Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On Wed, 14 Mar 2018, taii...@gmx.com wrote: > On 03/13/2018 11:05 PM, brendan.h...@gmail.com wrote: > > > If I pull the WiFi card out and don’t connect the Ethernet port to anything, > > then I configure qubes to use only a usb WiFi adapter (as I indicated > > above), I’m pretty sure that the ME engine won’t be able to use any of the > > three network interfaces to phone home. For ME to work over a network, it > > has to have a driver for the network adapter. It is unlikely to have one for > > the USB adapter. > I would re-read what I stated before - a hypothetical backdoor can easily use > simple P2P DMA writes it doesn't need drivers. Given that should attack should make sure that device won't crash when such a hypotetical backdoor is using DMA while something else is using the device through the normal driver at the same time, I'd seriously consider removing at least the "simple" qualifier from there. Alternatively, the attack needs synchronization besides DMA which also invalidates your claim that simple P2P DMA is enough. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1803140939280.5829%40whs-18.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 03/13/2018 11:05 PM, brendan.h...@gmail.com wrote: If I pull the WiFi card out and don’t connect the Ethernet port to anything, then I configure qubes to use only a usb WiFi adapter (as I indicated above), I’m pretty sure that the ME engine won’t be able to use any of the three network interfaces to phone home. For ME to work over a network, it has to have a driver for the network adapter. It is unlikely to have one for the USB adapter. I would re-read what I stated before - a hypothetical backdoor can easily use simple P2P DMA writes it doesn't need drivers. Don't you think the makers of such a thing would have planned for such a contingency? many people use USB mobile internet cards or wifi adapters. I’m pretty sure that ME is one reason Lenovo firmware has a WiFi card whitelist. No its to get people to buy their own card upgrades (ex: $100+ at purchase) instead of cheaper ones under the guise of FCC rules, it existed long before ME. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b54c7e2-b364-44c4-00aa-3626c24971c7%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
If I pull the WiFi card out and don’t connect the Ethernet port to anything, then I configure qubes to use only a usb WiFi adapter (as I indicated above), I’m pretty sure that the ME engine won’t be able to use any of the three network interfaces to phone home. For ME to work over a network, it has to have a driver for the network adapter. It is unlikely to have one for the USB adapter. I’m pretty sure that ME is one reason Lenovo firmware has a WiFi card whitelist. B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/92475381-aeb0-4f7e-905e-889af6ba2fd8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 03/13/2018 08:55 AM, brendan.h...@gmail.com wrote: If you bypass the onboard/whitelisted Ethernet and WiFi controllers and use USB connected networking, don’t you strongly mitigate remote access via Intel ME? It cannot use hardware it doesn’t have code to communicate with, right? Wrong. Haven't you read the rest of the thread with my posts? It can do P2P DMA to any NIC, there was research about this topic a few years ago about using a hacked graphics card firmware to communicate over the network via P2P DMA to a NIC or to a usb controller if you use a usb networking device, the myth of "just use another nic and you'll be fine" was started by purism to help sell their not-actually-libre laptop. FYI: ME/PSP is not subject to IOMMU restrictions It is impossible to disable ME/PSP, purism dell and system76 are lying about that - with ME cleaner and the hap bit any mask ROM's and the me kernel still runs - do you really think a hypothetical backdoor is that primitive? And as ME is a DRM feature (PAVP, intel insider, HDCP, etc) it is illegal to do research in to breaking the hardware code signing enforcement. Impossible = would take years and so much money that you could make create your own owner controlled POWER or ARM laptop for the same price - by the time it was figured out the hardware would be very old and not available any more. Why just buy a non-ME/PSP computer? there are many owner controlled choices. (see the rest of my thread) I can't understand why people are so insistent on having the latest intel hardware and why people have those delusions that just by doing X thing they can be "safe". I doubt anyone can tell the difference between a 2018 CPU and a 2013 CPU (ex: lenovo G505S with an pre-psp AMD quad core A10) Brand new owner controlled hardware is incredibly rare due to the amount of money it takes to make a motherboard even a crappy SoC design (think millions), plus unfortunately now the only owner controlled CPU arch is POWER. Ironically though for once you have the *actually* libre hardware TALOS 2 which is faster and less expensive than what intel would sell you for the same price (2.5K for the CPU and mobo is a great deal, a non-free xeon with that many threads and equivilant performance would cost more and it wouldn't have PCI-e 4.0, CAPI and all the other neat features) Every time you purchase new intel/amd hardware instead of for instance a TALOS 2 (workstation/server) or Novena (laptop) you are contributing to future DRM/anti-feature development instead of the development of newer better libre hardware - if the TALOS 2 is successful there are plans for a POWER mobile workstation laptop. In case you don't want to read the rest of the thread: Reccomendations for qubes 4.0: Laptops: Lenovo G505S - owner controlled, no ME/PSP, open source cpu/ram init (blob for video and power management but can be replaced if someone does the work and it is IOMMU restricted) Workstations: KCMA-D8 (MSRP $315 for the board) KGPE-D16 (MSRP $415 for the board) I play brand new games in a VM with IOMMU-GFX on mine. Non-qubes workstation/server: TALOS 2 - for virtualization including IOMMU-GFX graphics attaching to a VM - Brand new very high performance libre owner controlled hardware even including the cpu microcode - zero non-owner controlled hardware enforced code signing. I highly recommend the T2, while ATM xen doesn't support POWER (and the devs rebuff help from IBM/Raptor) it is an excellent virtualization platform and the performance is very high. Non-qubes laptops: Novena - open source hardware laptop with libre firmware, NOTE THERE IS NO IOMMU/HVM on the novena. If you really need 32GB RAM, an external graphics card, docking station or second battery on your laptop there is also the W520 (32GB) and T420 (16GB) which both support ivy bridge CPU's and open source hardware init, you can nerf ME via me cleaner/hap bit (not disabled). I recommend a G505S instead however as it is much more free and secure. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c6d30713-9a10-dea1-64ea-017d7b9042be%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
Tai, I would be interested to hear what you would recommend for a qubes laptop. I just bought in to the intel blob myself. Is it feasible to build a custom laptop? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ad6dab2-4e0f-4376-82f0-c74b5273c926%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On Tue, March 13, 2018 12:55 pm, brendan.h...@gmail.com wrote: > If you bypass the onboard/whitelisted Ethernet and WiFi controllers and > use USB connected networking, don’t you strongly mitigate remote access > via Intel ME? It cannot use hardware it doesn’t have code to communicate > with, right? Yes, that is a good step to take. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a95bdf3737e77994952aeb374cef6f50.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
If you bypass the onboard/whitelisted Ethernet and WiFi controllers and use USB connected networking, don’t you strongly mitigate remote access via Intel ME? It cannot use hardware it doesn’t have code to communicate with, right? B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fae54747-0367-4bd0-9764-a8cb31de0193%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On Monday, November 6, 2017 at 11:22:18 PM UTC+7, Marek Jenkins wrote: > > > I'm really glad the 63xx CPUs are also supported by Coreboot. I don't > > > really mind about Libreboot' philosophical issues - if it works on > > > Coreboot I'm happy. And now as I have checked the Coreboot Wiki page > > > again I actually realized you openly state the 63xx series works fine ;) > > The FSF hard line stance is a good thing, which gets us stuff like TALOS > > 2/POWER9 which is 100% owner controlled including microcode (check it out) > > But in this case I say the faster cpu is worth it for video games. > > Yes I've had a look, TALOS II is definitely a great project! Unfortunately, > my budget doesn't really allow to spend 5-6k on a workstation. Nontheless, I > really appreciate their efforts and can imagine privacy/security-conscious > companies do so as well. I don't even think it's that expensive, given that > they have to do a lot of development/research and probably only manufacture > in relatively small quantities (yet). > > > > Is that all it takes to compile the .rom correctly ? Does SeaBios work > > > out-of-the-box with Qubes ? Also, would it be best to simply clone the > > > latest working config for the KGPE-D16 from the Coreboot website > > > (https://www.coreboot.org/Supported_Motherboards), which can be > > > downloaded here for example: > > > > > > - > > > https://review.coreboot.org/cgit/coreboot.git/commit/?id=3f09b0ffef990286ecca344cf73023b35be42406 > > > - > > > https://review.coreboot.org/cgit/board-status.git/tree/asus/kgpe-d16/4.6-1125-g3f09b0f/2017-08-21T04_40_02Z/config.txt > > That should be what was included, no need to do that. > > Yes true, I just thought I might reverse-engineer the correct settings for > the KGPE-D16 from that config.txt file. Now as I have learned that the > default settings are fine, that idea doesn't really make sense anymore. I > initially expected each motherboard/chipset would require a custom setup to > work. (Besides specifying motherboard/chipset). > > > > Would you generally agree, that "Microcode update" is just a fancy name > > > for fetching + installing a certain AMD package from a repository that > > > patches the security vulnerability in the CPU? Or what is the approach I > > > need to follow to enable IOMMU and fix the security vulnerability when > > > running a 63xx CPU under Qubes/Xen? > > You need it in the firmware to enable IOMMU and avoid the NMI issue, by > > default coreboot includes it as I said so no worries. (check just to > > make sure of course) > > Okay fine, I'll simply go with Coreboot default settings then. > > > > Yes it's really crazy and a bit alarming how much data they gather :/ > > > That's also the main reason why I want to keep my browsing in different > > > VMs (work, banking, music/streaming, etc). > > That doesn't do anything if you use an identical browser fingerprint. > > Seems I really need to learn a bit more about this as soon as Qubes OS is up > and running. I thought if I separate the cookies and use an adblock addon in > Firefox I'd avoid most of those tracking problems. > > > > I mean know one knows, what they will really do with all the personal > > > data in the future. > > Being denied a job because your politics differ from your bosses - > > removing 50% of job options. > > Having creepy people scan your face in public and then harrass you for > > whatever reason. > > Someone robbing your house because statistically they can get away with > > it at exactly that time (their robber research tool told them what the > > best time was to rob you: when you are far from home, when the local > > cops take a donut break, when your neighbors are otherwise occupied, etc) > > Scary stuff, but very likely if I think about it! I once also read that > insurance companies increasingly attempt to track/profile people (and their > habits) on social media to determine insurance premiums. In other words, > sometime in the future your insurance premium could depend on what you > post/share online (or what not). Can't believe all those things are legal. Any updates in 2018? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ce96134-0416-4c9a-8ad2-6a880d3ada98%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
> > I'm really glad the 63xx CPUs are also supported by Coreboot. I don't > > really mind about Libreboot' philosophical issues - if it works on Coreboot > > I'm happy. And now as I have checked the Coreboot Wiki page again I > > actually realized you openly state the 63xx series works fine ;) > The FSF hard line stance is a good thing, which gets us stuff like TALOS > 2/POWER9 which is 100% owner controlled including microcode (check it out) > But in this case I say the faster cpu is worth it for video games. Yes I've had a look, TALOS II is definitely a great project! Unfortunately, my budget doesn't really allow to spend 5-6k on a workstation. Nontheless, I really appreciate their efforts and can imagine privacy/security-conscious companies do so as well. I don't even think it's that expensive, given that they have to do a lot of development/research and probably only manufacture in relatively small quantities (yet). > > Is that all it takes to compile the .rom correctly ? Does SeaBios work > > out-of-the-box with Qubes ? Also, would it be best to simply clone the > > latest working config for the KGPE-D16 from the Coreboot website > > (https://www.coreboot.org/Supported_Motherboards), which can be downloaded > > here for example: > > > > - > > https://review.coreboot.org/cgit/coreboot.git/commit/?id=3f09b0ffef990286ecca344cf73023b35be42406 > > - > > https://review.coreboot.org/cgit/board-status.git/tree/asus/kgpe-d16/4.6-1125-g3f09b0f/2017-08-21T04_40_02Z/config.txt > That should be what was included, no need to do that. Yes true, I just thought I might reverse-engineer the correct settings for the KGPE-D16 from that config.txt file. Now as I have learned that the default settings are fine, that idea doesn't really make sense anymore. I initially expected each motherboard/chipset would require a custom setup to work. (Besides specifying motherboard/chipset). > > Would you generally agree, that "Microcode update" is just a fancy name for > > fetching + installing a certain AMD package from a repository that patches > > the security vulnerability in the CPU? Or what is the approach I need to > > follow to enable IOMMU and fix the security vulnerability when running a > > 63xx CPU under Qubes/Xen? > You need it in the firmware to enable IOMMU and avoid the NMI issue, by > default coreboot includes it as I said so no worries. (check just to > make sure of course) Okay fine, I'll simply go with Coreboot default settings then. > > Yes it's really crazy and a bit alarming how much data they gather :/ > > That's also the main reason why I want to keep my browsing in different VMs > > (work, banking, music/streaming, etc). > That doesn't do anything if you use an identical browser fingerprint. Seems I really need to learn a bit more about this as soon as Qubes OS is up and running. I thought if I separate the cookies and use an adblock addon in Firefox I'd avoid most of those tracking problems. > > I mean know one knows, what they will really do with all the personal > > data in the future. > Being denied a job because your politics differ from your bosses - > removing 50% of job options. > Having creepy people scan your face in public and then harrass you for > whatever reason. > Someone robbing your house because statistically they can get away with > it at exactly that time (their robber research tool told them what the > best time was to rob you: when you are far from home, when the local > cops take a donut break, when your neighbors are otherwise occupied, etc) Scary stuff, but very likely if I think about it! I once also read that insurance companies increasingly attempt to track/profile people (and their habits) on social media to determine insurance premiums. In other words, sometime in the future your insurance premium could depend on what you post/share online (or what not). Can't believe all those things are legal. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc93e841-6fda-416a-9ac7-0e0d766ae46e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 11/06/2017 12:42 AM, 'Marek Jenkins' via qubes-users wrote: On Monday, 6 November 2017 02:09:32 UTC+1, tai...@gmx.com wrote: On 11/04/2017 09:36 PM, 'Marek Jenkins' via qubes-users wrote: Although an advantage of the KGPE-D16 is that it includes the $50 module needed to run OpenBMC - your choice. I looked it up, but I don't really understand the purpose of the OpenBMC module. Was it for TPE/AEM support ? It is for libre remote access and hardware fan control (instead of running fancontrol in linux) Thanks for the clarification! I probably won't really need the remote access feature, but hardware fan control is always good. Even better when libre. Do you by any chance know for sure, if the 6386 works with Coreboot ? Yeah it does. Because on the Coreboot website they advise to avoid the whole 63xx series, due to the "microcode update" issue. No that's what the libreboot site says, I maintain the kgpe-d16 article on the coreboot wiki and I would never state that. Cool, I didn't expect that - great to get so much support first-hand :) Initially, my plan was also to get a 63xx CPU but then I stumbled on Libreboot's wiki, where they state one should "AVOID [the 63xx series] LIKE THE PLAGUE". Seemed a bit hysterical to me as well, but then again, I thought they know their stuff (no offence) :D (Source: https://libreboot.org/docs/hardware/kgpe-d16.html) I'm really glad the 63xx CPUs are also supported by Coreboot. I don't really mind about Libreboot' philosophical issues - if it works on Coreboot I'm happy. And now as I have checked the Coreboot Wiki page again I actually realized you openly state the 63xx series works fine ;) The FSF hard line stance is a good thing, which gets us stuff like TALOS 2/POWER9 which is 100% owner controlled including microcode (check it out) But in this case I say the faster cpu is worth it for video games. If you wanted a 62xx you could get a 6287SE which is almost as fast as a 6386SE, whereas the 6284SE is a tick slower. By the way, I also finally managed to compile the Coreboot .rom file yesterday, with the help of the wiki (https://www.coreboot.org/Build_HOWTO). It was just for testing purposes, and I didn't really change much during the setup. I simply chose the ASUS KGPE-D16 mainboard and compiled it as a i386 ROM (AMD chipset). Basically like this: 1. $ make menuconfig (ASUS KGPE-D16, PS/2 init, SeaBios) 2. $ make crossgcc-i386 CPUS=8 3. $ make Sounds ok. Is that all it takes to compile the .rom correctly ? Does SeaBios work out-of-the-box with Qubes ? Also, would it be best to simply clone the latest working config for the KGPE-D16 from the Coreboot website (https://www.coreboot.org/Supported_Motherboards), which can be downloaded here for example: - https://review.coreboot.org/cgit/coreboot.git/commit/?id=3f09b0ffef990286ecca344cf73023b35be42406 - https://review.coreboot.org/cgit/board-status.git/tree/asus/kgpe-d16/4.6-1125-g3f09b0f/2017-08-21T04_40_02Z/config.txt That should be what was included, no need to do that. Regarding Coreboot, IOMMU and security : On your wiki page it says "The 63xx "Piledriver" series processors require microcode updates to enable IOMMU (Errata) and may require microcode updates for safe operation due to the 2016 gain-root-via-NMI exploit." I found some details about the 63xx microcode security updates on the Debian mailing list, but I'm not really sure if the same manual update procedure applies to our use case (Qubes/Xen/Coreboot) since dom0 is based on Fedora. (Source: https://lists.debian.org/debian-user/2016/03/msg01044.html) Would you generally agree, that "Microcode update" is just a fancy name for fetching + installing a certain AMD package from a repository that patches the security vulnerability in the CPU? Or what is the approach I need to follow to enable IOMMU and fix the security vulnerability when running a 63xx CPU under Qubes/Xen? You need it in the firmware to enable IOMMU and avoid the NMI issue, by default coreboot includes it as I said so no worries. (check just to make sure of course) Get a 63xx/43xx, they're slightly faster. Yes definitely. PS: I will also switch off Google very soon, I didn't know they were doing such advanced things in regards to tracking.. They are truly the worlds most powerful corporation, they are even putting cameras and mics around urban centers now to help with their AI research and of course advertising. Yes it's really crazy and a bit alarming how much data they gather :/ That's also the main reason why I want to keep my browsing in different VMs (work, banking, music/streaming, etc). That doesn't do anything if you use an identical browser fingerprint. I mean know one knows, what they will really do with all the personal data in the future. Being denied a job because your politics differ from your bosses - removing 50% of job options. Having creepy people scan your face in public and then harrass you for whatever reas
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On Monday, 6 November 2017 02:09:32 UTC+1, tai...@gmx.com wrote: > On 11/04/2017 09:36 PM, 'Marek Jenkins' via qubes-users wrote: > > >> Although an advantage of the KGPE-D16 is that it includes the $50 module > >> needed to run OpenBMC - your choice. > > I looked it up, but I don't really understand the purpose of the OpenBMC > > module. Was it for TPE/AEM support ? > It is for libre remote access and hardware fan control (instead of > running fancontrol in linux) Thanks for the clarification! I probably won't really need the remote access feature, but hardware fan control is always good. Even better when libre. > > Do you by any chance know for sure, if the 6386 works with Coreboot ? > Yeah it does. > > Because on the Coreboot website they advise to avoid the whole 63xx series, > > due to the "microcode update" issue. > No that's what the libreboot site says, I maintain the kgpe-d16 article > on the coreboot wiki and I would never state that. Cool, I didn't expect that - great to get so much support first-hand :) Initially, my plan was also to get a 63xx CPU but then I stumbled on Libreboot's wiki, where they state one should "AVOID [the 63xx series] LIKE THE PLAGUE". Seemed a bit hysterical to me as well, but then again, I thought they know their stuff (no offence) :D (Source: https://libreboot.org/docs/hardware/kgpe-d16.html) I'm really glad the 63xx CPUs are also supported by Coreboot. I don't really mind about Libreboot' philosophical issues - if it works on Coreboot I'm happy. And now as I have checked the Coreboot Wiki page again I actually realized you openly state the 63xx series works fine ;) By the way, I also finally managed to compile the Coreboot .rom file yesterday, with the help of the wiki (https://www.coreboot.org/Build_HOWTO). It was just for testing purposes, and I didn't really change much during the setup. I simply chose the ASUS KGPE-D16 mainboard and compiled it as a i386 ROM (AMD chipset). Basically like this: 1. $ make menuconfig (ASUS KGPE-D16, PS/2 init, SeaBios) 2. $ make crossgcc-i386 CPUS=8 3. $ make Is that all it takes to compile the .rom correctly ? Does SeaBios work out-of-the-box with Qubes ? Also, would it be best to simply clone the latest working config for the KGPE-D16 from the Coreboot website (https://www.coreboot.org/Supported_Motherboards), which can be downloaded here for example: - https://review.coreboot.org/cgit/coreboot.git/commit/?id=3f09b0ffef990286ecca344cf73023b35be42406 - https://review.coreboot.org/cgit/board-status.git/tree/asus/kgpe-d16/4.6-1125-g3f09b0f/2017-08-21T04_40_02Z/config.txt Regarding Coreboot, IOMMU and security : On your wiki page it says "The 63xx "Piledriver" series processors require microcode updates to enable IOMMU (Errata) and may require microcode updates for safe operation due to the 2016 gain-root-via-NMI exploit." I found some details about the 63xx microcode security updates on the Debian mailing list, but I'm not really sure if the same manual update procedure applies to our use case (Qubes/Xen/Coreboot) since dom0 is based on Fedora. (Source: https://lists.debian.org/debian-user/2016/03/msg01044.html) Would you generally agree, that "Microcode update" is just a fancy name for fetching + installing a certain AMD package from a repository that patches the security vulnerability in the CPU? Or what is the approach I need to follow to enable IOMMU and fix the security vulnerability when running a 63xx CPU under Qubes/Xen? > Get a 63xx/43xx, they're slightly faster. Yes definitely. > > PS: I will also switch off Google very soon, I didn't know they were doing > > such advanced things in regards to tracking.. > They are truly the worlds most powerful corporation, they are even > putting cameras and mics around urban centers now to help with their AI > research and of course advertising. Yes it's really crazy and a bit alarming how much data they gather :/ That's also the main reason why I want to keep my browsing in different VMs (work, banking, music/streaming, etc). I mean know one knows, what they will really do with all the personal data in the future.. they sure sell the data or use it for advertising purposes. Besides that, the added security of Qubes against malware was another great thing that convinced me to switch. Best regards! Marek -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eecb43ef-98ca-4dd3-9ca2-197ad58cec1f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 11/04/2017 09:36 PM, 'Marek Jenkins' via qubes-users wrote: Although an advantage of the KGPE-D16 is that it includes the $50 module needed to run OpenBMC - your choice. I looked it up, but I don't really understand the purpose of the OpenBMC module. Was it for TPE/AEM support ? It is for libre remote access and hardware fan control (instead of running fancontrol in linux) Usual retail: KGPE-D16 - $400 KCMA-D8 - $250-300 CPU: 4386 - $100-130 6386 - $100-200 Thanks for the overview. Do you by any chance know for sure, if the 6386 works with Coreboot ? Yeah it does. Because on the Coreboot website they advise to avoid the whole 63xx series, due to the "microcode update" issue. No that's what the libreboot site says, I maintain the kgpe-d16 article on the coreboot wiki and I would never state that. I initially also wanted to go for a 63xx CPU but due to their advise I thought about switching to 62xx to avoid all those problems. Maybe that can be solved ? Because the 63xx is only insignificantly more expensive than the 62xx CPUs... Get a 63xx/43xx, they're slightly faster. PS: I will also switch off Google very soon, I didn't know they were doing such advanced things in regards to tracking.. They are truly the worlds most powerful corporation, they are even putting cameras and mics around urban centers now to help with their AI research and of course advertising. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0224121d-13fa-f922-9185-35cd816b36c1%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
> Even just one 6386 is a speed demon but if you want you can eventually > upgrade to two if you really wanna be cooking with gas. > > Although I would recommend saving money and by getting a KCMA-D8 and a > 4386 - you can always buy a second 4386 if you want more speed. > > If you have 32 cores honestly they'll probably be sitting idle most of > the time (mine are), as you'd be compiling everything in a matter of > seconds. Probably true ;) I just thought I spend a little bit more now to have a solution that serves me well for the next couple of years to come :D I plan to use the machine for video rendering, gaming and running quite a few VMs + HVMs in parallel. > Although an advantage of the KGPE-D16 is that it includes the $50 module > needed to run OpenBMC - your choice. I looked it up, but I don't really understand the purpose of the OpenBMC module. Was it for TPE/AEM support ? > Usual retail: > KGPE-D16 - $400 > KCMA-D8 - $250-300 > > CPU: > 4386 - $100-130 > 6386 - $100-200 Thanks for the overview. Do you by any chance know for sure, if the 6386 works with Coreboot ? Because on the Coreboot website they advise to avoid the whole 63xx series, due to the "microcode update" issue. I initially also wanted to go for a 63xx CPU but due to their advise I thought about switching to 62xx to avoid all those problems. Maybe that can be solved ? Because the 63xx is only insignificantly more expensive than the 62xx CPUs... PS: I will also switch off Google very soon, I didn't know they were doing such advanced things in regards to tracking.. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cad9ee04-ea5c-42fe-8489-1c39523b6c89%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 11/03/2017 10:10 AM, 'Marek Jenkins' via qubes-users wrote: Thanks again for all the info, I really appreciate your advice! TXT is a marketing feature, it isn't really relevant. Doing kernel code signing via coreboot with grub payload is a much better security feature, if you lock your flash chip the only way to flash will be externally (with a tester clip) so it is very secure. Okay good to know, then I'll discard TXT from now on ;) * You'd be able to play new video games at high settings in a VM, run a bunch of VMs or do both at the same time with dual 4386 CPU's. * You could use it as a gigabit vpn router with a router distro. Another option for more juice is the pricier KGPE-D16 (same featureset but with more RAM slots, support for socket g34 16 core cpu's and more PCI-e lanes/slots) and get 16 core CPU's you would be able to have 32 cores total with the opteron 6386 (best G34 cpu) and thus for instance have three people playing games at high settings on the same PC plus many VM's. Sounds perfect! I think you actually convinced me to go for the KGPE-D16 + Opteron 6386 + 64GB RAM then :) Even just one 6386 is a speed demon but if you want you can eventually upgrade to two if you really wanna be cooking with gas. Although I would recommend saving money and by getting a KCMA-D8 and a 4386 - you can always buy a second 4386 if you want more speed. If you have 32 cores honestly they'll probably be sitting idle most of the time (mine are), as you'd be compiling everything in a matter of seconds. Although an advantage of the KGPE-D16 is that it includes the $50 module needed to run OpenBMC - your choice. Also for the KGPE-D16 one can also buy an 8 core 6328 which is better for games than the slower per core speed of the 6386 and slightly faster than the D8's socket C32 4386 (btw according to the dev one can mix and match a 6328 and a 6386 so say one for games one for compiles) as hardly any games use more than 8 cores let alone 16. Now I only need to find a trusted seller where I can buy the mainboard (new/affordable price) with EU shipping. Everything except mainboard can be used (RAM, CPU, AMD GPU). It would be awesome if you could tell me where to buy the hardware cheap. Dunno about that, but you should ask on the coreboot mailinglist. Usual retail: KGPE-D16 - $400 KCMA-D8 - $250-300 CPU: 4386 - $100-130 6386 - $100-200 Preferably via e-mail (marek.jenk...@openmailbox.org) for privacy or in your reply over here if you don't want to reveal your e-mail address. (No worries, this is just one of my "throw-away" email-addresses) You shouldn't use gmail, you are supporting their AI research and giving them data to spy on you and add to your marketing profile via browser fingerprinting (don't think they don't know about your other accounts) You will need to buy a video card as the onboard video sucks, I advise AMD as they are friendlier to open source and virtualization compared with nvidia who adds "bugs" to their drivers to try and stop you from using a geforce card in a VM to play games (see code 43 error) Do you maybe know a AMD card that would work ? Anything post 2012 is fine, but obviously you want something new/performance if you wish to play new games. No need to buy a FirePro/Radeon Pro, the regular radeons are fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f32c62b-bb82-7ce9-7792-ea33873c67b7%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
What is the difference between Coreboot and Libreboot ? Is one better than the other for Qubes OS ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bdbcb7a0-3883-4613-8cf4-12d7c7fa8eaa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
Thanks again for all the info, I really appreciate your advice! > TXT is a marketing feature, it isn't really relevant. > Doing kernel code signing via coreboot with grub payload is a much > better security feature, if you lock your flash chip the only way to > flash will be externally (with a tester clip) so it is very secure. Okay good to know, then I'll discard TXT from now on ;) > * You'd be able to play new video games at high settings in a VM, run a > bunch of VMs or do both at the same time with dual 4386 CPU's. > * You could use it as a gigabit vpn router with a router distro. > Another option for more juice is the pricier KGPE-D16 (same featureset > but with more RAM slots, support for socket g34 16 core cpu's and more > PCI-e lanes/slots) and get 16 core CPU's you would be able to have 32 > cores total with the opteron 6386 (best G34 cpu) and thus for instance > have three people playing games at high settings on the same PC plus > many VM's. Sounds perfect! I think you actually convinced me to go for the KGPE-D16 + Opteron 6386 + 64GB RAM then :) Now I only need to find a trusted seller where I can buy the mainboard (new/affordable price) with EU shipping. Everything except mainboard can be used (RAM, CPU, AMD GPU). It would be awesome if you could tell me where to buy the hardware cheap. Preferably via e-mail (marek.jenk...@openmailbox.org) for privacy or in your reply over here if you don't want to reveal your e-mail address. (No worries, this is just one of my "throw-away" email-addresses) > You will need to buy a video card as the onboard video sucks, I advise > AMD as they are friendlier to open source and virtualization compared > with nvidia who adds "bugs" to their drivers to try and stop you from > using a geforce card in a VM to play games (see code 43 error) Do you maybe know a AMD card that would work ? Kind regards, Marek -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ff387e0a-a0fe-48b9-9970-2974297fb8d8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 11/03/2017 07:51 AM, 'Marek Jenkins' via qubes-users wrote: Wow, thank you very much for your in-depth reply! I never really considered buying a server mainboard yet. It is a great workstation/server board. Until know, I had planned to buy an Asrock Q170M vPro mainboard + Intel i7-7700 CPU. I did quite a bit of research on Intel chipsets and Intel CPUs and only few seem to tick all the boxes for Qubes. Yeah intel loves its artificial market segmentation. I especially looked for Intel VT-x (including EPT), Intel VT-d, and Intel TXT. The Asrock Q170M vPro also supports AEM in theory. Last but not least it's very cheap and supports current CPUs (LGA1151). TXT is a marketing feature, it isn't really relevant. Doing kernel code signing via coreboot with grub payload is a much better security feature, if you lock your flash chip the only way to flash will be externally (with a tester clip) so it is very secure. The KCMA-D8 and KGPE-D16 support an owner controlled core root of trust TPM via coreboot if you wanna use AEM. Can you elaborate a bit on the performance of the Asus KCMA-D8 + AMD Opteron 4386 ? * Using gentoo is enjoyable for once as it doesn't take forever to compile stuff. * You'd be able to play new video games at high settings in a VM, run a bunch of VMs or do both at the same time with dual 4386 CPU's. * You could use it as a gigabit vpn router with a router distro. Another option for more juice is the pricier KGPE-D16 (same featureset but with more RAM slots, support for socket g34 16 core cpu's and more PCI-e lanes/slots) and get 16 core CPU's you would be able to have 32 cores total with the opteron 6386 (best G34 cpu) and thus for instance have three people playing games at high settings on the same PC plus many VM's. I had a look at performance benchmarks of the AMD Opteron 4386 (dual CPU) and it seems even a single Intel i7-7700 outperforms the 4386 CPU. Nontheless, its an Octacore CPU (2012) compared to the Intel CPU which is a Quadcore (2017). I have little knowledge about server hardware performance, so that makes the comparison a bit difficult for me. A 4386 (socket C32) is equivalent to a FX-8310 (socket AM3+), the new intel stuff is a bit faster but it is non-free and to get 8 cores you have to pay a ton of money. Would you say the KCMA-D8 + 4386 are on the same level or at least have more than enough power to run 8-10+ VMs (including 1-2 Windows HVMs) at the same time with 32GB RAM? RAM - I would get 64GB (need ECC RDIMM's fyi, $10/ea used for 8gb 1333mhz sticks) CPU - Yes definitely, and you can always pop in another 4386 for more juice such as if you want to play games and use power hungry VM's at the same time (with my 16 cores I play games in one VM and compile things in another VM concurrently with no issues) More things: The board should be bought brand new but all the other stuff you can get used as it has a much longer life (cpu - 20 years) than for instance the capacitors on the board. Let me know if you want help finding a site that sells them for $250 or so (not amazon or newegg) You will need to buy a video card as the onboard video sucks, I advise AMD as they are friendlier to open source and virtualization compared with nvidia who adds "bugs" to their drivers to try and stop you from using a geforce card in a VM to play games (see code 43 error) OpenBMC needs the ASMB4-iKVM or ASMB5-iKVM, the KCMA-D8 doesn't come with one but the KGPE-D16 does. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/30ec5f56-72a3-fec2-3ef8-c82be2da7072%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
> I would buy a KCMA-D8 with a 4386 cpu then install coreboot (on this > board it is fully open source and blob free) > Features: > 100% Libre firmware available! > Fully supports Qubes 4.0< Wow, thank you very much for your in-depth reply! I never really considered buying a server mainboard yet. Until know, I had planned to buy an Asrock Q170M vPro mainboard + Intel i7-7700 CPU. I did quite a bit of research on Intel chipsets and Intel CPUs and only few seem to tick all the boxes for Qubes. I especially looked for Intel VT-x (including EPT), Intel VT-d, and Intel TXT. The Asrock Q170M vPro also supports AEM in theory. Last but not least it's very cheap and supports current CPUs (LGA1151). Can you elaborate a bit on the performance of the Asus KCMA-D8 + AMD Opteron 4386 ? I had a look at performance benchmarks of the AMD Opteron 4386 (dual CPU) and it seems even a single Intel i7-7700 outperforms the 4386 CPU. Nontheless, its an Octacore CPU (2012) compared to the Intel CPU which is a Quadcore (2017). I have little knowledge about server hardware performance, so that makes the comparison a bit difficult for me. Would you say the KCMA-D8 + 4386 are on the same level or at least have more than enough power to run 8-10+ VMs (including 1-2 Windows HVMs) at the same time with 32GB RAM? > The board is only $250 for a variety of independent sellers (not > overpriced/evil newegg/amazon) and you can get a nice cpu for $100 > (4386) or a budget one for $30 (4280) > > I offer free tech support for libre motherboard purchasers, I am skilled > using coreboot and it runs on a many of my computers - don't hesitate to > ask me questions :D The reason I asked about the performance is that it would only be a good option for me if the performance is really good (hopefully comparable to current Intel i7 desktop CPUs). Because where I live in Europe, the Asus KCMA-D8 + AMD Opteron 4386 are way more expensive and hard to get. The mobo costs roughly 360 USD and one (!) 4386 CPU costs about 560 USD. So if I'd go that route I would probably have to buy them abroad (US, China, etc) from the offers I have seen with more reasonable prices :/ TALOS2 also seems promising, although it's not in my budged ;) Before I decide what to do: Do you maybe know some other mainboards that you can recommend for Qubes 4.0 that are relatively cheap + high performance and ship without vPro / AMT / ME + support for libre BIOS ? Kind regards! Marek -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e8303d7d-418c-4e27-b3d9-4800230382b5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: AW: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 11/02/2017 09:42 PM, '[799]' via qubes-users wrote: (This one has also the link to the Qubes article addressing the vpro/Intel AMT topic) Additionaly: https://puri.sm/learn/avoiding-intel-amt/ https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/ Purism isn't worth the money for what you get, their laptops aren't and will never be owner controlled - their marketing is quite dishonest as well. They also fail to mention that they didn't make ME cleaner, and that it nerfs ME but doesn't disable it (Don't include any ME binaries and their laptops WILL turn off after 30 minutes, physically disconnect the ME processor to avoid a hostile mask ROM and their laptops won't even boot) If vpro/Intel AMT is bothering you, I suggest running Coreboot (you might want to check which hardware is compatible: https://www.coreboot.org/Supported_Motherboards) Coreboot doesn't do anything about ME/PSP. If you pick an intel coreboot supporting board that has a 100% open source init process (not the binary FSP blob like purism) it offers improved security and performance vs the proprietary bios, moving the firmware trust layer to you instead of OEM+vendor (default) or OEM (purism) There are also a few quality x86-64 coreboot boards and a laptop (the last free x86 boards FYI) that are owner controlled with an open source init and without ME/PSP, such as the KCMA-D8 (workstation) KGPE-D16 (server) and Lenovo G505S (laptop) From here the only choice for high performance owner controlled libre new hardware is POWER, such as the excellent TALOS 2 (a great price for server hardware in its performance class) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f897332-597d-1861-5738-eb55220d6934%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
On 11/02/2017 09:32 PM, 'Marek Jenkins' via qubes-users wrote: It seems that most new mainboards with Intel chipset have support for "Intel vPro" technology. I read in another thread that this can cause issues and should be avoided. Is that still correct ? The issue is Intel ME, a black box supervisor processor that is controlled by intel instead of you thus you don't really own your computer. vPro is simply a software addon to it which runs on the ME processor, it enables additional remote management features. ME is very dangerous for your freedom as it is the worlds greatest backdoor present in every computer (btw you should stop using gmail if you care about your freedom and not using your job in 20 years to a google made robot) Is "Intel vPro" a real no-go or can Qubes still work with it? Or can having vPro support even have positive effects ? It is used in a minority of enterprises for remote admin, but it is full of security holes. If ME/vPro was open source, owner controlled, physically removable and better secured then it would be very cool. I would buy a KCMA-D8 with a 4386 cpu then install coreboot (on this board it is fully open source and blob free) Features: 100% Libre firmware available! Fully supports Qubes 4.0< No ME/PSP Dual socket - supports 8 core cpu's - 16 core cpus available on its bigger brother the KGPE-D16 (also libre) 128GB Max RAM TPM addon (for AEM) Multiple PCI-e slots (supports crossfire) IOMMU, with IOMMU for Graphics (attach a gpu to a VM to play games in your VM) Two USB controllers (you need to buy usb headers to use the second) Supports ECC RAM Supports OpenBMC, an owner controlled remote management firmware for the boards KVM processor (the KGPE-D16/KCMA-D8 OpenBMC port was a great example of a successful crowdfunding campaignwhich yours truly contributed to) Can play the latest games at high settings in a VM with a 4386 CPU, equivalent to a FX-8310 The board is only $250 for a variety of independent sellers (not overpriced/evil newegg/amazon) and you can get a nice cpu for $100 (4386) or a budget one for $30 (4280) I offer free tech support for libre motherboard purchasers, I am skilled using coreboot and it runs on a many of my computers - don't hesitate to ask me questions :D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0afa94b-cd0c-a76b-8df0-f90332e79fab%40gmx.com. For more options, visit https://groups.google.com/d/optout.
AW: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
Hello, > It seems that most new mainboards with Intel > chipset have support for "Intel vPro" > technology. Have you looked here: https://groups.google.com/forum/m/#!topic/qubes-users/8XrF_CpyEU0 > Is "Intel vPro" a real no-go or can Qubes still > work with it? Qubes will work with vpro. But with vpro it is possible to remotly administrate a PC. This is something we are using for some of our customers and is helpful in an Enterprise environment but maybe not something you would like to have on your private machine. Here some more details: https://security.stackexchange.com/questions/128619/what-are-the-privacy-and-security-risks-associated-with-intels-management-engin (This one has also the link to the Qubes article addressing the vpro/Intel AMT topic) Additionaly: https://puri.sm/learn/avoiding-intel-amt/ If vpro/Intel AMT is bothering you, I suggest running Coreboot (you might want to check which hardware is compatible: https://www.coreboot.org/Supported_Motherboards) [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/yW8Np9legJcD2HqMmCUIwF56crlQ_HOhSKudXexwQvswDUNrFMwvEM7kHymtu2qxF4T9X_YO6Z3Hr8rkl54Sqzc18jNarZBJD9RFft98g-0%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??
It seems that most new mainboards with Intel chipset have support for "Intel vPro" technology. I read in another thread that this can cause issues and should be avoided. Is that still correct ? Is "Intel vPro" a real no-go or can Qubes still work with it? Or can having vPro support even have positive effects ? Thanks for your advice. Marek -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/92acf400-e541-4579-9856-bb9e5ba03c1e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
