Re: [qubes-users] AEM questions

2017-02-16 Thread Chris Laprise

On 02/16/2017 02:17 AM, j...@vfemail.net wrote:

Thanks for answering, but i still have some questions:


(in any case, i will  use a pass phrase for aem.)

1) is there a difference between using an usb drive or using an
internal partition? (except of having a second device in case of an usb
drive)


Yes. You should keep your AEM boot with you on a separate device. If you
don't, an attacker could see your secret phrase by booting the system.


but isn't this the reason i am using a password for?
the aem data is protected by my aem pw.
after entering it, it is used to decrypt my secret + (somehow) check the
system integrity
if this fails, my aem pw is burned.
in case it succeeds, i enter my luks pw and the system data is encrypted.
at least this is how i understood it.


Actually, you're right... I didn't see your mention of the passphrase 
earlier. Its good that you're reading the material so carefully!


Even so, there is some risk associated with leaving the boot partition 
on the internal drive. An altered boot partition could prompt for the 
SRK phrase and then send your response over Wifi or other signal. This 
could be made to look like a glitch---computer reboots after prompt, etc.






This is also important if you want AEM to warn you after a /remote/
(non-Evil Maid) attack has affected your BIOS.


How does this work?


Its automatic. Just using AEM gives you 'protection' (i.e. warnings) for 
some remote attacks. Its not comprehensive, but IMO still valuable.





3) is unhiding my usb devices only required during aem setup? (i guess
so, but i thought, i would ask)


I think you refer to the option that suppresses USB devices during boot.


I refer to this (
https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README 


110-120)

"
Note: If you choose to use a USB device (e.g., a flash drive) as your AEM
device
and you previously created a USB qube, then you may have to unhide 
your USB

controller from dom0:

  1. Open the file `/etc/default/grub` in dom0.
  2. Find the line that begins with `GRUB_CMDLINE_LINUX`.
  3. If present, remove `rd.qubes.hide_all_usb` from that line.
  4. Save and close the file.
  5. Run the command `grub2-mkconfig -o /boot/grub2/grub.cfg` in dom0.
  6. Reboot.
"
here you unhide the usbcontroller so it is accessible from dom0.


Yes, IIRC the reason to do this is so AEM can read the secret file on 
the USB drive during each boot.





3) is unhiding my usb devices only required during aem setup? (i guess
so, but i thought, i would ask)


I think you refer to the option that suppresses USB devices during boot.
This should be turned off when booting AEM (not just installing) from a
USB stick so the verification sequence can read the secret from the USB
stick.


This is not mentioned anywhere in the documentation. I think it should.


It could use some explanation as to 'why'.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee3b0bb8-b3e2-004e-5b7f-a0bc25705ced%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] AEM questions

2017-02-16 Thread jd87

Thanks for answering, but i still have some questions:


(in any case, i will  use a pass phrase for aem.)

1) is there a difference between using an usb drive or using an
internal partition? (except of having a second device in case of an usb
drive)


Yes. You should keep your AEM boot with you on a separate device. If you
don't, an attacker could see your secret phrase by booting the system.


but isn't this the reason i am using a password for?
the aem data is protected by my aem pw.
after entering it, it is used to decrypt my secret + (somehow) check the
system integrity
if this fails, my aem pw is burned.
in case it succeeds, i enter my luks pw and the system data is encrypted.
at least this is how i understood it.

also if this was the case, why is there the option to leave it on the
internal disk?
from the aem readme
(https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README
55-60):

"
You may want to use non-default password for the SRK key (see the
discussion in
the article referenced above), certainly if you want to save the sealed
secrets
to your internal boot partition. In that case you SHOULD NOT pass the '-z'
argument to tpm_takeownership.
"

This suggests it is safe to use an internal boot partition if a password is
passed to `tpm_takeownership`.

So what is the case?


This is also important if you want AEM to warn you after a /remote/
(non-Evil Maid) attack has affected your BIOS.


How does this work?


3) is unhiding my usb devices only required during aem setup? (i guess
so, but i thought, i would ask)


I think you refer to the option that suppresses USB devices during boot.


I refer to this (
https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README
110-120)

"
Note: If you choose to use a USB device (e.g., a flash drive) as your AEM
device
and you previously created a USB qube, then you may have to unhide your USB
controller from dom0:

  1. Open the file `/etc/default/grub` in dom0.
  2. Find the line that begins with `GRUB_CMDLINE_LINUX`.
  3. If present, remove `rd.qubes.hide_all_usb` from that line.
  4. Save and close the file.
  5. Run the command `grub2-mkconfig -o /boot/grub2/grub.cfg` in dom0.
  6. Reboot.
"
here you unhide the usbcontroller so it is accessible from dom0.


3) is unhiding my usb devices only required during aem setup? (i guess
so, but i thought, i would ask)


I think you refer to the option that suppresses USB devices during boot.
This should be turned off when booting AEM (not just installing) from a
USB stick so the verification sequence can read the secret from the USB
stick.


This is not mentioned anywhere in the documentation. I think it should.

- Joe


-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170216011755.Horde.CWX56sY8PUOKT-USjx2MNA1%40www.vfemail.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] AEM questions

2017-02-14 Thread Chris Laprise

On 02/14/2017 05:50 PM, j...@vfemail.net wrote:


hi.
since i will be traveling for a bit, my threadmodell changed and i 
want aem.

when reading the documentation, a few questions came up:
(in any case, i will  use a passphrase for aem.)

1) is there a difference between using an usb drive or using an 
internal partition? (except of having a second device in case of an 
usb drive)




Yes. You should keep your AEM boot with you on a separate device. If you 
don't, an attacker could see your secret phrase by booting the system.


This is also important if you want AEM to warn you after a /remote/ 
(non-Evil Maid) attack has affected your BIOS.



2) citing from the aem readme:
'If you've chosen the latter option [using an external boot device], 
you should then remove the internal

boot partition from dom0's /etc/fstab, never mount it again in dom0, and
never boot from it again, because an attacker might modify it to exploit
GRUB or dom0 filesystem drivers.'
what would happen if i lost my external boot device?
could i still boot without it?



You wouldn't be able to boot immediately. But you could later use a 
Qubes install disk to re-create a boot partition, or restore a partimage 
backup of the boot drive, or use a (trusted) live CD to unlock your 
Qubes drive and backup the VMs before installing Qubes anew.


3) is unhiding my usb devices only required during aem setup? (i guess 
so, but i thought, i would ask)




I think you refer to the option that suppresses USB devices during boot. 
This should be turned off when booting AEM (not just installing) from a 
USB stick so the verification sequence can read the secret from the USB 
stick.


However, you can configure a sys-usb VM to run automatically on startup, 
and this will isolate USB devices from the rest of the system. So... 
when booting AEM don't leave odd or untrusted devices plugged into your 
USB ports, because the system may be vulnerable during boot (but after 
boot you should be protected if sys-usb is running and configured properly).


4) The article from 2011 
(http://theinvisiblethings.blogspot.hu/2011/09/anti-evil-maid.html) 
mentions keyfiles.

Is this implemented? (the readme says nothing about it)



I don't recall seeing this implemented. There may be some workaround 
such as specifying the passphrase in the config... see "man crypttab" 
for details; in that case, the USB stick literally becomes a key to your 
main drive.


Chris



-joe



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad2bbe1d-6d5b-f74b-6e7b-5fb2c9a09dce%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] AEM questions

2017-02-14 Thread jd87

hi.
since i will be traveling for a bit, my threadmodell changed and i want
aem.
when reading the documentation, a few questions came up:
(in any case, i will  use a passphrase for aem.)

1) is there a difference between using an usb drive or using an internal
partition? (except of having a second device in case of an usb drive)
2) citing from the aem readme:
'If you've chosen the latter option [using an external boot device], you
should then remove the internal
boot partition from dom0's /etc/fstab, never mount it again in dom0, and
never boot from it again, because an attacker might modify it to exploit
GRUB or dom0 filesystem drivers.'
what would happen if i lost my external boot device?
could i still boot without it?
3) is unhiding my usb devices only required during aem setup? (i guess so,
but i thought, i would ask)
4) The article from 2011
(http://theinvisiblethings.blogspot.hu/2011/09/anti-evil-maid.html)
mentions keyfiles.
Is this implemented? (the readme says nothing about it)

-joe


-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170214165013.Horde.eG6CBeDh3PG1rsUKL2n6-Q7%40www.vfemail.net.
For more options, visit https://groups.google.com/d/optout.