[qubes-users] Re: epoxy on ram to prevent cold boot attacks?
On Wednesday, August 31, 2016 at 8:25:33 PM UTC+4, pixel fairy wrote: > poured some epoxy over where the ram connects to the motherboard modern RAM keeps data after hours after disconnecting in from MB. (wont search that paper now, plz search on your own). there are also physical traces of RAM state on RAM device. thats why some folks are moving keys in RAM(xoring it actually) every 10 seconds or so, in their opensource encryption software. there is papper on in too, with photo of such physical micro traces. paper also explains why RAM manufacturers are trying to keep volts as low as possible. imo encrypted RAM is more safe. but where to store keys? CPU cache, VRAM? or separate PCI device? unsure about speed of PCI vs RAM though. but safe storing keys in HW of major, massive vendors is a wrong idea because of obligatory unofficial backdooring. maybe it is possible to only encrypt part of RAM with PCI located key(original PCI storage device). example: main system is in RAM, VM's RAM is encrypted (using driver) and the key is on PCI storage device. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/512950a4-6d96-4698-833d-ccf20ba33f9d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: USG - AFirewall For USB's
as far as i understand general method(control everything in data stream), adding support for new type of device is difficult, IF such HW firewall is connected to HW USB. i recall some device which transfers USB data over LAN, so user can connect any USB HW over LAN. by this way it is possible to have special VM with fresh state for every USB dev connection. after device is used, every possible not wanted effects are gone with the reset of VM. such VM could start automatically upon each USB plugin event. there is no real reason also to store such mini temp VM in SSD. it can be located in RAM. i believe Gbit LAN has potential. right now am considering some perverted "immortal SSD" idea based on following: SODIMM CHEAP (used) RAM modules (1,2,4 GB) in few motherboards. RAM disc is created in such motherboard upon boot and then shared over Gbit LAN. i believe it is possible to make very compact version for notebook(thats what am planning to do after i figure out how to connect about 16 RAMs. without having lots of notebook motherboards). motherboards are backed up by battery. how to use: before actual task, the contents of SSD copied to LAN disk. before shutdown, HW SSD (or even HDD actually) gets only updated data from this shared over LAN RAM disk. on RAM disk user can have VMs. WHY? there are plenty of cheap 1 2 4 GB used RAM modules. as far as i can remember RAM module have long lifespan. so user actually gets cheap SSD which capacity only gets bigger over time. i believe there can be one trusted HW machine and lots of untrusted HW devices shared over LAN or SPI. LAN or SPI opensource HW. LAN speed is just fine unless you want USB display or Kinect. again: main idea is to transport original HW USB data stream to the emulated (Virtual) USB connected to VM, _without firewalling it at all_. using LAN or other means. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb160e8a-c1e5-413b-88f3-b097a2f2d5b1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Feature request: "HDD Airbag" analog
Feature request: "HDD Airbag" analog overview: https://support.lenovo.com/nl/en/solutions/ht003517 list of supported devices: http://support.lenovo.com/nl/en/downloads/ds015000 is it possible to add this feature to Qubes? or atleast provide some interface to poweroff/park HDD? yes, Qubes requires SSD for good operation, but imo most users like to have SSD + large HDD for media or other content. i believe qubes can be really friendly for not so geeky user, by having such features or atleast providing support so user could write such soft. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16be7dee-54e1-404a-9e42-581fba972bb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Lenovo Thinkpad X250
Thanks for sharing the info! Is there any issues left, or everything works fine? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/23b14322-a88d-464c-8108-ab381c968336%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL Lenovo Thinkpad X250 i3-5010U
On Friday, March 11, 2016 at 2:45:50 AM UTC+4, Pablo Di Noto wrote: > So far, everything works as expected Thanks for sharing info! Have you tested graphics software yet (especially 3d editing/games)? Webcam working? Have any other issues? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea6b25ac-780c-4e77-8c97-4f020d6ddbdf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] feature request: luksAddNuke
On Tuesday, February 17, 2015 at 3:17:08 PM UTC+4, Andrew wrote: > (and only ever work on clones of your disk). this will work only with clones of _not corrupted_ data. ofcourse user can have special method of destroying data, but having such extra method encapsulates key data nature (location of headers, ...) from user. if user somehow has low tech knowledge level, it should design and develop tools for traceless data destruction, if failed to find existing. R isnt fast and easy task. > Even if you encountered such a miraculously dumb government, you might > still be exposing yourself to criminal liability (or worse) for > knowingly causing the destruction. only in case of provable intentional destruction -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3c876c2-0568-4500-9e7f-f52c8feb99e8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] how to run Windows quest vm in Qubes on hw without required features (vt-d)?
more specific - Lenovo Y580 is listed in hcl as having no proper hw features.(vt-d) what for? 1) using Qubes instead of non-hypervisor based OS is more safer, even without features like hardware virtualization. . 2) using hypervisor is more convenient than using virtualization soft like VirtualBox -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f2547cd-b9ad-472b-9bf1-d5aef957b4be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
