ASRock Z370 Pro4 https://www.asrock.com/MB/Intel/Z370%20Pro4/index.asp > >CPU: Intel® Core™ i5-8600K > > https://ark.intel.com/products/126685/Intel-Core-i5-8600K-Processor-9M-Cache-up-to-4_30-GHz > > > >RAM: 16 GB DDR4 > > > > > > Please help to resolve this! > > Thank You, awokd! > > That indeed helped to resolve the issue! > > The exact steps that I did was: > 1) Install Qubes 4.0 rc4; > 2) Start Qubes. Notice the software rendering of the video; > 3) Open dom0 terminal and edit /boot/efi/EFI/qubes/xen.cfg (e.g. sudo nano > /boot/efi/EFI/qubes/xen.cfg) > Replace 2 occurances of "i915.preliminary_hw_support=1" with > "i915.alpha_support=1"; > 4) Reboot the system. Hi Krišjānis Gross, Is your system with Qubes 4.0 rc4 still working fine?Did the graphic issue relapse? Since you posted on February, have there been any other issues? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e4aba2c8-238e-48e9-82ec-42f404adf40e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On Monday, November 6, 2017 at 11:22:18 PM UTC+7, Marek Jenkins wrote: > > > I'm really glad the 63xx CPUs are also supported by Coreboot. I don't > > > really mind about Libreboot' philosophical issues - if it works on > > > Coreboot I'm happy. And now as I have checked the Coreboot Wiki page > > > again I actually realized you openly state the 63xx series works fine ;) > > The FSF hard line stance is a good thing, which gets us stuff like TALOS > > 2/POWER9 which is 100% owner controlled including microcode (check it out) > > But in this case I say the faster cpu is worth it for video games. > > Yes I've had a look, TALOS II is definitely a great project! Unfortunately, > my budget doesn't really allow to spend 5-6k on a workstation. Nontheless, I > really appreciate their efforts and can imagine privacy/security-conscious > companies do so as well. I don't even think it's that expensive, given that > they have to do a lot of development/research and probably only manufacture > in relatively small quantities (yet). > > > > Is that all it takes to compile the .rom correctly ? Does SeaBios work > > > out-of-the-box with Qubes ? Also, would it be best to simply clone the > > > latest working config for the KGPE-D16 from the Coreboot website > > > (https://www.coreboot.org/Supported_Motherboards), which can be > > > downloaded here for example: > > > > > > - > > > https://review.coreboot.org/cgit/coreboot.git/commit/?id=3f09b0ffef990286ecca344cf73023b35be42406 > > > - > > > https://review.coreboot.org/cgit/board-status.git/tree/asus/kgpe-d16/4.6-1125-g3f09b0f/2017-08-21T04_40_02Z/config.txt > > That should be what was included, no need to do that. > > Yes true, I just thought I might reverse-engineer the correct settings for > the KGPE-D16 from that config.txt file. Now as I have learned that the > default settings are fine, that idea doesn't really make sense anymore. I > initially expected each motherboard/chipset would require a custom setup to > work. (Besides specifying motherboard/chipset). > > > > Would you generally agree, that "Microcode update" is just a fancy name > > > for fetching + installing a certain AMD package from a repository that > > > patches the security vulnerability in the CPU? Or what is the approach I > > > need to follow to enable IOMMU and fix the security vulnerability when > > > running a 63xx CPU under Qubes/Xen? > > You need it in the firmware to enable IOMMU and avoid the NMI issue, by > > default coreboot includes it as I said so no worries. (check just to > > make sure of course) > > Okay fine, I'll simply go with Coreboot default settings then. > > > > Yes it's really crazy and a bit alarming how much data they gather :/ > > > That's also the main reason why I want to keep my browsing in different > > > VMs (work, banking, music/streaming, etc). > > That doesn't do anything if you use an identical browser fingerprint. > > Seems I really need to learn a bit more about this as soon as Qubes OS is up > and running. I thought if I separate the cookies and use an adblock addon in > Firefox I'd avoid most of those tracking problems. > > > > I mean know one knows, what they will really do with all the personal > > > data in the future. > > Being denied a job because your politics differ from your bosses - > > removing 50% of job options. > > Having creepy people scan your face in public and then harrass you for > > whatever reason. > > Someone robbing your house because statistically they can get away with > > it at exactly that time (their robber research tool told them what the > > best time was to rob you: when you are far from home, when the local > > cops take a donut break, when your neighbors are otherwise occupied, etc) > > Scary stuff, but very likely if I think about it! I once also read that > insurance companies increasingly attempt to track/profile people (and their > habits) on social media to determine insurance premiums. In other words, > sometime in the future your insurance premium could depend on what you > post/share online (or what not). Can't believe all those things are legal. Any updates in 2018? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ce96134-0416-4c9a-8ad2-6a880d3ada98%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
On Saturday, November 19, 2016 at 5:47:33 PM UTC+7, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-11-16 00:03, nezna...@xy9ce.tk wrote: > > If i have intel processor with the vPro technology - should i afraid some > > "factory vulnerabilities" of that technology and some manipulation with my > > BIOS. Or security of Qubes is higher of that level? > > > > Short answer: Yes, but it's not just vPro you should be worried about. > > Long answer: > > Read this post: https://blog.invisiblethings.org/2015/10/27/x86_harmful.html > And this paper: https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJYMC29AAoJENtN07w5UDAwvLUP/idIreuywqbUlq8cnaAp7Fxe > I6+JqPxPDeuqtZ6vS/3P6k0OTqBBvsDGBoBJ+O4WdxiJ1yh4HlGVI+87LddIYrl1 > IGOTBKGCHOvZCQzxzMPPmJlKUJX+X81nhhJAKVqngjDcqT/eLlkOuPkemIIO0mYe > edCdm7jiDNeFzn+IwnAgp5lh25LS7lYwWkH4ri45oxux8IP4jwAT0JckaUH0FUU7 > qfTRcxgfdO3UTuKqzz7gBhXFtsTNAHEM/Kubm+4TF/qj2hETS1WKMLUBosNBTWGw > NSdlBUN+SjynGAO9bGUc2uHM2aYbV5b/Hn+o+hCgD7zKzKl7loJyFIe1BCG+z9mo > u2XL7mXdqZ/lOlrFJEZVFWoF0Mc4IrGWwPwfrMDLPIVBPskq2bIxFKO5I8aSaHFK > q2EmceF6eLXeIKOA5WWW3QODgsl4eO69EMi94FZ/bFh9epbtjfaWb0Oc3+prGgPx > tnOzR75+B+Vjvn8TPTiNDVXkD8kJfv0guVGkOo2KnDMBjYAHObNoh54wWQMrD8us > pZ8XsFUXdV66Bwimo8PV1pBo2kuoBSa9oJBSOS/AP0aDwIT3oeruYkiCnip6e8yC > SNJYOk357euBMUTpItH0oxNh8TSO6es+Fn7WQYibKksN0tPxWG7wYheHq0DFQ+oE > h0l6ahsujt158BBT8wlQ > =9afc > -END PGP SIGNATURE- But this, https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README, suggests to have Intel vPro. I confuse. Please update. Is vPro good or not? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3e053ad-fa81-4b59-882d-a0987c5caf68%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Please help with Qubes 4.0 rc4 on 8th Generation Intel
On Wednesday, February 14, 2018 at 1:22:42 PM UTC+7, Krišjānis Gross wrote: > On Monday, 5 February 2018 14:13:25 UTC, Krišjānis Gross wrote: > > Hi, > > > > I have recently installed Qubes 4.0 rc4 on a new 8th generation Intel > > hardware and have an issue that I would like to get help with. > > > > The issue is that graphics appear to be very very slow. Each time there is > > some visual activity on the screen it is vary 'laggy'. I noticed that > > whenever there is a GUI action, the process called Xorg is using 100% of > > one of the processor cores. > > > > I have made captured a video of how that looks: > > https://drive.google.com/open?id=1vrtVnVLu6WBrMl_6O-R7qs2syyOKypnQ > > > > I have also gathered some logs that might help to resolve this: > > 1) archive of /var/logs folder: > > https://drive.google.com/open?id=171-f2-d3D_CPrSFJKFwcuIrQgZXYf5L3 > > 2) result of "sudo journalctl -b > journal.log" : > > https://drive.google.com/open?id=1eOJMT4uGAQyatXFcQvF9ElGRpbdTTQSp > > > > Hardware details: > > MB: ASRock Z370 Pro4 https://www.asrock.com/MB/Intel/Z370%20Pro4/index.asp > >CPU: Intel® Core™ i5-8600K > > https://ark.intel.com/products/126685/Intel-Core-i5-8600K-Processor-9M-Cache-up-to-4_30-GHz > > > >RAM: 16 GB DDR4 > > > > > > Please help to resolve this! > > Thank You, awokd! > > That indeed helped to resolve the issue! > > The exact steps that I did was: > 1) Install Qubes 4.0 rc4; > 2) Start Qubes. Notice the software rendering of the video; > 3) Open dom0 terminal and edit /boot/efi/EFI/qubes/xen.cfg (e.g. sudo nano > /boot/efi/EFI/qubes/xen.cfg) > Replace 2 occurances of "i915.preliminary_hw_support=1" with > "i915.alpha_support=1"; > 4) Reboot the system. Hi Krišjānis Gross, Is your system with Qubes 4.0 rc4 still working fine?Did the graphic issue relapse? Since you posted on February, have there been any other issues? Thanks, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/386a0ea6-c557-43b3-82e0-119e3853d634%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
Some Intel processors have Intel TXT without vPro. https://ark.intel.com/products/93339/Intel-Core-i7-6785R-Processor-8M-Cache-up-to-3_90-GHz And the GitHub page also says "http://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html (Note that this article is somewhat outdated, e.g. AEM uses Intel TXT now.)" So, does AEM use Intel TXT, but not vPro? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa1f4277-9eee-426d-95e4-530cf1da279a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
I hope the authors of https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README would say something here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e62c470f-6541-4064-8217-37465c6bcc5e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vPro and Qubes
I hope the authors of https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2FQubesOS%2Fqubes-antievilmaid%2Fblob%2Fmaster%2Fanti-evil-maid%2FREADME=D=1=AFQjCNHdTSlMQuiFYmS9hEEQkF8C_fwjIQ would say something here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83140359-3706-465f-81d7-91e91e1d9cea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
