[qubes-users] My farewell to Qubes OS!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Qubes devs and users! It's been nearly 9 years[*] since I sent the first internal email within ITL to Rafał Wojtczuk and Alex Tereshkin with the original idea for making Qubes OS. Shortly after this, we started drafting the original architecture and writing some early PoC code... Today, I've made an announcement I'm switching focus to another area of work and joining the Golem Project as a Chief {Strategy, Security} Officer: https://www.qubes-os.org/news/2018/10/25/the-next-chapter/ https://blog.golemproject.net/joanna-rutkowska-joins-golem-as-chief-strategy-security-officer-13f12f0c11c0 I'd like to thank all the people who made Qubes OS possible, which includes: the whole ITL team, all the community contributors, and, of course, all the Qubes OS users! Qubes OS will continue under the lead of Marek Marczykowski-Górecki, who have been a de-facto lead for all the day-to-day development for quite some time already! Thanks, Marek! Thank you, all! Cheers, joanna. [*] FWIW, the exact date was November 11th, 2009. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEtR14vbBDAuE0X2Ly1F2dklVl1NIFAlvRmTYACgkQ1F2dklVl 1NIiDxAAtwm3qM1Rq3ow67q5bLu+1VnuM0NQrN/crLu+FDOdaa9XNzSsdWz97UoN 2VsRO+RICNttrR7MAaWSgTXtBKOMuSXYc7s5r7VVFtx4qW0xyRaxbr7vBqJRDM5n 6eCLdjAFf1Xh8Ju5eDnBJGx41EIywO4Jba3z9+Ww2xyBycQAYY22yRQf6ANlWfwW XE0HgBuaJtAEReJc7qpzlG/iwLa/de1eqVa9kOS4HrESllE9wP7qXLrnmwr/yH19 2twe3QVS29uVYzPOam6PiCg1PN4AjsYKvihy/Tap11bYfdr1L8OjmE9+KrDPFPek MaWlkl/OoiFZsQHhj1somMfFNKH82oTW3zIAZCmmOZgQHgt6T1KDzjehFTASJeFp WNmvmowDYfcVYEdjEXQKP78mpxlYz6fChr/A4x3TX64+KsltdZA7l266OMfpXvL4 Mja4SUvEKqLbyEQxCaDnOwm4cV7k/dHtOXE5fREzUfi+YVu14yVNkPRxg9UpgtCa sV/PY7AwOe4JqxV+8VlWWmX0amNf8ZEtz51F2eH6NZZYGaRtTXxTKW6Aad0XHg7p 8m2gvH8YWnGPX7ckofcpL7NHR5B6EauXoHKeQZgV9Ix0NQf2CNvBv5ZxZ7IYannH mJEcpgRYMtG5b8+x05hBCb7CP5T/tQpt2r5jIK3eqwEzcPY//H8= =1ZqA -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181025102143.GC3938%40work-mutt. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Introducing the Next Generation Qubes Core Stack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, FYI, I've posted today a new article about the new Core Stack that has been brought along with Qubes 4.0. The article attempts to be a practical intro for (power) users, but it also touches a few architectural and philosophical topics. Here's the link: https://www.qubes-os.org/news/2017/10/03/core3/ Cheers, joanna. -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJZ1BFIAAoJEDOT2L8N3GcYypkQANV7+j8Py6CUEUY7Nw1bbhrZ RalytDSbz8WZNLfJ3lfDeEK/r4/GWJLFSvTrCOeAZRKFjtZ0BRJ5blK1K/LIpqRu DaU6nVVYfmVPa807bzlzrUJscfQTgl2DH1bt6wozxcioK9Bb0uSp++Bf/t29d7wY fu64qL9ypRReeIwlxs6dgs5wx2QI0Jnj5S/GtXPyoVkIPVXlLjYgCuddOSxxn/BP mrfBxEXYijxHptve8ncivHpQwEqtJtS5jAQjXK5T2lz+v7fzbfWl6NYX68wttnuz VGstjQgjJYAf8oCzbTlGgf/bYKPSmsgXzQoZ4fQN9hC4OXVa7MFuO/fIvAqK+P7i HhGVr97dl1r6zs6ZV/wqlwkq+FcqI6EFi3g2PBPlthJMCV1ghTeHEMGVVaihdAXc fy//EWvCBNh1p0JaZStlsbKN6lSuWFdSNKGTl51sXgplucAgX2Gh606q8UiQjXOG knytmxSBa1fdAkoKkDacJ6t7SkLB+Uwuq3nHbuhlcRjWtD2T7kEhFOr3Pxni3faf GP+odEPOz5BFVwy7wSSKUwrXw2QaQZywD0Awxp0dJheEzQElAWMdPGfDFtDY4/O7 60YgBInlaCSiLSN2RoaJJKs1du0qvIscpspq2yq/u2EqW2i3wHEBm3u6348hZfTt i7IvYw8EbuHl41XI3AXY =AMF7 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171003223801.GB2871%40work-mutt. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Compromise recovery on Qubes OS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, Just a FYI that we have recently implemented a so called "Paranoid Mode" backup recovery for Qubes OS. Arguably this is a new approach to dealing with full system compromises (thanks to Qubes architecture (TM)). The packages for Qubes 3.2 that bring this functionality are currently in the qubes-dom0-current-testing repository [1]. Note that you need these packages on a fresh system where you want to restore to, and only there. I also wrote a post [2] explaining the rationale for this, as well as how it is implemented, and what are still the limitation in 3.2, and how these will gone in 4.0. The post also touches on AppVM compromise recovery challenges and how Qubes OS might help here also. Of course I wish we all didn't have to use this feature too often... :/ Cheers, joanna. [1] https://github.com/QubesOS/qubes-issues/issues/2737 [2] https://www.qubes-os.org/news/2017/04/26/qubes-compromise-recovery/ -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJZAIceAAoJEDOT2L8N3GcYGxgQAKMdaO/1VBOXh8RD4kMmiS7K KTHvQuU+V0iP20KHSEh9kt/QSM2DV9ru7hIfNNo44LlU2dxDLJ6NFtykC6bZvdjN Vk93f2iOaRSrKclwEXRaa/Bo399ZE0pMXOO4alHHaMerYkFCn4WEtwYQB8mclgyI TvaF9X+EUdpa7DZsO4wHONYqLu722wvjprDHnAyQjYwyrhdiRXEmABCr6FkT5Dx/ isRJR7JIOTyt1Fa80oqwjyaA+6RxCoBjM4IjqIhxHs6ebAgnNd7vRpbZglqnEVi7 CWYMqYxm83F1mO/W+GqufIXw2UvRF1RyHl4hRVfEtjltwZpvsgFUMofHcTAQzM2X 1GGMXM+8Di+1lYmPJf4rM4FzkYvUL/DlA+BMPRWRw05hCsBvn+t0AjLUOa7RgSlH Vr3fLAdpFCSAvkunc/tM9DHcR7UyWiRU/4WS9Fdl2U1ekaqPxMToNLF/FFfYT2y1 HTMkhX9rAgZvIynmbpH1yjaKVJgGSfLI/U9Il/1OETWO4p0b+iXuEM2HZQ/Oqwz3 qYf+LCWAJRWokf46E7YIPmO4OhMD29EjgUyCEX6nFJWGI4Lx7EBB+coRlm7Nm6P1 mNZM5wnkCLVF47l6RL5+uiHQjvDaOxNefIchMAiLY4yeERdgoJJlo+DGdbdsX5KC spbT/xcjj1p2DkLbIWDK =deyL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170426114015.GF7540%40work-mutt. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 3.2 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, We have just released Qubes OS 3.2: https://www.qubes-os.org/news/2016/09/29/qubes-32/ Enjoy! joanna. -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJX7PbOAAoJEDOT2L8N3GcYxCwP/15v8dVR0gfevXUefHLCuZFF 22Fv/g9oWj7ADB5ZVPYjBl9Bcl2F5oqPCrXBbeGkEAyIUcL8nl8MNegTnw7cy4lu ZGoYFBdSkhEtRvx+u3Cv/C7zbKjsunTzXdnH0kI4AM4yM7BCXaJR4G53K2b+cUDV h2E3TuVJEas93YxGmuFPrdGOq3MVPPGR90jDbtR5CKrwCDYvJkTtNxvpLG8y3ZLK +8LODohB/RtrUJYX0d+DI+zu3I3+WEJpW2k2KtRAQWsKBqk2CQI6qBJJPfeU1Dmt XGthzXzs6eTDaYGom/3LjKCjJoCXj+uJ1BiZWLytjy9PTecruD2nc7dmbacCklJ6 hWwPWZ2AxLvri0lhEEqA84tFgxWFf5IVNa9QQwgoZjPMD+jx6nnevDNEnd73Pk2a tyFiXr6lWxrMkwrvlBWX6pOjZQI4hGuGOVU7cRZzsmjCy6jyGK/mLno2JNUDBiQG RDAT2Xuj+zBV43KYNMikMSXFYBwkC15X79pZIlX5kW8qCD8Y0Khw/OKy4ukG8lfs sV71BqrGDh3ZgR2vMzwf1EZ03SZcGvnyW+bJhHWWBDnslTElbtnnFyWzyKpQ4fAU k4Z4E0JlG6BjqSkxug0IjKbnDvnYwmtjMXBVkA2q9Jot0g+1h8R8Xf8ks0zlG/Jt tbM2e8cD5/yV9BW1hwVT =ihNH -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016092911.GE21619%40work-mutt. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] AMD Zen Secure Encrypted Virtualization (SEV)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Aug 19, 2016 at 11:58:18AM -0700, kev27 wrote: > > Secure Encrypted Virtualization (SEV) integrates main memory encryption > > capabilities with the existing AMD-V virtualization architecture to support > > encrypted virtual machines. Encrypting virtual machines can help protect > > them not only from physical threats but also from other virtual machines or > > even the hypervisor itself. SEV thus represents a new virtualization > > security paradigm that is particularly applicable to cloud computing where > > virtual machines need not fully trust the hypervisor and administrator of > > their host system. > > http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf > > https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf > Thanks for the pointers. Next time I suggest to send such stuff to qubes-devel ;) > Is this something Qubes OS could work with in the future to improve its > security on AMD Zen chips? Maybe something to keep an eye on. Maybe. For either SGX or SEV to make sense for Qubes OS (i.e. a desktop OS) it would need to allow some form of protected HID/video from/to the SGX/SEV-protected VM. Currently none of these technologies seem to support this. Specifically the white paper you referenced explicitly states: > One important consideration for an SEV-enabled guest is that DMA into guest > encrypted memory is not allowed by the SEV hardware for security reasons. All > DMA, whether from a real hardware or a HV emulated device, must occur to > shared guest memory. The guest OS can therefore choose to allocate memory > pages for DMA as shared (C-bit clear), or may copy data to/from a special > buffer (aka “bounce buffer”) for DMA purposes. Some operating systems have > existing support for bounce buffers which may be used for this purpose, such > as the swiotlb Linux functionality. It's thinkable that the IOMMU could transparently decrypt DMAs (from select) devices, allowing communication between these devices (XHCI, GPU) and the protected guest, without the hypervisor being able to sniff or inject the data (e.g. the actual keystrokes, framebuffers). Let's hope they do that one day. Cheers, joanna. -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJXxtzVAAoJEDOT2L8N3GcYSiYQAL69fzVC4PVInuGNeXPPkhN0 qr8ahmRzDCZECi/b26fqfWZ/GrW9sf569m0cVT8VImL3Ki0gvV2WPcqiCypNjX6E dMQKKnPmkNAbTpKFtv6IIDsC3PxdtvGjcLXSr/R123DLNpbN2/IN5MvrrYCEhfDz CpI6YuSzWLwLAEk/MoEfm3Dk+ninRsLY+2bt0YVwfTj2X7/Q+p0VPCY2ImtL1h3k OhvYCtIKkMTAvrY4t0gV9Ndm3UNxHAHslZkl9Kcj6Gqp/mkC1GXCK1KemolCcLQE MvW9NUlhscpVYYIBmExnQPOPLb8eyD1DqxiZC0FaJz/UxQUCHhLaX6RCqr4MHqQX ytPPeNXW/Q3jgfgNewVslbwEOkehWWZgATKuHRMB6W3d/dXtcct7DDSBcqk8pCTr jn5Bq55zjylMvRE46seIFR4T4lRNVGsSeKe90N5ouO31v51q9fLAUWoEvF6/4rKA d8m/OrbtZf9DFCCXIsVXdTVI6fDzBDKAZSZOlgSpDTiApZyTfOZox6K2rPXO3RuN cI3Wf36aCH6gDMJciDOMbWMa2Gf5NxjJJhZ+PXDiqTxIJlf8yzLu2nAvEcGv3XIh EWQL6sKNxb4xFgRYCZn4Ekl8vBy9/0rYqpxdhSclg9BX5vJGhrCb6XxHfY6yjRJl ToSrhIQPHr1JUZfCqcDv =JJWX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160831133413.GA20414%40work-mutt. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Thinkpwn?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Aug 15, 2016 at 11:06:32AM +0200, Joanna Rutkowska wrote: > On Sun, Aug 14, 2016 at 12:55:10PM -0700, el...@tutanota.com wrote: > > Just to clarify, that means that even if the UEFI is exploited, it does not > > matter with Qubes? > > Yes. Oh, I noticed you wrote 'exploited', while I originally understood 'exploitable'. So, if it is 'exploited', which I assume you meant 'already compromised', then it's likely a game over, no matter what OS on the host. joanna. -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJXsYnHAAoJEDOT2L8N3GcYUR0P/i5goJ9TH09QbFRFysHMJKyz 4cm4xPI4IsskXWQJHbwD62332iGZ2UpYqK/NBixfj2q+UbwruF5BOVSTkdpsaJe/ Lu8qmqEHxBOqqmX+utnyJtvjob8Ranuj3IzCw0zcC03riUEuUz/YyvUEBoyPDyWb KTbw1NJc3DrPGty8NW1hNbsGHNMNrvKwGA7rCl1kHdyZQ0WB4T2Ury2QpXeMYoD+ Jz9R3GXAH0ZhPOiqy4+5laWnl/kQ7MK5h1cUTvkFYUmX8j9kDuvpjmZ2sG5/tkC3 KH4uVXzRcHlj/Wa/ihKFPSgReRLDeQop/zPraMF0upZH/fcawfJSXdpD5YWDu5JN sn6JDzYRO/tWOgTnWRYRgMFn/ILuyb56XO7F8DnFQOmo32smRJwUlhE+W5VnhEhf ibYYsDEV7+GCIjxLuDL28o2/flPYdmed8YEpf6ilPidSHn/OahlRACx8DhP7acXV e6an11/3GnQ5cUDp7jM0J+gx0rJ58jOgfS6KQ1WTLHpLQuPKV3OooG6qdYJav1NC h2hEhDMrDU198wyB5KjnP8UzFZXZKj4P44+5ATIv2XoU7wmuTiaRe7Vg+jHdxg96 vpJ9Vwv+iY5jN1cB5Eh6MWS9j2Qlud/voDgxnwMqen33wp3w0nmC6VDL/1bD+KbN wTBGjE0Im3VaXM57we/9 =w+Ko -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160815092214.GF2484%40work-mutt. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Thinkpwn?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Aug 14, 2016 at 12:55:10PM -0700, el...@tutanota.com wrote: > Just to clarify, that means that even if the UEFI is exploited, it does not > matter with Qubes? Yes. Unless the isolation-provider that Qubes happens to be using -- currently Xen -- is terribly buggy and fails at providing this isolation. Sadly, this was the case with XSA 148 (last year[1]) and XSA 182 (just recently [2]) :( We hope the move to SLAT-based memory virtualization in Qubes 4 would minimize likelihood for similar bugs in the future (see [2] again). I shall point out, however, that majority of other "critical Xen bugs" have not affected Qubes to date, either because of various architecture decisions we made (e.g. getting rid of qemu from Dom0, most backends treated as untrusted, running in other-than-Dom0 domains, etc), or by a combination of luck and gut feeling (e.g. not using 32-bit VMs, etc). Thanks, joanna. [1] https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-022-2015.txt [2] https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJXsYYZAAoJEDOT2L8N3GcYFnEQANlqIJWhFHXvAIljGjZQwtl0 vgzkV0ZHA69OzPl5M4TvZhcUWgtTiOTTGjeHdUmkblCZEBLOCqakKQv1h4h+7I+6 oLtR5mKR4a6H7Mt9L5Ux5ciyRzx2oqDQpe7dehha/pOVMd3jj6niqJRTdhOSrVlB GJD2BGNvoFa1hfSKEMBBs1SP7vgGCz2YWI/MoX7fpcM6g2XwvSYTQKpPnRbG/AUa D6j6Gku0Rj+jDaiBDG4Iy6ymDbr7yW/7oYxOKXLpI8nj3UjZ0QIA2ym5dGb/hWjl pmqDv5yKesCFedIUr/8SQzdwkhfQCbb8OYvXQBNoQNeAJxiT0eJFvD+9rohuVTdZ KwLYKuUlCIrcxv+ULYSqPLm3GuzQAnJGi9eSw3N8t2UeHCDB2//fcihKzssZQeON 3h/U5Gj/IcXAITAq52/Euy1VinMwghC09HHR2lMJ8ZDuBAMaYOnLlOM8KGqMYUO0 5Q+iGxejjSnexVhMzBYIjm5m20e1cvDHEkTcoTfJ0r4CIGZyaLdJjjkKvpwm8tdN 0q5mippj+Sf4UlXFIQbrCE1jHVGL+KUUFilpMx8E4nFzhjIeN8EeBPzm861efNS6 qD2RowN6wVPa88v+kVGSRHgNxpZDDuSH5215+2MxUKrcx3oxdNPXKQ6RbCNKTk+n wwNrXWQXiDy0koRjPVRQ =CC3q -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160815090632.GB2484%40work-mutt. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Security Bulletin #24 (Critical bug)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Qubes users, We have just released a new Qubes Security Bulletin (QSB #24) for a critical bug in the Xen hypervisor: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt Please install the updates, immediately. Regards, joanna. - -- The Qubes Security Team https://qubes-os.org/doc/SecurityPage/ -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJXl1I2AAoJEDOT2L8N3GcYL60QAKnMZVQxzY1mv56C02EU+s+i ZoK6vvPEWqFjiFEBN7ojH6Xg8VDa73YMJhn7RAzqVbzdNauLTufjpXBuHtrQJ8oN CtWCo9CIvRS8bNhl6IcKWh3/NORXRIRuBxceCVoMOvd8jHBZGQqbJYxeh6UzxFx+ 0Cn6CAtofWBTnM6oV4/WXEMAVE/P3IW4zlui/kOHOwe/fpEt033b74ncq9DENkCU CiaN/3p5Rgxa6nnIMQkQhSmP7HUJCzQXPLZ9DR1EcGHue3I8kZbikFcmDsLf5E9b rSjRh0yhqUyQdNUIVaVQmIAaaCnkmuDKEw5RbiNmoFbyy73t5ktTNmfOSCN05hc3 xLeoNU6ZCTcWqmgkwCuCa8LdizDgd3FQnfCxj7injXRel6UKVROBhw8o16RG4oZm G7k++g0K3hKyeF2YnZt4BQJbnuWW/JZ54fzP8m6YvfBBICj6ncKBBEV8XENCcCVL tUOIZYieY9hUFowK6Gsb6Y9SFC2EJtNC9PY/xPc660txQHakQTgpZtN2uC4al6MV pZonsQdG9O3csuHMOTIwKrRrmqt4LvCPz2EIYYHBlsAQU362/fR/4uE9MH87neRO zWoSYBTBsZAq1JW9dNd+2YWABcWqijHbkcIxaQn/gFet9VSFBTqdeAmfJ3a7C08H 3wd6HMsUTKclNoSLYzF6 =bDeB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160726120614.GE1993%40work-mutt. For more options, visit https://groups.google.com/d/optout.