Re: [qubes-users] BIOS did not enable IDB for VT properly. - TUXEDO InfinityBook Pro 13
Patrick Schleizer: > Qubes R4 RC1 with TUXEDO InfinityBook Pro 13 [1]. Xen crashes. Boot aborts. > >> BIOS did not enable IDB for VT properly. crash Xen for security purposes > > Did anyone see this error ever before? Any idea how to fix it? > > Cheers, > Patrick > > [1] > https://www.tuxedocomputers.com/Linux-Hardware/Linux-Notebooks/10-14-Zoll/TUXEDO-InfinityBook-Pro-13-matt-Full-HD-IPS-Aluminiumgehaeuse-Intel-Core-i7-U-CPU-bis-32GB-RAM-zwei-HDD/SSD-bis-12h-Akku-Typ-C-Thunderbolt.geek > Could get it to boot using iommu=force Cheers, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/160fea68-ca6e-ad51-c21a-be16826b93ac%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] BIOS did not enable IDB for VT properly. - TUXEDO InfinityBook Pro 13
Qubes R4 RC1 with TUXEDO InfinityBook Pro 13 [1]. Xen crashes. Boot aborts. > BIOS did not enable IDB for VT properly. crash Xen for security purposes Did anyone see this error ever before? Any idea how to fix it? Cheers, Patrick [1] https://www.tuxedocomputers.com/Linux-Hardware/Linux-Notebooks/10-14-Zoll/TUXEDO-InfinityBook-Pro-13-matt-Full-HD-IPS-Aluminiumgehaeuse-Intel-Core-i7-U-CPU-bis-32GB-RAM-zwei-HDD/SSD-bis-12h-Akku-Typ-C-Thunderbolt.geek -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f69a6fe-6478-8f58-fe51-8d9f3f4ce5f5%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] BIOS check before Qubes installation
On 07/08/2017 12:16 PM, Max wrote: Hello, How to check if BIOS require digital signatures on BIOS firmware updates? IIRC, a firmware setup menu that has an 'anti-rollback' protection setting (to prevent earlier firmware versions from being accepted) should have signature verification. As of 2012 the UEFI spec did not require this feature. I believe this has changed since then -- you can look for such a requirement at http://www.uefi.org/specifications . You will probably get a more definitive answer for this type of question if you ask the Coreboot and Libreboot communities, as they regularly deal with such protection measures. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/031665fa-4269-5dba-e7b1-ac23265d758b%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] BIOS check before Qubes installation
Hello, How to check if BIOS require digital signatures on BIOS firmware updates? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1861871499530607%40web55j.yandex.ru. For more options, visit https://groups.google.com/d/optout.
[qubes-users] BIOS
Where would I put a BIOS for a VM? I've tried to get one working, but I've been unsuccessful getting it to work. I placed it with the other bios.bin and called it instead, but it did not appear to work. Is it possible to use a ROM file instead? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1e5a6c3-788b-4a1e-99c7-07ff14a607a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] BIOS Security Settings?
Hello, does a BIOS password (against BIOS changes), gives a higher system security, or it is more like a security fake and could be easily bypassed? Should I switch the IME off? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3a95417b-d046-462a-a288-6b22007d6947%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] BIOS updates in qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/03/2016 01:54 AM, Buck Smith wrote: > With a Dell laptop running qubes, presumably no BIOS updates > happen, right? One could still get attacked via BIOS is some had > physical access to machine to swap out a part. But not over > internet. Agree? Disagree? Modern BIOS/EFI systems may have a remote management interface. (Dell and Lenovo business models surely has) This feature is nice to have in a corporate environment, where your machine is managed by your company. If it is not disabled and/or not protected then your BIOS may be reached from the internet (but at least from your LAN) in that case no matter what OS are you running, the "boss" is the one who controlling your BIOS. I'm the one who not even believe that a disable feature in BIOS is even real ;) So you can be never know until you prove it. The same apply for ~all the Intel v-pro features. A standard manual BIOS update really depends on you. Some are following the "do not repair it if it's not broken" process. Some will update immediately after release. You must trust the provider of your BIOS fully. Lenovo at least providing hashes for their firmware. Others may not even care about such thing... - -- Zrubi -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXVX6tAAoJEC3TtYFBiXSv9CkQALCwk/aBqpuu9zHatqJzUFn+ 3byLbx5Gu1wNEE8cna8huJdatU5Uo7V8pRmBzIFHmjqER7HavDjS3tHXwnkeikwX iiOW29pu2nPuYwQlWYf/yZlWKgtmjt4Zhc3VL0evdQCDyqqEpVKuKSs5GDQjtYRe 6bNe3gRrLnQ/PGE2aR5mW1WxRkTkBi6h7l2ubyhRrbcW3qxYnDG0xL5sDkL1MD7g gNSkAPUiFmFV6LjsxGqYeGNBB8xmXqbI27+vGkQAP9M+DdRUw++dXf9Fp94sGYSL M74CM6MZaXEJfMd2+NHuebYkkXSoKEp+dVk363najm3nVXWpCl21v1sj4xgeK+zp 7x7pnqaZOYibXCOC1PIFRFuMYvHyxFezXUGmCYcRmGHZzpsmvhqcIX7c8TBh/jqD 0qIbfg+iAgWN4yPMH6uOWT6Tt8MDjHWuEKk+8+U66zTgs38Sn5KZ706865EuP63U TIVi9xDqdlNY7BMF75JUs2YjkVP3/f3gjFevjwbPsuXmTs2VKFmWa6UYHAIouAHR 0HrQEvv9Uk5DHsCu8G8UvqKlxnx/1Rq4WNaXXjDnzAgW5BbKLiTq+AeA2wcIGmPU lUkm6qAzWKDvxmxe837bwjIxNyeL57avVLnqcB9ilZy1cyeqZOdEBjjmNoCtKjxM 7l3C350tdoZRNwqg6ojw =PCUc -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4724202c-86f0-a217-f1a5-f714350cedd4%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] BIOS updates in qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-02 16:54, Buck Smith wrote: > With a Dell laptop running qubes, presumably no BIOS updates > happen, right? Do you mean automatically? If so, correct. (But I think that's true of most OSes.) > One could still get attacked via BIOS is some had physical access > to machine to swap out a part. Correct. (Swapping out a part is one way, but there are potentially "easier" ways too.) > But not over internet. Agree? Disagree? Depends on what you mean by "over internet." I've noticed that UEFI on recent motherboards typically has the ability to update itself over the internet from within the UEFI itself. Qubes can't prevent that, because Qubes isn't even running at that point (though AEM should detect such changes after the fact.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXUfeqAAoJENtN07w5UDAwE3EP/ROVVHDzgGzCssJWbbRGBmbI EEh7ZbMUzewofNjnYjsBA80QuhF8j+q/55Ofpb57vRdMJ400EtqABLachxgjjNwo VsahIcvkV0HSM+AZ3ObRwPcd4iRkcmzgfSXueLmoO7oAETpSWTqp5yweF/NUzTwo WcnilgajdJE7fI51jADltelqD3eGURC/pMbV5E6KUDFoLWG+zZULPKTaFimQDLz5 17dqTJ5MMwv5DrwFEXI2pgd6PxohPfOs4qGarCAw4/e8NIQyJ4IJ5vfcvN5GS2w1 NcJ/8k9rhI9pUxlufUhRdriDop793p5fjICWYTeUPGzziYLLA/KwE0hIYr1U5yg6 Rny7V+52FQ5BkmrpmYatMksmojHJzOdcLdEh5drHHxjx1FEKTtbkV39ud4Dl7GMh PmsyKRbDo/29uiXCuvjYENQ9PcaSxh3HSANXzo7GbFGy1RIwAK/CO9Wag9uadBHf NNui9Ta9JOCPpN0VV8RHAUuQJyRnB9a5XWuBcg3T6CKvWN5zOw7UqPV94A6jOwUL BvV9tjAHV6LSPPpLocDHbltsRGtDUCi+jITGOMmHK7O9mWP4MsCoqvys7oFw4FTN T1CqHAWcsYh2moX26x3EtW80vCO0rwr5wd5umX0QvrmAMXJLzWhAvF8oTlWdQ+fm 5GgaxByyNYg8JU1LXn20 =5r4k -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c558db36-63d6-1af9-0925-d077004a45ea%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] BIOS updates in qubes
With a Dell laptop running qubes, presumably no BIOS updates happen, right? One could still get attacked via BIOS is some had physical access to machine to swap out a part. But not over internet. Agree? Disagree? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4d8e5dd-4d06-49f3-bd24-9dd8e199e7c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.