Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-28 17:25, Chris Laprise wrote:
> On 07/27/2016 04:27 PM, Andrew David Wong wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>> 
>> On 2016-07-26 20:01, Chris Laprise wrote:
>>> On 07/26/2016 08:45 PM, el...@tutanota.com wrote:
> What is best way to verify our system supports these things?
 I think you can also check out the processor with Intel.. 
 ark.intel.com You can search through the different processors if you 
 are looking to pick up a new computer.
 
>>> A guide I found at AMD:
>>> http://support.amd.com/en-us/kb-articles/Pages/ 
>>> GPU120AMDRVICPUsHyperVWin8.aspx
>>> 
>>> From Microsoft: http://support.amd.com/en-us/kb-articles/Pages/ 
>>> GPU120AMDRVICPUsHyperVWin8.aspx
>>> 
>>> Basically, anything recent that isn't too cost-reduced.
>>> 
>>> Chris
>>> 
>> Chris, I think you may have accidentally pasted the same link twice.
>> 
> 
> Sorry, didn't hit Ctrl-shift-V when I should ;)
> 
> Here's the MS link: 
> http://social.technet.microsoft.com/wiki/contents/articles/ 
> 1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx
> 
> 
> Chris
> 

Thanks! However, it looks like that article hasn't been updated in a while.
Here's Intel's current, complete list of all CPUs that support EPT,so you can
ctrl+F and search for your model:

http://ark.intel.com/search/advanced?s=t=true

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXm5OsAAoJENtN07w5UDAwxYEP/3BVq+xK4NMIm1Q6h+IQKpsU
ueT0XXWu7Yj+Eao7fSDyco+YP3UkNha3LgFWgs9n6fqmGL6YgoKbqb6jlb20tKAa
R9Q4KiA8NK+X7PWB9yBIKM9laDxE1PE0z9D6goIpH18U7iHMkJRGoTJpn5CzWC/z
2W5BHZqCBuSAr1hBGSY4qY+lPT1iG+AVUldB4/rlFCXPiHc888ES1Gi7wI8J2ut8
+AhGYa/ECnV9lPeX/xSdzUBXywuWgm2gH7fe7F9opaN3IF3WY73dZ1t0qmNJxsaP
XIsDhXB4ppqmyiat1++CIw/DfEBy1KbtplUnPPb3ANJG6FYj6/fCNhEF3h+1QPDn
qnGxXnsL+dtQ4DFo2UdAYnJeuzxWEieo6u/mAvWIpzj2OqkettNUMy6OS7p+L97P
t5b2sEYuItL93hGDnaTVKgTshVKdH0Nt6pkEg+vl7uz0FzWYSTh/WC8Y6g4pCR3p
vpPu5d1U/4cALLhcx4s4CfN/kBadaA2PqhYZOy8MZK90nyAi6KJ0ue9fHSJf7HuQ
8SviI5T04x4FkzPgcIB0UI91N2o35xuIiFOP/iK2E/nuGHHlPkgREH0HXqguS6te
KqPby754EPkiOoEaQwSsR89mdMjxf9eWfxmPFI/gJUQTYtQ4h5UXfl5LHFz/8ARj
H3ozoQUTYfsrxmXtEuBH
=O1JX
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2305be3-fe7b-60a4-d3e4-6dd24c01d347%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Niels Kobschaetzki]

On 16/07/28 20:25, Chris Laprise wrote:

On 07/27/2016 04:27 PM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-26 20:01, Chris Laprise wrote:

On 07/26/2016 08:45 PM, el...@tutanota.com wrote:

What is best way to verify our system supports these things?

I think you can also check out the processor with Intel.. ark.intel.com
You can search through the different processors if you are looking to
pick up a new computer.


A guide I found at AMD:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

 From Microsoft:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

 Basically, anything recent that isn't too cost-reduced.

Chris


Chris, I think you may have accidentally pasted the same link twice.

- --


Sorry, didn't hit Ctrl-shift-V when I should ;)

Here's the MS link:
http://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx


Neat, the X201 supports SLAT :)

"Old" laptop but still on the safe side :)

Niels

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160729042010.GA1141%40mail.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Chris Laprise]

On 07/27/2016 04:27 PM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-26 20:01, Chris Laprise wrote:

On 07/26/2016 08:45 PM, el...@tutanota.com wrote:

What is best way to verify our system supports these things?

I think you can also check out the processor with Intel.. ark.intel.com
You can search through the different processors if you are looking to
pick up a new computer.


A guide I found at AMD:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

  From Microsoft:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

  Basically, anything recent that isn't too cost-reduced.

Chris


Chris, I think you may have accidentally pasted the same link twice.

- -- 


Sorry, didn't hit Ctrl-shift-V when I should ;)

Here's the MS link:
http://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e93fd151-1dc1-0c42-5977-d33534a3d61b%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-26 20:01, Chris Laprise wrote:
> On 07/26/2016 08:45 PM, el...@tutanota.com wrote:
>>> What is best way to verify our system supports these things?
>> I think you can also check out the processor with Intel.. ark.intel.com 
>> You can search through the different processors if you are looking to
>> pick up a new computer.
>> 
> 
> A guide I found at AMD: 
> http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx
>
>  From Microsoft: 
> http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx
>
>  Basically, anything recent that isn't too cost-reduced.
> 
> Chris
> 

Chris, I think you may have accidentally pasted the same link twice.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXmRkIAAoJENtN07w5UDAw4d4P/0rSNgjTOGfk4OhDVpXqQu23
3PAJXLFdXHAsmHf0bb2oZKN3qT7UbOGTeciCy3zCTJYmP90Qx6N9q/NcJHQUBPIa
VgdtIpY8VaO1PmiJJw1jfWRMTtRwyjjQ/B9ZNgmw2oOp5G9YFZ1sYgOpck+giRgt
bUsLWLJQhid57rjdKYsFqz0OdLc02sRQDfFEZHxUOSxSZuNn1Dk2HMTIbjPJNdlD
DFaronR921YlRIyNVch1eILpayuPbctVHFMDTNxIDIp5sGXG21kV7Lm+RgdND62c
gzm/CKZrEcqMDMQsxP9cRQuhjeEk2YOYbeZpOcLUA9+VOBqprNmj1lC7AGbIA01Y
v5yqJB0Lrd39SwXwcXYJM3z6x0BXIu9b/sq9G+EhYrwllU0DkB4ZE7rwt7A9OhEs
UMO8udhBd6B5m+fXb/gWsrWTnZBXTAf+FCtd8llxT2EhFtT7Oh9NrvwS2csxAt2R
crkOYxhl22vEgn1OG7OnLJUT04IWQGwRJyk+yztzBqbHK6DmDMj7tozqzCGGcICx
goTDzu9HYQB1r/WWxJfOMN4Ezggwkb7m6pp5+ijFzK53MGZDlotIz8Z7GoWiA4lr
qlm4t1mKFs0hi15xClDwiE1QJ8CVNjCdXxQcAUD7quHlAvMbhtnPawlVUBpxVFZR
G8HMVlzFF0WDxld8qMfc
=NOGX
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7bca3669-9756-97fe-e126-ad3c7a7524f5%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[7v5w7go9ub0o]

On 07/27/2016 03:01 AM, Chris Laprise wrote:

On 07/26/2016 08:45 PM, el...@tutanota.com wrote:

What is best way to verify our system supports these things?

I think you can also check out the processor with Intel..
ark.intel.com
You can search through the different processors if you are looking to 
pick up a new computer.




A guide I found at AMD:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx 



From Microsoft:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx 



Basically, anything recent that isn't too cost-reduced 



... and if also supported by the MB and BIOS.




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b0e1a92-cf5e-a904-86f2-d632084ea20f%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Manuel Amador (Rudd-O)]

On 07/26/2016 11:34 PM, Marek Marczykowski-Górecki wrote:
> On Tue, Jul 26, 2016 at 04:25:41PM -0700, raahe...@gmail.com wrote:
> > "Of course, to be compatible with Qubes OS, the BIOS must properly
> expose all the VT-x, VT-d, and SLAT functionality that the underlying
> hardware offers (and which we require). Among other things, this
> implies proper DMAR ACPI table construction."
>
> > What is best way to verify our system supports these things?
>
> The easiest way is to use qubes-hcl-report tool and check for "HVM" and
> "I/O MMU". I think "HVM" check currently doesn't include SLAT
> functionality check right now, but it's something we'll add in the near
> future.
>

The tool itself ought to include a checklist of Qubes certification
requirements met, and not met, and perhaps a percentage "Your system
meets 69% of the certification requirements, and here is a list of
things that the system would still need to have:"

Basically that's how it would work in my mind.  It'd be great if the
installer also exposed this information in a step or as a button option.


-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c86b74c4-79fa-5efe-fe05-7a27c8a52f27%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Drew White]

On Wednesday, 27 July 2016 09:34:17 UTC+10, Marek Marczykowski-Górecki  wrote:
> > "Of course, to be compatible with Qubes OS, the BIOS must properly expose 
> > all the VT-x, VT-d, and SLAT functionality that the underlying hardware 
> > offers (and which we require)."
> 
> The easiest way is to use qubes-hcl-report tool and check for "HVM" and
> "I/O MMU". I think "HVM" check currently doesn't include SLAT
> functionality check right now, but it's something we'll add in the near
> future.

What happens if we don't have the SLAT functionality? Will Qubes refuse to 
run/install/work ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6494901b-24d5-4415-a5b5-124ec2aa4458%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Chris Laprise]

On 07/26/2016 08:45 PM, el...@tutanota.com wrote:

What is best way to verify our system supports these things?

I think you can also check out the processor with Intel..
ark.intel.com
You can search through the different processors if you are looking to pick up a 
new computer.



A guide I found at AMD:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

From Microsoft:
http://support.amd.com/en-us/kb-articles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx

Basically, anything recent that isn't too cost-reduced.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07b40854-c066-ca18-df47-715ad96505cc%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Bill Wether]

On Tuesday, July 26, 2016 at 11:34:17 PM UTC, Marek Marczykowski-Górecki wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Tue, Jul 26, 2016 at 04:25:41PM -0700, raahe...@gmail.com wrote:
> > "Of course, to be compatible with Qubes OS, the BIOS must properly expose 
> > all the VT-x, VT-d, and SLAT functionality that the underlying hardware 
> > offers (and which we require). Among other things, this implies proper DMAR 
> > ACPI table construction."
> > 
> > What is best way to verify our system supports these things?
> 
> The easiest way is to use qubes-hcl-report tool and check for "HVM" and
> "I/O MMU". I think "HVM" check currently doesn't include SLAT
> functionality check right now, but it's something we'll add in the near
> future.

Thanks, Marek.  Being able to plan for this change would help us a lot, so 
please announce it nice and loud when it's done.

Thanks again

BillW

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb0f8a53-eca0-40ad-8b75-46529d89a9e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[eliwu]

> What is best way to verify our system supports these things?

I think you can also check out the processor with Intel..
ark.intel.com
You can search through the different processors if you are looking to pick up a 
new computer.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b31cd45c-2c86-486b-8aea-a2e12d9a0dce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Jul 26, 2016 at 04:25:41PM -0700, raahe...@gmail.com wrote:
> "Of course, to be compatible with Qubes OS, the BIOS must properly expose all 
> the VT-x, VT-d, and SLAT functionality that the underlying hardware offers 
> (and which we require). Among other things, this implies proper DMAR ACPI 
> table construction."
> 
> What is best way to verify our system supports these things?

The easiest way is to use qubes-hcl-report tool and check for "HVM" and
"I/O MMU". I think "HVM" check currently doesn't include SLAT
functionality check right now, but it's something we'll add in the near
future.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXl/N0AAoJENuP0xzK19cs938IAJdFzaAVpZwR4Pw1UugW1CwP
DQdBjjor8gzbGuFHnNPxiWdlNegAg3xlXomlGuzaCbH4xr+8EX9ZwO48srbfmwvJ
1TveTCPq+4l8TWPUml9irCiZYQqs6g2kWU8rrxTZ7nw/9iWNAWhvp37EmWtb7HS4
C+rzTzj7htnqlTSMscHlwW4zVG7Op+FQDeb7m+p9XwQd+9ZKZSsKfQ5FQyMOHh+i
xd9Yi5rhavT9PeEMIWfKGEP7YPjL/d7H0xhQGumdwFZwju55JsepacYtIRnbBhOV
iZinJnFOIaDxh9bxtiIodWs/IN+8+eTZSBdQII5iw7s3DsYcaxdXLbHaKYacgeY=
=4zbg
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160726233412.GQ32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Jul 27, 2016 at 01:13:29AM +0200, Achim Patzner wrote:
> > Am 26.07.2016 um 19:42 schrieb Andrew David Wong :
> > 
> > The updated requirements for Qubes R4.x-certified hardware are
> > explained here:
> > 
> > https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
> > 
> > Although the requirements for Qubes-certified hardware are likely to
> > be more stringent than that minimum requirements
> 
> If
> 
> "Another important requirement we’re introducing today is that 
> Qubes-certified hardware should run only open-source boot firmware (aka “the 
> BIOS”), such as coreboot. The only exception is the use of a (properly 
> authenticated) CPU-vendor-provided blobs for silicon and memory 
> initialization (see Intel FSP) as well as other internal operations (see 
> Intel ME). However, we specifically require all code used for and dealing 
> with the System Management Mode (SMM) to be open-source.”
> 
> is the minimum requirement, Qubes just put itself out of the game by being 
> able to run on prehistoric hardware only (see coreboot’s list of supported 
> systems and CPUs) or being at the mercy of someone being able to provide a 
> system with appropriate firmware support by twisting some of Intel’s 
> appendages. It’s nice to demand free beer for everyone but you’ll have to 
> find someone providing it. Especially with Qubes hardware demands to be more 
> than a fancy typewriter (unlike others I found 64 GB of memory and a 
> sufficient number of CPU cores not to be wasted).

The above are requirements for Qubes-certified hardware, which are
intended for top-level security/compatibility. Not a minimum system
requirements.

But in Qubes 4.0 will will also have revised minimum requirements,
especially requirement for VT-x with EPT (or AMD equivalent). Previously
it was needed only for running HVMs (Windows in most cases). But this
shouldn't be a big issue in practice, as most high-end hardware today
have it.
More details:
https://github.com/QubesOS/qubes-issues/issues/2185

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXl/B6AAoJENuP0xzK19csJbEH/1T8r0e6Xqz+m4PWjw12Z04r
Sb/WGXdx43Sn5hfRNc61tmgmrdoA3vsWRHG9oK0cSYDWg3v6ByMk/znbTVP3XCi+
5sW+BcRXAJwXK9StMTEZc48g6hFKzmkFQpRc7tRAnAVA4ZV31moUGDYrRIng80rL
kcOJ+BUQZJ9rkxV/voe0Lb4DeRXjP8Xeyf5W0EiKdTG4Fs/3fdUu3auGtQVuZR1w
RAtaOL6Yg9frCnVO7Ud8wMiF2ZJ2nZh0pni2g6YVzP4UZ/MpTvXR7hakzyB6ormF
uw+CSKqfqmjDaU9cce/4XqDLN19qstvCGmM+lVl6qGxPSJk+ABK8qo48IUOjEX4=
=fUaM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160726232130.GO32095%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Achim Patzner]

> Am 26.07.2016 um 19:42 schrieb Andrew David Wong :
> 
> The updated requirements for Qubes R4.x-certified hardware are
> explained here:
> 
> https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
> 
> Although the requirements for Qubes-certified hardware are likely to
> be more stringent than that minimum requirements

If

"Another important requirement we’re introducing today is that Qubes-certified 
hardware should run only open-source boot firmware (aka “the BIOS”), such as 
coreboot. The only exception is the use of a (properly authenticated) 
CPU-vendor-provided blobs for silicon and memory initialization (see Intel FSP) 
as well as other internal operations (see Intel ME). However, we specifically 
require all code used for and dealing with the System Management Mode (SMM) to 
be open-source.”

is the minimum requirement, Qubes just put itself out of the game by being able 
to run on prehistoric hardware only (see coreboot’s list of supported systems 
and CPUs) or being at the mercy of someone being able to provide a system with 
appropriate firmware support by twisting some of Intel’s appendages. It’s nice 
to demand free beer for everyone but you’ll have to find someone providing it. 
Especially with Qubes hardware demands to be more than a fancy typewriter 
(unlike others I found 64 GB of memory and a sufficient number of CPU cores not 
to be wasted).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78D98A33-C9C9-4FF6-A9F4-230D5A80FA0B%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Eva Star]

Dear Qubes users,

We have just released a new Qubes Security Bulletin (QSB #24) for a critical bug
in the Xen hypervisor:

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt

Please install the updates, immediately.


Thanks. Undated successfully on Q3.2rc1

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e67a4e2-52ed-c5af-7862-6ddf74e2541e%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes Security Bulletin #24 (Critical bug)

[Joanna Rutkowska]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Qubes users,

We have just released a new Qubes Security Bulletin (QSB #24) for a critical bug
in the Xen hypervisor:

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-024-2016.txt

Please install the updates, immediately.

Regards,
joanna.

- --
The Qubes Security Team
https://qubes-os.org/doc/SecurityPage/
-BEGIN PGP SIGNATURE-

iQIcBAEBCAAGBQJXl1I2AAoJEDOT2L8N3GcYL60QAKnMZVQxzY1mv56C02EU+s+i
ZoK6vvPEWqFjiFEBN7ojH6Xg8VDa73YMJhn7RAzqVbzdNauLTufjpXBuHtrQJ8oN
CtWCo9CIvRS8bNhl6IcKWh3/NORXRIRuBxceCVoMOvd8jHBZGQqbJYxeh6UzxFx+
0Cn6CAtofWBTnM6oV4/WXEMAVE/P3IW4zlui/kOHOwe/fpEt033b74ncq9DENkCU
CiaN/3p5Rgxa6nnIMQkQhSmP7HUJCzQXPLZ9DR1EcGHue3I8kZbikFcmDsLf5E9b
rSjRh0yhqUyQdNUIVaVQmIAaaCnkmuDKEw5RbiNmoFbyy73t5ktTNmfOSCN05hc3
xLeoNU6ZCTcWqmgkwCuCa8LdizDgd3FQnfCxj7injXRel6UKVROBhw8o16RG4oZm
G7k++g0K3hKyeF2YnZt4BQJbnuWW/JZ54fzP8m6YvfBBICj6ncKBBEV8XENCcCVL
tUOIZYieY9hUFowK6Gsb6Y9SFC2EJtNC9PY/xPc660txQHakQTgpZtN2uC4al6MV
pZonsQdG9O3csuHMOTIwKrRrmqt4LvCPz2EIYYHBlsAQU362/fR/4uE9MH87neRO
zWoSYBTBsZAq1JW9dNd+2YWABcWqijHbkcIxaQn/gFet9VSFBTqdeAmfJ3a7C08H
3wd6HMsUTKclNoSLYzF6
=bDeB
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160726120614.GE1993%40work-mutt.
For more options, visit https://groups.google.com/d/optout.